[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.728310] kauditd_printk_skb: 8 callbacks suppressed [ 29.728321] audit: type=1800 audit(1544407040.431:29): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.755527] audit: type=1800 audit(1544407040.431:30): pid=5924 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.66' (ECDSA) to the list of known hosts. 2018/12/10 01:57:31 fuzzer started 2018/12/10 01:57:33 dialing manager at 10.128.0.26:43039 2018/12/10 01:57:33 syscalls: 1 2018/12/10 01:57:33 code coverage: enabled 2018/12/10 01:57:33 comparison tracing: enabled 2018/12/10 01:57:33 setuid sandbox: enabled 2018/12/10 01:57:33 namespace sandbox: enabled 2018/12/10 01:57:33 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/10 01:57:33 fault injection: enabled 2018/12/10 01:57:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/10 01:57:33 net packet injection: enabled 2018/12/10 01:57:33 net device setup: enabled 01:58:50 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="020a02000700000028bd70170080000005001a0000000000000000000000eaffac1414aa0000100040000000113c04a23743f008499547b5"], 0x38}}, 0x0) syzkaller login: [ 119.902889] IPVS: ftp: loaded support on port[0] = 21 01:58:50 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000600)={&(0x7f0000000000)=@in={0x2, 0x0, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000040)="e9", 0x1}], 0x1}, 0x0) [ 120.196327] IPVS: ftp: loaded support on port[0] = 21 01:58:51 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011fd4)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0xe) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000000), 0x0, 0x2}, 0x20) [ 120.534038] IPVS: ftp: loaded support on port[0] = 21 01:58:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4) sendto(r0, &(0x7f0000000340)="7589f0da892457ee3604b3303d1176a13baaebcab9eba210a07246127b486e98e3029104796460b1dfef95b0368b0b19c338b1306db81cea8edfc66a6212607f01496a9963ef1a83caee01bd72e85c40dd287a0755ca6b801959badb1253ae3a85a47b0ec39b760f063d4756614fc1d3e68b9f4f32be2652ce67d2e776b433331ad58b9d70c0f258e00b9d56ff7ecb14e6050c70da00c5006b8cffd8f169f2861e2df3efe13056d1babf3dde7a2a1a5cc8cb207e10f61e215d2935a43c0db2cef01e23933caac8c3ea44870dd6b4e7e87ec42d4a8cfe2940ddd6a1b68a8b114bf5fc57a24b948eed855edf063898f64a0ce82678a3be37f9d56de9535406c2810de8f314a51ae300d351825ded003652d5ab0b30f7ced329324632f710076a9f79c3221e90ec03803b6ecd5595646214e391a3cfd74ca98d098d3fac9fccd6b0905b03f3c6a50eeef0e61cd07ad75b39267a304fb12bdde7b4d06e64a42aee0504ae42f36f13d5e3002975f648e632ec25aa10429d84a078914a28c47ae0b143f43b100790646f1f7bb25191ab9d0b210e18f5610749521e385a7dc15b6b946baa49a0b35b4c56947b57279e5b5e3d04baab408442f3ba124cc70dadeb8a564eb796fb7975859f50a8a41ebc9baf1ab48855b54d47884126e66d890d714fd57c5dec487bfb5d94c839d9bbe57e70dead6a26d44af14b53a620424cb3404a7e3961c7ff568f6345f6cc3a5c49be7e76a33e652acf88b3bbbe6f83bc49621654627eedc41393250fdc3f997f6aa3f4f8ba8184c8fc5fe9bd37ca8081077b72e93af80af9bf4a47f943df12bc25ca1f25fb5bc39fbe685aed03e20269fa1ceda0d1c31754b974081a14ec6801ab751acc29aff079fcde12237555463bf13eb77e16eeb6ae8aa7fe36806826fb5e4f86fa757ba66c7dc0ac4ffdfe411db3a40b1d0d6a79b1585122cc1d0c3a18f0aab8ac72942451f67ec6cc6fed353239f10a99c2a836b90320b803c04f931e6ffdad5d3dda56e62d379cd76eb87b8c9470cee2348913f2260e3ae0213183c4898c3d64bb826a5d227cc05e005538b1ac4e70f6fdda5e16b67a471c0d655e21c7dd5aa647058146104cad84a32002de9857704c66c162f866795076a503f69192fd49ffd327ac385012bc66edb2e14f0af6b53feeb6d8271391edd74396a986baa072bdf5221e829c7d8241cfb1c866112c8ca033e34fd845d84c5bc054646057fa523f757dcf484c8747314c5a1f5f11b3e0ba45edd10e09e9e2925fe4229bd155a1cc62a8928686d6518b3f0da7d39a2b26368bd07f9a3222ce9b3fe41b12988b004543879ac863842e0a81ee7b9ebc1a98bdb020d617c00953a9cd98632b7b2024f6be6cb8795688c131950a77579850aef05278eb5e7692a6bb52200a0d37327ceff14d7f75fa6f6058197caf451ff520a80e05231db86fd254da587cd70d0b8c74b1a8", 0x411, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000880)="c5a6d2d4e04475cabfb02baa601242bc843ae72fcaaf337225312ed0cbaeb0a811c04effb3415eb6a5433ca3ceacfc7f88d1462dc3eb2fa33f7b225d0a6bf4a770b1a848267f4b97c46f647b944189d8227da264fd3e1636990ba0df88383e59df722092bf4c2805714b09731b5122a71c5d152c827665beec6026f6712c68921fb4843cb6a7c401eb58dda43ac02f5ca6aa16710f81d924880ec6804332b08299078a9779377c55b3d6636e572892359418ca7cbc779fb6d11face495328832587461bf69c78596b9b0a35a209baf089c3f1220cfb361422095af96f524addd3d57b04217d8142751e0eb6c73f63d1800f218017d4dd2190948e2cb46cb6c56dd244460f0de9c3616bcc07182b1011069fe648a59ea270a2995f5a471398aafd4c7b3c985fc6fd839c285c6dcbe83aa6fc4e1fbb9e835055bf519b3aace303d18b3097792d0ec0c036e1d22b1624c99d07a2f8f60eb898ae8ca7d97a5bc7eb97a4e9afdc11305b2d4cd654a5d9149dfe876ef0e2052268ebc639b17a108b62be943516473ec0cad2355b52c2524579faa5d5a6f1a839652b089013ff8ac9cf6fce71a2be0bad06cf091ea91c983adf27cdbf081f2c0ec95f92c70125fbd3e8222fabbf58dfbcf2102fa9228eb72b8c24b63e605d7dbd20a663917604bb13e492d7837d2e1e29a3f78554a631d7eea48ae26e43fe3d79d0b", 0x1f8, 0x0, 0x0, 0x0) [ 120.989147] IPVS: ftp: loaded support on port[0] = 21 01:58:52 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa, 0x5e, 0x3ff, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000000), 0x0, 0x2}, 0x20) [ 121.526596] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.542464] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.564679] device bridge_slave_0 entered promiscuous mode [ 121.636130] IPVS: ftp: loaded support on port[0] = 21 [ 121.737629] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.753548] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.760932] device bridge_slave_1 entered promiscuous mode [ 121.908811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 01:58:52 executing program 5: syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x8, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x5c}, @dev}}}}}}, 0x0) [ 121.997667] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.013800] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.049101] device bridge_slave_0 entered promiscuous mode [ 122.060012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.150835] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.174131] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.181622] device bridge_slave_1 entered promiscuous mode [ 122.205862] IPVS: ftp: loaded support on port[0] = 21 [ 122.372435] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 122.464002] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 122.498653] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 122.604299] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 122.873452] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 122.927019] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.953998] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.962276] device bridge_slave_0 entered promiscuous mode [ 122.997218] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 123.100814] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.122640] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.136041] device bridge_slave_1 entered promiscuous mode [ 123.189805] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 123.198339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 123.253879] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 123.314198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 123.328203] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 123.336440] team0: Port device team_slave_0 added [ 123.349996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 123.407010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 123.435818] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.442359] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.463473] device bridge_slave_0 entered promiscuous mode [ 123.507369] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 123.517227] team0: Port device team_slave_1 added [ 123.597626] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.613459] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.620900] device bridge_slave_1 entered promiscuous mode [ 123.705045] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 123.752338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 123.821926] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 123.837052] team0: Port device team_slave_0 added [ 123.846474] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 123.925211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 123.938985] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 123.957279] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 123.973474] team0: Port device team_slave_1 added [ 124.048975] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 124.085008] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 124.100981] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.130968] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.146553] device bridge_slave_0 entered promiscuous mode [ 124.158879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 124.176701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 124.194071] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 124.203776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 124.245174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 124.271798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 124.293736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 124.307439] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.314110] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.321553] device bridge_slave_1 entered promiscuous mode [ 124.329282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 124.339715] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 124.368018] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 124.400427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 124.412339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 124.433730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 124.450877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 124.460815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 124.471530] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 124.493950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 124.502824] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 124.531207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 124.541384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 124.576973] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.590963] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.606998] device bridge_slave_0 entered promiscuous mode [ 124.623291] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 124.671563] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 124.684663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 124.692845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 124.742440] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 124.774992] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.781422] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.814632] device bridge_slave_1 entered promiscuous mode [ 124.824848] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 124.832322] team0: Port device team_slave_0 added [ 124.953732] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 124.984298] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 124.991807] team0: Port device team_slave_1 added [ 125.038718] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 125.188848] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 125.210975] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 125.245761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 125.263929] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 125.301428] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 125.336322] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 125.353748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 125.364041] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 125.463620] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 125.476219] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 125.485964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 125.500996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 125.544104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 125.565002] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 125.574087] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 125.581519] team0: Port device team_slave_0 added [ 125.596601] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 125.625704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 125.654003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 125.682414] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 125.698662] team0: Port device team_slave_1 added [ 125.748135] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 125.826065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 125.906832] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.913449] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.920615] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.927084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.946521] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 125.972213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 126.009042] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.026613] team0: Port device team_slave_0 added [ 126.052156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 126.075967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.107831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.123888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 126.167387] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.189072] team0: Port device team_slave_1 added [ 126.239413] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.256632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.283769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 126.372556] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.379040] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.385812] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.392218] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.401617] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 126.411908] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 126.425010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 126.442098] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 126.514034] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.534422] team0: Port device team_slave_0 added [ 126.573651] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 126.588553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 126.598847] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 126.683378] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.690613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 126.699428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 126.722925] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.730994] team0: Port device team_slave_1 added [ 126.803756] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.811468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 126.839648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 126.933670] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 127.034918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 127.052662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 127.146383] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 127.163651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 127.179809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 127.215478] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.221899] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.228695] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.235111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.279362] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.316111] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 127.334331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 127.357613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 127.767414] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.773895] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.780591] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.787079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.805254] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 128.118409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.140590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.368500] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.374955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.381647] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.388129] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.418665] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 128.814006] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.820436] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.827212] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.833668] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.859918] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 129.154691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 129.164069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 131.531645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.008658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.031014] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 132.525147] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 132.531328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 132.543669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 132.559609] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 132.597947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.077540] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 133.095139] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.154316] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 133.160477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 133.174265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.207243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.610941] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 133.619887] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.644686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 133.660030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.797536] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 133.833322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.843791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.110065] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.246441] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 134.262463] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 134.324022] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 134.330194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 134.345605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 134.730354] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 134.736739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 134.746378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 134.760663] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 134.785496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 134.792678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 134.852652] 8021q: adding VLAN 0 to HW filter on device team0 [ 135.142643] 8021q: adding VLAN 0 to HW filter on device team0 [ 135.256235] 8021q: adding VLAN 0 to HW filter on device team0 01:59:06 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) ppoll(&(0x7f0000000200)=[{r0, 0x8109}, {r1, 0x200}], 0x2, &(0x7f0000000240)={0x77359400}, &(0x7f0000000280)={0x9}, 0x8) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="f0"], 0x1}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) ppoll(&(0x7f0000000080), 0x20000000000000e9, &(0x7f0000000040)={0x0, 0x989680}, &(0x7f0000000040), 0x8) 01:59:07 executing program 0: syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @multicast2=0xe0000001}, @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, &(0x7f0000000240)) r0 = socket$inet6(0xa, 0x1, 0x20) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)={@rand_addr, @broadcast, 0x0}, &(0x7f0000000040)=0xc) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={@mcast2, 0x35, r1}) socketpair(0x17, 0x4, 0x9, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000000140)={'filter\x00'}, &(0x7f0000000300)=0x78) r3 = accept$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @remote}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000280)=@assoc_value, &(0x7f00000002c0)=0x23b) 01:59:07 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f61fe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000080)=@dstopts={0x0, 0x5, [], [@jumbo={0xc2, 0x4, 0x2}, @jumbo={0xc2, 0x4, 0x8}, @ra={0x5, 0x2, 0x6}, @pad1, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x10, {0x1a7d48ce, 0x2, 0x0, 0x99, [0x8000]}}, @enc_lim={0x4, 0x1, 0x4}]}, 0x38) recvfrom$inet6(r0, &(0x7f0000000000)=""/22, 0x16, 0x40002120, &(0x7f0000000040)={0xa, 0x4e20, 0x5ea, @remote, 0xddd}, 0x1c) socket$inet6(0xa, 0x0, 0x86) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x104e20, 0x0, @ipv4}, 0x1c) 01:59:07 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="000000001d00fd01000800f800000000000000000000000000000000", @ANYRES32=0x0], 0x20}}, 0x0) recvmmsg(r0, &(0x7f0000006500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x0, 0x1d}, 0x8) r1 = socket$inet_sctp(0x2, 0x0, 0x84) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f00000001c0)={0x0, 0x89, "7440d4e0f5a53a724a51837f495b93fb8e4ea08dbf403843c1a8a9b05878e69af02dc6b13e83944125e14a03db252a39619893779768e6c7aa07315d20e9c9c18982b6e8be127e1c805486d6ef70ecbb4fe85f20290d86d9d3d5fcea290d86742aeb7b7f79da97193740af46011e6f6345aeddee01d43c7a4bc8983922eafc696ae459dbbe9d2af1e5"}, &(0x7f0000000280)=0x91) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000002c0)={r2, @in={{0x2, 0x4e24, @remote}}}, 0x84) 01:59:07 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = accept(r0, &(0x7f0000000080)=@nfc_llcp, &(0x7f0000000100)=0x80) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000140)={0x0, 0x2e8e, 0x4, [0x5, 0x3, 0x4, 0xffff]}, &(0x7f0000000180)=0x10) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000200)={r2, 0xffffffffffffffe1}, 0x8) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @broadcast, [{[], {0x8100, 0x0, 0x1, 0xfffffffffffffffd}}], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2c, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:59:07 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)) write$cgroup_int(r0, &(0x7f0000000080), 0x2001007f) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000540)={{{@in=@multicast1, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in6=@mcast2}}, &(0x7f0000000000)=0x8) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x1) ioctl$void(0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000680)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000200)=ANY=[]) bpf$MAP_CREATE(0x0, &(0x7f0000002e40)={0x12, 0x0, 0x4, 0x6e, 0x0, 0x1}, 0x2c) 01:59:07 executing program 2: r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000007180)={{&(0x7f0000007040)=""/249, 0xf9}, &(0x7f0000007140), 0x32}, 0x20) r1 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e22, @remote}, 0x10) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f00000001c0)=0x20, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) vmsplice(r0, &(0x7f0000000240), 0x0, 0x40000002) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r3, 0x20000000008912, &(0x7f0000000000)="0a5c2d0240316285717070") r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000040)={0x2, 0x4e22, @multicast2}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000d80)={r4}) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000140)) ioctl$sock_netdev_private(0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000180), 0x93) sendto$inet(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000001600)={0x6, {0x2, 0x4e21, @local}, {0x2, 0x4e24, @rand_addr=0xbddf}, {0x2, 0x4e22, @broadcast}}) connect$inet(r2, &(0x7f0000000cc0)={0x2, 0x4e20, @local}, 0x10) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) sendmmsg$nfc_llcp(r5, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000010c0)=0x19ff, 0x4) socket$inet(0x2, 0x0, 0x0) sendto$inet(r2, &(0x7f00000000c0)="b0", 0x1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000003b40)=[{{&(0x7f0000003280)=@sco, 0x80, &(0x7f0000003580), 0x0, &(0x7f00000035c0)=""/213, 0xd5}}, {{&(0x7f00000036c0)=@nl=@proc, 0x80, &(0x7f0000003ac0)=[{&(0x7f0000003740)=""/208, 0x66}, {&(0x7f0000003840)=""/125, 0x7d}, {&(0x7f00000038c0)=""/211, 0xd3}, {&(0x7f00000039c0)=""/209, 0xd1}], 0x4, &(0x7f0000003b00)=""/23, 0x17, 0x2}, 0x1ff}], 0x2, 0x2000, 0x0) [ 137.308103] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 01:59:08 executing program 2: socket$nl_generic(0xa, 0x3, 0x10) 01:59:08 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="295ed277a4200100360070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000180)="b7859cb8eec705f2288a933d6e593ae164c990a016726640c522b60bdfedb810", 0x20) r2 = accept$alg(r1, 0x0, 0x0) read(r2, &(0x7f0000000bc0)=""/93, 0x5d) recvmsg(r2, &(0x7f0000d43000)={&(0x7f00000002c0)=@hci, 0xfffffffffffffdc9, &(0x7f0000ae0fc0)=[{&(0x7f0000b9ff8b)=""/117, 0x6}], 0x1, &(0x7f0000837f57)=""/169, 0xa9}, 0x0) 01:59:08 executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0x4) connect$inet6(r0, &(0x7f0000003040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) bind$inet(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0xff00, 0x0, 0x0, 0x0) 01:59:08 executing program 4: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") r1 = socket$inet6(0xa, 0x80b, 0x807) socket$bt_bnep(0x1f, 0x3, 0x4) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000004ff0)={0x2, &(0x7f0000002fe8)=[{0x28, 0x0, 0x0, 0xfffff01c}, {0x6, 0x3}]}, 0x10) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000000)=0x7, 0x4) 01:59:08 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)) write$cgroup_int(r0, &(0x7f0000000080), 0x2001007f) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000540)={{{@in=@multicast1, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in6=@mcast2}}, &(0x7f0000000000)=0x8) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x1) ioctl$void(0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000680)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000200)=ANY=[]) bpf$MAP_CREATE(0x0, &(0x7f0000002e40)={0x12, 0x0, 0x4, 0x6e, 0x0, 0x1}, 0x2c) 01:59:08 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0xe, 0x0, &(0x7f0000000000)=0xfec5) r1 = socket(0x3, 0x803, 0xffffffffffff8000) recvmsg$kcm(0xffffffffffffff9c, &(0x7f00000027c0)={&(0x7f0000000300)=@can={0x1d, 0x0}, 0x80, &(0x7f0000001740)=[{&(0x7f0000000380)=""/228, 0xe4}, {&(0x7f0000000480)=""/174, 0xae}, {&(0x7f0000000540)=""/50, 0x32}, {&(0x7f0000000580)=""/160, 0xa0}, {&(0x7f0000000640)=""/41, 0x29}, {&(0x7f0000000680)=""/129, 0x81}, {&(0x7f0000000740)=""/4096, 0x1000}], 0x7, &(0x7f00000017c0)=""/4096, 0x1000}, 0x10000) sendmsg$xdp(r1, &(0x7f0000002880)={&(0x7f0000002800)={0x2c, 0x1, r2, 0x29}, 0x10, &(0x7f0000002840), 0x0, 0x0, 0x0, 0x8050}, 0x80) 01:59:08 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x12, 0x4, 0x4, 0x9}, 0x12d) r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xe, 0x3, &(0x7f0000c91000)=ANY=[@ANYBLOB="850000002f00000027000000000022009500000000000000"], &(0x7f0000000000)="f4206cd55d3174fccd51d063ca3dda5cbf5a01cc7ea92c43b604ffc53727d2d60f55ddeb757cf36a8457125ab48bcbcce4011a423df186cc8d8e6e9a66b1a0a6035a2fc0578cf5aad8b3a24a9c646a37eb26c6212ffc9658f152194b880765d169d550beb059984a10c2", 0x1, 0x99, &(0x7f000000d000)=""/153}, 0x48) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={r0, r1, 0x4}, 0x10) r2 = accept4(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpin6, &(0x7f0000000080)=0x80, 0x80800) getsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f0000000180)={@ipv4={[], [], @broadcast}}, &(0x7f00000001c0)=0x14) 01:59:08 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0x2) syz_emit_ethernet(0xfe, &(0x7f0000000280)={@random="ade3345025fb", @remote, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x11, 0x0, @empty, @mcast2, {[], @icmpv6=@dest_unreach={0x1, 0x0, 0x0, 0x0, [], {0x0, 0x6, "c5771e", 0x0, 0x0, 0x0, @mcast1, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f]}}}}}}}}, 0x0) r1 = socket(0x9, 0xb, 0x3ff) getsockopt$inet_udp_int(r1, 0x11, 0x67, &(0x7f00000000c0), &(0x7f0000000100)=0x4) getsockopt$inet_udp_int(r1, 0x11, 0x67, &(0x7f0000000000), &(0x7f0000000040)=0x4) 01:59:08 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)) write$cgroup_int(r0, &(0x7f0000000080), 0x2001007f) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000540)={{{@in=@multicast1, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in6=@mcast2}}, &(0x7f0000000000)=0x8) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x1) ioctl$void(0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000680)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000200)=ANY=[]) bpf$MAP_CREATE(0x0, &(0x7f0000002e40)={0x12, 0x0, 0x4, 0x6e, 0x0, 0x1}, 0x2c) 01:59:09 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) pwrite64(r0, &(0x7f0000000080)="86", 0x1, 0x3fffff) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0xed5e0000, 0x0, 0x0, 0x20000fff}) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f623448") ioctl(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x100000002072, 0xffffffffffffffff, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000100)={0xad, {{0x2, 0x4e21}}}, 0x88) socket$alg(0x26, 0x5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="d1000000990671499acaf04551d92fe700bdfcf7b7c744000007003068da4174fbe113b6daa9c36f68fec3cfaa44666cde0a4385cdae72a4f80b8c49aad82526d62df448a542e71c000084cf2321b2d315d28101705f4c20cb00002052c722c35409462e5e4d55ab9e10"], 0x6a) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000280), 0xfffffe8f) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x300000a, 0x8013, r1, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000}) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/21, 0x3c000, 0x800}, 0x18) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) 01:59:09 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000001200)=ANY=[@ANYBLOB='-3'], 0x2) r2 = accept4$tipc(0xffffffffffffff9c, &(0x7f0000000040)=@name, &(0x7f0000000080)=0x10, 0x80800) sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x2, {0x0, 0x2, 0x4}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000100)="65924e7da02360", 0x7}, {&(0x7f0000000140)="74e902116340846925f51c1d987c83733d25635251af240bba101c", 0x1b}, {&(0x7f00000001c0)="8c275ac360bcdc4834611b4ee2801eb0", 0x10}, {&(0x7f0000000200)="e05b0cf2f08b2cb87da036646393a6c0dd1c57be796eea7ce66cf63a93b4a222d6bf7399e0f4f869fc3d0f8ba1e336bd31a5c97cade583905b9e71a77e64f41b4de09b37bdc07c853222027928113d463452811157b5fd341ba730cd9abf2d9845689c79a7aca4a2f4dc13246fd33aafdc4512877b8156990af90f149cca038ce64d7706bc775bdef14d6dc9e865c7c60f84715ff29f7b00c7c321f3e7fbaa64a1593b9409e2c073795fc1943702c0", 0xaf}, {&(0x7f00000002c0)="a46574aa288302446d4264b3d87dfe3a2698d4eaac5252b66459dae2e9acb886b361862d47dc5158c64d99903baeec806af82beb8c9b821505e65a06062a26e376d16d30799190ff8d49636074867aed6e42b61b0a5d0677ef0792dba9442f5936a30b28cbdcfe7ebea6c8a94183afdff09438c43782b50957f3a3fe99fbfe945c9e8ac6544bb0ecf3ee33b27f4ef90467277e7e64cf57d66c64df3f74bec013b351f34b7a86c855dc9d2c2e428fc9f90b08faa2b1ed1cd1a34e6c3e8517ca1ac14b65392d3f726e616cb022e1c7ff669522acd2ab947c9f78bc860354c238a39493bdc69c4531de7b2574e6bf9ceb", 0xef}, {&(0x7f00000003c0)="129248f9f83a34845aeff5f62204a8b52dd649375ccad78d0a6f391faa256579fdaafca6d7d9acb68302bd02e89506a029e140d80d0e014edc03ad98c0ab33033e51a995bf2ddfad9174663e5e8d49c68631bd29385fc39366c99d002851e5d6a76db274a43f69b2d240d0ef6dd97e97465fbd684a79b7e1c3", 0x79}], 0x6, &(0x7f00000004c0)="fc9f3e099e76497d22deee48e31e2b86c1433119a2e92c9fd2a2d476173bbe5e50e60bc3968064670d94037a5b0c42afb5e1af5ce099b2b1d7f41d23a8ef551acc05a3dc2004f726feb94030d2ef20ac21b78577e51f9859120c37030e615bd63eb3a13f5da22a7c82f9034fe6e0136dc8e2430730", 0x75, 0x40040}, 0x40000) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x5, 0x8, &(0x7f0000000580)=@raw=[@map={0x18, 0x7}, @call={0x85, 0x0, 0x0, 0x54}, @exit, @exit, @call={0x85, 0x0, 0x0, 0x16}, @map={0x18, 0x9, 0x1, 0x0, 0xffffffffffffff9c}], &(0x7f00000005c0)='syzkaller\x00', 0x2, 0xd8, &(0x7f0000000600)=""/216, 0x41f00, 0x1, [], 0x0, 0xd}, 0x48) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000780)={r0, r3, 0x4, 0x1}, 0x10) 01:59:09 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6(0xa, 0x803, 0x3) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x81}, {0x6}]}, 0x10) shutdown(r0, 0x0) 01:59:09 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b00)={0x9, 0x1d, 0x6, 0xc, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f00000000c0)='+', 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f00000002c0), 0x0}, 0x18) close(r0) pipe(&(0x7f0000000240)) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r0, &(0x7f0000000200), 0x0}, 0x20) 01:59:09 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000012c31aa8b556307b0000160900000000000000000000000081ce65aabdcf2994715300000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010800001100000009000000000000000000106cf4aa4ac99e8d000000006c6f000000000000000000000000000100000000000000000000000010000000467dac2e895fc5d400000000a85f001a4b0000000000000005000000aaaaaaaaaa000000000000eeffff6f00000070000000a0000000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000"]}, 0x1b2) r1 = socket$inet6(0xa, 0x100000002, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0xd}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 01:59:09 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x80) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) write(r1, &(0x7f0000000380), 0xfffffffe) recvfrom$inet6(r1, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x100, &(0x7f0000001880), 0x1c) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f0000000040)={'icmp\x00'}, &(0x7f0000000080)=0x1e) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000140)={"6c6f0000002400000000000008000011", 0xff}) r3 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 01:59:09 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010005fba00000000000000000000000099df91cf07d5590befb12f740ca0b2777a5bf29ce884f0cd3afd80156c97beb9a8bba38a456e5c9ce46f5ee949f3bbb3504aab9e10cb0cc38bb4b5910207cd29d0673c30", @ANYRES64=r0, @ANYBLOB="0000000000f0ffff08001b0000000000"], 0x3}}, 0x0) [ 138.567590] kernel msg: ebtables bug: please report to author: Wrong len argument [ 138.612658] kernel msg: ebtables bug: please report to author: Wrong len argument [ 139.214880] ================================================================== [ 139.222496] BUG: KASAN: use-after-free in __list_add_valid+0x8f/0xac [ 139.228996] Read of size 8 at addr ffff8881b8e83930 by task kworker/1:1/22 [ 139.236021] [ 139.237660] CPU: 1 PID: 22 Comm: kworker/1:1 Not tainted 4.20.0-rc4+ #335 [ 139.244629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 139.254005] Workqueue: ipv6_addrconf addrconf_dad_work [ 139.259282] Call Trace: [ 139.261886] dump_stack+0x244/0x39d [ 139.265523] ? dump_stack_print_info.cold.1+0x20/0x20 [ 139.270714] ? printk+0xa7/0xcf [ 139.273998] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 139.278762] print_address_description.cold.7+0x9/0x1ff [ 139.284132] kasan_report.cold.8+0x242/0x309 [ 139.288547] ? __list_add_valid+0x8f/0xac [ 139.292734] __asan_report_load8_noabort+0x14/0x20 [ 139.297671] __list_add_valid+0x8f/0xac [ 139.301662] ___neigh_create+0x14b7/0x2600 [ 139.306383] ? print_usage_bug+0xc0/0xc0 [ 139.310466] ? neigh_remove_one+0x5a0/0x5a0 [ 139.314797] ? __lock_acquire+0x62f/0x4c20 [ 139.319028] ? ipv6_skip_exthdr+0x416/0x760 [ 139.323353] ? __local_bh_enable_ip+0x160/0x260 [ 139.328062] ? __local_bh_enable_ip+0x160/0x260 [ 139.332733] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 139.337328] ? mark_held_locks+0x130/0x130 [ 139.341562] ? __local_bh_enable_ip+0x160/0x260 [ 139.346237] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 139.350830] ? trace_hardirqs_on+0xbd/0x310 [ 139.355171] ? ip6t_do_table+0xd9e/0x1d30 [ 139.359328] ? trace_hardirqs_off_caller+0x310/0x310 [ 139.364451] ? __local_bh_enable_ip+0x160/0x260 [ 139.369137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 139.374681] ? check_preemption_disabled+0x48/0x280 [ 139.379734] ? ip6t_do_table+0xd6a/0x1d30 [ 139.383888] ? ip6t_do_table+0xd6a/0x1d30 [ 139.388049] ? lock_acquire+0x1ed/0x520 [ 139.392060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 139.397598] ? check_preemption_disabled+0x48/0x280 [ 139.402635] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 139.408171] ? rcu_pm_notify+0xc0/0xc0 [ 139.412094] __neigh_create+0x30/0x40 [ 139.415966] ip6_finish_output2+0xa59/0x27a0 [ 139.420432] ? ip6_forward_finish+0x560/0x560 [ 139.424943] ? ip6_mtu+0x39c/0x520 [ 139.428504] ? lock_downgrade+0x900/0x900 [ 139.432679] ? check_preemption_disabled+0x48/0x280 [ 139.437696] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 139.442633] ? kasan_check_read+0x11/0x20 [ 139.446782] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 139.452055] ? rcu_softirq_qs+0x20/0x20 [ 139.456052] ? ip6_mtu+0x160/0x520 [ 139.459592] ? find_match+0x10a0/0x10a0 [ 139.463569] ? kasan_check_read+0x11/0x20 [ 139.467735] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 139.473029] ? nf_nat_ipv6_out+0x212/0x550 [ 139.477267] ip6_finish_output+0x58c/0xc60 [ 139.481500] ? ip6_finish_output+0x58c/0xc60 [ 139.485914] ip6_output+0x232/0x9d0 [ 139.489540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 139.495079] ? ip6_finish_output+0xc60/0xc60 [ 139.499485] ? ip6_fragment+0x38b0/0x38b0 [ 139.503634] ? __lock_is_held+0xb5/0x140 [ 139.507712] ndisc_send_skb+0x1005/0x1560 [ 139.511905] ? nf_hook.constprop.33+0x860/0x860 [ 139.516583] ? print_usage_bug+0xc0/0xc0 [ 139.520660] ? mark_held_locks+0xc7/0x130 [ 139.524863] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 139.529900] ndisc_send_ns+0x3c6/0x8e0 [ 139.533796] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 139.538387] ? ndisc_netdev_event+0x5b0/0x5b0 [ 139.542935] ? trace_hardirqs_off_caller+0x310/0x310 [ 139.548057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 139.553638] ? check_preemption_disabled+0x48/0x280 [ 139.558665] ? addrconf_dad_work+0xab8/0x1310 [ 139.563167] ? addrconf_dad_work+0xab8/0x1310 [ 139.567673] addrconf_dad_work+0xbf2/0x1310 [ 139.572005] ? addrconf_ifdown+0x1650/0x1650 [ 139.576423] ? __lock_is_held+0xb5/0x140 [ 139.580499] process_one_work+0xc90/0x1c40 [ 139.584743] ? mark_held_locks+0x130/0x130 [ 139.589003] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 139.593688] ? __switch_to_asm+0x40/0x70 [ 139.597747] ? __switch_to_asm+0x40/0x70 [ 139.601807] ? __switch_to_asm+0x34/0x70 [ 139.605909] ? __switch_to_asm+0x40/0x70 [ 139.610412] ? __switch_to_asm+0x34/0x70 [ 139.614474] ? __switch_to_asm+0x40/0x70 [ 139.618551] ? __switch_to_asm+0x34/0x70 [ 139.623131] ? __switch_to_asm+0x40/0x70 [ 139.627206] ? __schedule+0x8d7/0x21d0 [ 139.631093] ? retint_kernel+0x2d/0x2d [ 139.634996] ? lock_downgrade+0x900/0x900 [ 139.639154] ? zap_class+0x640/0x640 [ 139.642884] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 139.647660] ? retint_kernel+0x2d/0x2d [ 139.651576] ? lock_acquire+0x1ed/0x520 [ 139.655555] ? worker_thread+0x3e0/0x1390 [ 139.659714] ? kasan_check_read+0x11/0x20 [ 139.663875] ? do_raw_spin_lock+0x14f/0x350 [ 139.668201] ? kasan_check_read+0x11/0x20 [ 139.672354] ? rwlock_bug.part.2+0x90/0x90 [ 139.676596] ? trace_hardirqs_on+0x310/0x310 [ 139.681031] worker_thread+0x17f/0x1390 [ 139.685019] ? __switch_to_asm+0x34/0x70 [ 139.689102] ? process_one_work+0x1c40/0x1c40 [ 139.693622] ? zap_class+0x640/0x640 [ 139.697346] ? find_held_lock+0x36/0x1c0 [ 139.701433] ? __kthread_parkme+0xce/0x1a0 [ 139.705680] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 139.710789] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 139.715916] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 139.720503] ? trace_hardirqs_on+0xbd/0x310 [ 139.724840] ? kasan_check_read+0x11/0x20 [ 139.729000] ? __kthread_parkme+0xce/0x1a0 [ 139.733250] ? trace_hardirqs_off_caller+0x310/0x310 [ 139.738357] ? trace_hardirqs_off_caller+0x310/0x310 [ 139.743484] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 139.748651] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 139.754210] ? __kthread_parkme+0xfb/0x1a0 [ 139.758449] ? process_one_work+0x1c40/0x1c40 [ 139.762948] kthread+0x35a/0x440 [ 139.766321] ? kthread_stop+0x900/0x900 [ 139.770304] ret_from_fork+0x3a/0x50 [ 139.774024] [ 139.775646] Allocated by task 7735: [ 139.779277] save_stack+0x43/0xd0 [ 139.782732] kasan_kmalloc+0xc7/0xe0 [ 139.786444] __kmalloc+0x15b/0x760 [ 139.789987] ___neigh_create+0x13fc/0x2600 [ 139.794239] __neigh_create+0x30/0x40 [ 139.798039] ip6_finish_output2+0xa59/0x27a0 [ 139.802448] ip6_finish_output+0x58c/0xc60 [ 139.806683] ip6_output+0x232/0x9d0 [ 139.810305] ip6_xmit+0xf69/0x23e0 [ 139.813849] inet6_csk_xmit+0x378/0x630 [ 139.817890] __tcp_transmit_skb+0x1bb7/0x3bb0 [ 139.822387] __tcp_retransmit_skb+0x7b6/0x2db0 [ 139.826975] tcp_retransmit_skb+0x2e/0x240 [ 139.831214] tcp_retransmit_timer+0xc6e/0x3340 [ 139.835799] tcp_write_timer_handler+0x2e6/0x950 [ 139.840571] tcp_write_timer+0x111/0x1d0 [ 139.844645] call_timer_fn+0x272/0x920 [ 139.848531] __run_timers+0x7e5/0xc70 [ 139.852328] run_timer_softirq+0x52/0xb0 [ 139.856403] __do_softirq+0x308/0xb7e [ 139.860193] [ 139.861817] Freed by task 7731: [ 139.865105] save_stack+0x43/0xd0 [ 139.868557] __kasan_slab_free+0x102/0x150 [ 139.872796] kasan_slab_free+0xe/0x10 [ 139.876597] kfree+0xcf/0x230 [ 139.879708] rcu_process_callbacks+0x1140/0x1ac0 [ 139.884465] __do_softirq+0x308/0xb7e [ 139.888258] [ 139.889892] The buggy address belongs to the object at ffff8881b8e836c0 [ 139.889892] which belongs to the cache kmalloc-1k of size 1024 [ 139.902564] The buggy address is located 624 bytes inside of [ 139.902564] 1024-byte region [ffff8881b8e836c0, ffff8881b8e83ac0) [ 139.914567] The buggy address belongs to the page: [ 139.919541] page:ffffea0006e3a080 count:1 mapcount:0 mapping:ffff8881da800ac0 index:0xffff8881b8e82940 compound_mapcount: 0 [ 139.930826] flags: 0x2fffc0000010200(slab|head) [ 139.935527] raw: 02fffc0000010200 ffffea00072aec88 ffff8881da801838 ffff8881da800ac0 [ 139.943451] raw: ffff8881b8e82940 ffff8881b8e82040 0000000100000006 0000000000000000 [ 139.951321] page dumped because: kasan: bad access detected [ 139.957020] [ 139.958649] Memory state around the buggy address: [ 139.963577] ffff8881b8e83800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 139.970947] ffff8881b8e83880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 139.978328] >ffff8881b8e83900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 139.985711] ^ [ 139.990676] ffff8881b8e83980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 139.998036] ffff8881b8e83a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 140.005384] ================================================================== [ 140.012731] Disabling lock debugging due to kernel taint 01:59:10 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000200008912, &(0x7f00000001c0)="5c402d0240316285717070") socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@dev={0xfe, 0x80, [], 0xe}, 0xffff00000000000, 0x0, 0x2, 0x0, 0x0, 0x9, 0x2}, 0x20) r1 = accept(r0, &(0x7f0000000100)=@generic, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000180)=0x4) getpeername$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000080)=0x1c) 01:59:10 executing program 0: r0 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0xffbd) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0xe6b1, 0x6, 0x5, 0x6, 0x0}, &(0x7f0000000040)=0x10) setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=r1, 0x4) r2 = socket$inet6_sctp(0xa, 0x20000000000001, 0x84) r3 = socket$inet6(0xa, 0x4, 0x2008001) ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in={{0xa, 0x0, @dev, [0x0, 0x300000000000000]}}, 0x0, 0x3}, 0x98) 01:59:10 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) pwrite64(r0, &(0x7f0000000080)="86", 0x1, 0x3fffff) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0xed5e0000, 0x0, 0x0, 0x20000fff}) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f623448") ioctl(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x100000002072, 0xffffffffffffffff, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000100)={0xad, {{0x2, 0x4e21}}}, 0x88) socket$alg(0x26, 0x5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="d1000000990671499acaf04551d92fe700bdfcf7b7c744000007003068da4174fbe113b6daa9c36f68fec3cfaa44666cde0a4385cdae72a4f80b8c49aad82526d62df448a542e71c000084cf2321b2d315d28101705f4c20cb00002052c722c35409462e5e4d55ab9e10"], 0x6a) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000280), 0xfffffe8f) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x300000a, 0x8013, r1, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000}) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/21, 0x3c000, 0x800}, 0x18) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) 01:59:10 executing program 3: bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)-generic\x00'}, 0x58) r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040)="d3", 0x1) accept4$alg(r0, 0x0, 0x0, 0x800) recvmmsg(r1, &(0x7f00000062c0)=[{{&(0x7f0000002bc0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000003ec0), 0x3, &(0x7f0000003f40)=""/190, 0xbe}}, {{&(0x7f0000004000)=@ipx, 0x80, &(0x7f0000006180), 0x228, &(0x7f00000061c0)=""/240, 0xf0}}], 0x400000000000399, 0x0, &(0x7f0000006400)={0x77359400}) [ 140.018271] Kernel panic - not syncing: panic_on_warn set ... [ 140.024172] CPU: 1 PID: 22 Comm: kworker/1:1 Tainted: G B 4.20.0-rc4+ #335 [ 140.032491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 140.041869] Workqueue: ipv6_addrconf addrconf_dad_work [ 140.047152] Call Trace: [ 140.049752] dump_stack+0x244/0x39d [ 140.053386] ? dump_stack_print_info.cold.1+0x20/0x20 [ 140.058592] panic+0x2ad/0x55c [ 140.061799] ? add_taint.cold.5+0x16/0x16 01:59:10 executing program 1: r0 = socket(0x18, 0xc05, 0x0) getsockopt(r0, 0x114, 0x5, &(0x7f0000af0fe7)=""/13, &(0x7f0000000000)=0xfcfe) sendmsg(r0, &(0x7f0000000280)={&(0x7f0000000040)=@llc={0x1a, 0x327, 0x0, 0x4, 0xcd5, 0x2, @local}, 0x80, &(0x7f0000000240)=[{&(0x7f00000000c0)="c50099eff5d78076974e5017820381680063821375f87c", 0x17}, {&(0x7f0000000100)="3ed1524db630c2412f12de", 0xb}, {&(0x7f0000000140)="2e32adedf9a1247b7513869a78a97f728860e06be0021fdada614781a37d21554b6db4cf3002ab3cd2fbf5a981a2368f1d73fba2904d7d561253e9468b4638010894635445ad13b8a891637291cd4ba01b9c0951bbb503c86d71e757695bbf3281cc15625bc6dc8f795db84509cf5a4d7ec6b919ad47301a5f63c59bd05bcc97f655af10346cbf0e6553700e642cb584b42cc64a093c", 0x96}, {&(0x7f0000000200)="14599c2bf87110bfb542f4dce4215e1852da586191", 0x15}], 0x4}, 0x4) [ 140.065956] ? trace_hardirqs_on+0xb4/0x310 [ 140.070285] kasan_end_report+0x47/0x4f [ 140.074271] kasan_report.cold.8+0x76/0x309 [ 140.078600] ? __list_add_valid+0x8f/0xac [ 140.082816] __asan_report_load8_noabort+0x14/0x20 [ 140.087792] __list_add_valid+0x8f/0xac [ 140.091781] ___neigh_create+0x14b7/0x2600 [ 140.096031] ? print_usage_bug+0xc0/0xc0 [ 140.100113] ? neigh_remove_one+0x5a0/0x5a0 [ 140.104449] ? __lock_acquire+0x62f/0x4c20 [ 140.108721] ? ipv6_skip_exthdr+0x416/0x760 [ 140.113049] ? __local_bh_enable_ip+0x160/0x260 [ 140.117725] ? __local_bh_enable_ip+0x160/0x260 [ 140.122404] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 140.127008] ? mark_held_locks+0x130/0x130 [ 140.131266] ? __local_bh_enable_ip+0x160/0x260 [ 140.135944] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 140.140538] ? trace_hardirqs_on+0xbd/0x310 [ 140.144882] ? ip6t_do_table+0xd9e/0x1d30 [ 140.149043] ? trace_hardirqs_off_caller+0x310/0x310 [ 140.154155] ? __local_bh_enable_ip+0x160/0x260 [ 140.158837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 140.164400] ? check_preemption_disabled+0x48/0x280 [ 140.169436] ? ip6t_do_table+0xd6a/0x1d30 [ 140.173607] ? ip6t_do_table+0xd6a/0x1d30 [ 140.177817] ? lock_acquire+0x1ed/0x520 [ 140.181802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 140.187370] ? check_preemption_disabled+0x48/0x280 [ 140.192402] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 140.197955] ? rcu_pm_notify+0xc0/0xc0 [ 140.201878] __neigh_create+0x30/0x40 [ 140.205721] ip6_finish_output2+0xa59/0x27a0 [ 140.210143] ? ip6_forward_finish+0x560/0x560 [ 140.214657] ? ip6_mtu+0x39c/0x520 [ 140.218224] ? lock_downgrade+0x900/0x900 [ 140.222421] ? check_preemption_disabled+0x48/0x280 [ 140.227448] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 140.232392] ? kasan_check_read+0x11/0x20 [ 140.236546] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 140.241837] ? rcu_softirq_qs+0x20/0x20 [ 140.245877] ? ip6_mtu+0x160/0x520 [ 140.249425] ? find_match+0x10a0/0x10a0 [ 140.253416] ? kasan_check_read+0x11/0x20 [ 140.257570] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 140.262850] ? nf_nat_ipv6_out+0x212/0x550 [ 140.267105] ip6_finish_output+0x58c/0xc60 [ 140.269351] kobject: 'loop1' (00000000a506244c): kobject_uevent_env [ 140.271347] ? ip6_finish_output+0x58c/0xc60 [ 140.271379] ip6_output+0x232/0x9d0 [ 140.271395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 140.271425] ? ip6_finish_output+0xc60/0xc60 [ 140.289162] kobject: 'loop1' (00000000a506244c): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 140.291408] ? ip6_fragment+0x38b0/0x38b0 [ 140.291424] ? __lock_is_held+0xb5/0x140 [ 140.291447] ndisc_send_skb+0x1005/0x1560 [ 140.291465] ? nf_hook.constprop.33+0x860/0x860 [ 140.322725] ? print_usage_bug+0xc0/0xc0 [ 140.326814] ? mark_held_locks+0xc7/0x130 [ 140.330981] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 140.336007] ndisc_send_ns+0x3c6/0x8e0 [ 140.339899] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 140.344497] ? ndisc_netdev_event+0x5b0/0x5b0 [ 140.349003] ? trace_hardirqs_off_caller+0x310/0x310 [ 140.349290] kobject: 'loop5' (0000000054312a53): kobject_uevent_env [ 140.354126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 140.354144] ? check_preemption_disabled+0x48/0x280 [ 140.354160] ? addrconf_dad_work+0xab8/0x1310 [ 140.354175] ? addrconf_dad_work+0xab8/0x1310 [ 140.354193] addrconf_dad_work+0xbf2/0x1310 [ 140.354211] ? addrconf_ifdown+0x1650/0x1650 [ 140.354229] ? __lock_is_held+0xb5/0x140 [ 140.360758] kobject: 'loop5' (0000000054312a53): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 140.366165] process_one_work+0xc90/0x1c40 [ 140.366181] ? mark_held_locks+0x130/0x130 [ 140.366200] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 140.366213] ? __switch_to_asm+0x40/0x70 [ 140.366230] ? __switch_to_asm+0x40/0x70 [ 140.402691] kobject: 'loop1' (00000000a506244c): kobject_uevent_env [ 140.406591] ? __switch_to_asm+0x34/0x70 [ 140.406603] ? __switch_to_asm+0x40/0x70 [ 140.406615] ? __switch_to_asm+0x34/0x70 [ 140.406634] ? __switch_to_asm+0x40/0x70 [ 140.406645] ? __switch_to_asm+0x34/0x70 [ 140.406661] ? __switch_to_asm+0x40/0x70 [ 140.427070] kobject: 'loop1' (00000000a506244c): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 140.430038] ? __schedule+0x8d7/0x21d0 [ 140.430052] ? retint_kernel+0x2d/0x2d [ 140.430071] ? lock_downgrade+0x900/0x900 [ 140.430088] ? zap_class+0x640/0x640 [ 140.458761] kobject: 'loop4' (00000000007806e5): kobject_uevent_env [ 140.463932] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 140.463966] ? retint_kernel+0x2d/0x2d [ 140.463988] ? lock_acquire+0x1ed/0x520 [ 140.464001] ? worker_thread+0x3e0/0x1390 [ 140.464020] ? kasan_check_read+0x11/0x20 [ 140.464037] ? do_raw_spin_lock+0x14f/0x350 [ 140.475923] kobject: 'loop4' (00000000007806e5): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 140.479613] ? kasan_check_read+0x11/0x20 [ 140.479635] ? rwlock_bug.part.2+0x90/0x90 [ 140.479649] ? trace_hardirqs_on+0x310/0x310 [ 140.479669] worker_thread+0x17f/0x1390 [ 140.479685] ? __switch_to_asm+0x34/0x70 [ 140.490008] IPVS: ftp: loaded support on port[0] = 21 [ 140.490836] ? process_one_work+0x1c40/0x1c40 [ 140.490866] ? zap_class+0x640/0x640 [ 140.490881] ? find_held_lock+0x36/0x1c0 [ 140.490953] ? __kthread_parkme+0xce/0x1a0 [ 140.490980] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 140.556195] kobject: 'loop3' (0000000060bb1d2b): kobject_uevent_env [ 140.559132] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 140.559165] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 140.559195] ? trace_hardirqs_on+0xbd/0x310 [ 140.559209] ? kasan_check_read+0x11/0x20 [ 140.559241] ? __kthread_parkme+0xce/0x1a0 [ 140.568344] kobject: 'loop3' (0000000060bb1d2b): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 140.568597] ? trace_hardirqs_off_caller+0x310/0x310 [ 140.603322] sctp: [Deprecated]: syz-executor0 (pid 7785) Use of int in maxseg socket option. [ 140.603322] Use struct sctp_assoc_value instead [ 140.606798] ? trace_hardirqs_off_caller+0x310/0x310 [ 140.628306] sctp: [Deprecated]: syz-executor0 (pid 7779) Use of int in maxseg socket option. [ 140.628306] Use struct sctp_assoc_value instead [ 140.630134] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 140.630153] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 140.630168] ? __kthread_parkme+0xfb/0x1a0 [ 140.630195] ? process_one_work+0x1c40/0x1c40 [ 140.661037] kobject: 'loop3' (0000000060bb1d2b): kobject_uevent_env [ 140.662661] kthread+0x35a/0x440 [ 140.662678] ? kthread_stop+0x900/0x900 [ 140.662694] ret_from_fork+0x3a/0x50 [ 140.670092] Kernel Offset: disabled [ 140.684689] Rebooting in 86400 seconds..