[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 94.823378] audit: type=1800 audit(1551908741.883:25): pid=10553 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 94.842678] audit: type=1800 audit(1551908741.883:26): pid=10553 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 94.862280] audit: type=1800 audit(1551908741.913:27): pid=10553 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts. 2019/03/06 21:45:57 fuzzer started 2019/03/06 21:46:03 dialing manager at 10.128.0.26:41055 2019/03/06 21:46:03 syscalls: 1 2019/03/06 21:46:03 code coverage: enabled 2019/03/06 21:46:03 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/06 21:46:03 extra coverage: extra coverage is not supported by the kernel 2019/03/06 21:46:03 setuid sandbox: enabled 2019/03/06 21:46:03 namespace sandbox: enabled 2019/03/06 21:46:03 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/06 21:46:03 fault injection: enabled 2019/03/06 21:46:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/06 21:46:03 net packet injection: enabled 2019/03/06 21:46:03 net device setup: enabled 21:48:52 executing program 0: syzkaller login: [ 286.177808] IPVS: ftp: loaded support on port[0] = 21 [ 286.346358] chnl_net:caif_netlink_parms(): no params data found [ 286.434288] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.440946] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.449591] device bridge_slave_0 entered promiscuous mode [ 286.459339] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.465917] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.474485] device bridge_slave_1 entered promiscuous mode [ 286.510945] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 286.530529] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 286.566381] team0: Port device team_slave_0 added [ 286.575160] team0: Port device team_slave_1 added [ 286.772223] device hsr_slave_0 entered promiscuous mode [ 286.976626] device hsr_slave_1 entered promiscuous mode [ 287.261148] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.267792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.274974] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.281700] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.361894] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.371520] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.404307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.424273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 287.432548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 287.449665] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.465198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 287.474281] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 287.482842] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.489398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.512513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 287.521536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 287.531502] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.538039] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.592370] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 287.602319] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 287.617810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 287.627154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 287.636428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 287.645294] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 287.654577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 287.663399] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 287.672065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 287.680646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 287.689406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 287.697731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 287.712130] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 287.720348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 287.754498] 8021q: adding VLAN 0 to HW filter on device batadv0 21:48:55 executing program 0: 21:48:55 executing program 0: 21:48:55 executing program 0: 21:48:55 executing program 0: 21:48:55 executing program 0: 21:48:55 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003500)=[{{0x0, 0xdb, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_mr_cache\x00') r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x3, 0x0) r2 = getuid() fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000000c0)=0x0) r6 = getpgid(0xffffffffffffffff) kcmp(r5, r6, 0x4, r4, r4) ioctl(r4, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 21:48:55 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003500)=[{{0x0, 0xdb, &(0x7f0000002580)=[{&(0x7f00000012c0)=""/115, 0x73}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_mr_cache\x00') r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x3, 0x0) r2 = getuid() fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(r1, &(0x7f0000000040)='./file0\x00', r2, r3, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000000c0)=0x0) r6 = getpgid(0xffffffffffffffff) kcmp(r5, r6, 0x4, r4, r4) ioctl(r4, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 21:48:55 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(r0, 0x80000000000000f2) getuid() r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x40, 0x0) ioctl$IMADDTIMER(r1, 0x80044940, &(0x7f0000000040)=0x32) r2 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x298) recvmmsg(r2, &(0x7f0000003200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x80800) sendmsg$TIPC_CMD_SET_LINK_PRI(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 21:48:55 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x143) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) open$dir(&(0x7f00000006c0)='./file0\x00', 0x590081, 0x0) 21:48:56 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x143) open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) open$dir(&(0x7f00000006c0)='./file0\x00', 0x590081, 0x0) 21:48:56 executing program 0: r0 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x6, 0x400) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000200)={0xc8, 0x7, 0x7, 0x2, 0x0, 0x13d}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'tgr160\x00'}, 0x58) r2 = syz_open_dev$media(&(0x7f0000000340)='/dev/media#\x00', 0x80000000, 0x400000) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000280)=0x92, 0x4) getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f00000000c0), &(0x7f0000000180)=0x4) openat$vsock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vsock\x00', 0x101000, 0x0) accept$alg(r1, 0x0, 0x0) prctl$PR_SET_FP_MODE(0x2d, 0x2) r3 = accept4(r1, 0x0, &(0x7f0000000040), 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r3, r4, &(0x7f00000002c0), 0x1) 21:48:56 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x900, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x0, 0x0, 0x0, 0x1f, 0x0, 0x60}}) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x4e24, @local}}, 0x0, 0x64a, 0x0, "c92546eec8b22299bafb36635fe98437706513e3e18ff737d32addb5509b84e953fa9597cbcf9f7ff8e29f139cea18a4a92a1738985fb54d15313d062570b5f52889e4d731f800a1dfda615e097f35ed"}, 0xd8) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000140)=0x4) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000780)=""/89, 0x4}, {&(0x7f0000000580), 0xfc5d}, {&(0x7f00000005c0)=""/81, 0x51}, {&(0x7f0000000640)=""/232, 0xe8}], 0x100000000000035c, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000100)={0x0, 0x7, 0x1, [0x40]}, &(0x7f0000000300)=0xa) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000340)={r1, 0xb9, "26a3b85eb6abff5d91f5d566c21fb64871015028c5a3b554638f54eb802791a92a3ed3a84086807de68ee58738a52f1e1175aed795275ac00581d0c96bdf17e8ebac12e57f11397b56ecc4cd8ced13ac70743d3e0ce4949ddb428543e0724b6a4cfeebdf76019ecf31412b3808fb3002a037a5bc14e94f70af018e0b81f223d03fe3e1b6db330509c272398a4963fe03b43e1a2ab939265e785859d8f5288c4aabd4679386c12b8c2a0757e281546bd6b4853c520b0b320a2e"}, &(0x7f0000000440)=0xc1) ioctl$VIDIOC_ENUMOUTPUT(r0, 0xc0485630, &(0x7f0000000180)={0x5, "ff832dbcc887f0df63bfadadcf3c72b818a3787a4c7e4d4c404dfabb918c8b01", 0x3, 0x7, 0xff, 0x4, 0x8}) 21:48:56 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x44002, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x17, &(0x7f00000001c0)=0x5, 0x4) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x1000000002806, 0x0) socketpair$unix(0x1, 0x20000000000001, 0x0, &(0x7f0000001200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$UHID_CREATE2(r1, &(0x7f0000000040)={0xb, 'syz0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz1\x00', 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, "1c50b242cba978947204166b535789b52973cc1f7c06f57090"}, 0x131) socket$inet(0x2, 0x3, 0x8) write$UHID_DESTROY(r1, &(0x7f0000001280), 0x4) [ 289.415277] hid-generic 0000:0000:0000.0001: unknown main item tag 0x5 [ 289.422302] hid-generic 0000:0000:0000.0001: unknown main item tag 0x7 [ 289.432384] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 289.471959] hid-generic 0000:0000:0000.0002: unknown main item tag 0x5 [ 289.479040] hid-generic 0000:0000:0000.0002: unknown main item tag 0x7 [ 289.502808] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 21:48:56 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x3, 0x0) socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000000)) close(r0) 21:48:56 executing program 1: r0 = epoll_create(0x8001) socketpair(0x1f, 0x2, 0x8, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x81, 0x6, [0x3, 0x5, 0x6, 0x7, 0x38ea, 0x11]}, &(0x7f0000000080)=0x14) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000000c0)={r3}, 0x8) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x0, 0x0) ioctl$KVM_SMI(r4, 0xaeb7) fsetxattr$security_evm(r2, &(0x7f0000000140)='security.evm\x00', &(0x7f0000000180)=@md5={0x1, "7ae0e47463f00a3f912ad1876a127ea2"}, 0x11, 0x1) ioctl$KVM_SMI(r0, 0xaeb7) r5 = inotify_init() r6 = fcntl$dupfd(r4, 0x0, r5) flock(r6, 0x5) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'nlmon0\x00', &(0x7f00000001c0)=@ethtool_stats={0x1d, 0x4, [0x0, 0x47c0, 0x5, 0x1]}}) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000000240)) fcntl$F_SET_FILE_RW_HINT(r5, 0x40e, &(0x7f0000000280)=0x7) flock(r4, 0x4) openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x422001, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000300)) ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, &(0x7f0000000340)) setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000380), 0x4) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r6, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x3c, r8, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x1e}}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x440d0}, 0x20000000) write$P9_RAUTH(r4, &(0x7f0000000500)={0x14, 0x67, 0x2, {0x2, 0x0, 0x3}}, 0x14) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) r9 = semget$private(0x0, 0x0, 0x14) semctl$SETALL(r9, 0x0, 0x11, &(0x7f0000000580)=[0x1, 0x20, 0x2, 0x2, 0x401]) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000640)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000740)={&(0x7f00000005c0), 0xc, &(0x7f0000000700)={&(0x7f0000000680)=@delqdisc={0x48, 0x25, 0x63c, 0x70bd2c, 0x25dfdbfd, {0x0, r10, {0x1f, 0xfff2}, {0x0, 0xfff3}, {0xf, 0x10}}, [@qdisc_kind_options=@q_fq={{0x8, 0x1, 'fq\x00'}, {0x14, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x5}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x8000000}]}}, @TCA_RATE={0x8, 0x5, {0x5fa, 0x6}}]}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x4) rt_sigpending(&(0x7f0000000780), 0x8) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000800)={&(0x7f00000007c0)='./file0\x00', r6}, 0x10) 21:48:57 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, 0x0, 0xf2) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00', 0xfffffffffffffffe}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000080)={{0x0, 0x1000001}, {0x2000000000080}}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x240, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f0000000100)={0x1, 0x20, [0x9, 0x1, 0x19295c7c, 0x391, 0xf10e, 0x1ff, 0x1, 0x81]}) bind$alg(r1, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ni\x00'}, 0x58) getrusage(0xffffffffffffffff, &(0x7f0000000240)) 21:48:57 executing program 0: timer_create(0xfffffffffffffffe, &(0x7f0000000040)={0x0, 0x400000000000020, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0) ioctl$PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f00000000c0)={0x802d, 0x2}) timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000100)={{0x77359400}, {0x0, 0x9}}, &(0x7f0000d43000)) [ 290.427615] Unknown ioctl 1074295883 [ 290.439610] Unknown ioctl 1074295883 [ 290.481285] IPVS: ftp: loaded support on port[0] = 21 21:48:57 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xb2aa, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f00000001c0)=""/168, &(0x7f0000000280)=0xa8) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000140)={&(0x7f0000000100)=[0xffff], 0x1, 0xdb, 0x7, 0x81, 0x3, 0x4, {0xfffffffffffff773, 0x3, 0xffffffff, 0x3, 0x9000000000000000, 0x1, 0x9bb0, 0x8, 0x7, 0x7ff, 0x9, 0x1f, 0x0, 0x5, "88820ccd86327c4e9f679b069cc7fd54bc543327838bf008ba15d444aa979159"}}) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x2, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, [@sadb_x_nat_t_type={0x1, 0x8}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfffffffb}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x58}}, 0x0) [ 290.709451] chnl_net:caif_netlink_parms(): no params data found [ 290.789595] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.796260] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.804568] device bridge_slave_0 entered promiscuous mode [ 290.815461] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.821970] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.830605] device bridge_slave_1 entered promiscuous mode 21:48:57 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xb2aa, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f00000001c0)=""/168, &(0x7f0000000280)=0xa8) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000140)={&(0x7f0000000100)=[0xffff], 0x1, 0xdb, 0x7, 0x81, 0x3, 0x4, {0xfffffffffffff773, 0x3, 0xffffffff, 0x3, 0x9000000000000000, 0x1, 0x9bb0, 0x8, 0x7, 0x7ff, 0x9, 0x1f, 0x0, 0x5, "88820ccd86327c4e9f679b069cc7fd54bc543327838bf008ba15d444aa979159"}}) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x2, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, [@sadb_x_nat_t_type={0x1, 0x8}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0xfffffffb}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x58}}, 0x0) [ 290.908503] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 290.949680] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 291.016791] team0: Port device team_slave_0 added [ 291.025771] team0: Port device team_slave_1 added 21:48:58 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x808c0, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f00000000c0)={0x0, r1}) r2 = getpid() ptrace$cont(0x9, r2, 0x3f, 0x7da300f5) ptrace$getenv(0x4201, r2, 0x2, &(0x7f0000000080)) [ 291.131069] device hsr_slave_0 entered promiscuous mode [ 291.176172] device hsr_slave_1 entered promiscuous mode [ 291.239523] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.246162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.253300] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.259931] bridge0: port 1(bridge_slave_0) entered forwarding state 21:48:58 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGETMODE(r0, 0x4004510d, &(0x7f0000000140)) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000300)={0x188, r1, 0x304, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x81}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1000}]}, @TIPC_NLA_NET={0x40, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9e2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x81}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK={0xac, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000001}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x80}, 0x40000) ioctl$RTC_WIE_OFF(r0, 0x7010) r2 = socket(0x2, 0x8000a, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f00000002c0)={'lo\x00'}) [ 291.386711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 291.406539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 291.427913] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.450773] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.464845] syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET) [ 291.472487] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 291.494128] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.522322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 291.530813] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.537393] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.557099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 291.565762] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.572264] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.632558] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 291.642448] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 291.662189] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 291.671664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 21:48:58 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGETMODE(r0, 0x4004510d, &(0x7f0000000140)) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000300)={0x188, r1, 0x304, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x81}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1000}]}, @TIPC_NLA_NET={0x40, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9e2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x81}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK={0xac, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000001}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x80}, 0x40000) ioctl$RTC_WIE_OFF(r0, 0x7010) r2 = socket(0x2, 0x8000a, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f00000002c0)={'lo\x00'}) [ 291.680935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 291.689736] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 291.701721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 291.709519] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 291.790016] 8021q: adding VLAN 0 to HW filter on device batadv0 21:48:59 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGETMODE(r0, 0x4004510d, &(0x7f0000000140)) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000300)={0x188, r1, 0x304, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x81}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1000}]}, @TIPC_NLA_NET={0x40, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9e2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x81}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK={0xac, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000001}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x80}, 0x40000) ioctl$RTC_WIE_OFF(r0, 0x7010) r2 = socket(0x2, 0x8000a, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f00000002c0)={'lo\x00'}) 21:48:59 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGETMODE(r0, 0x4004510d, &(0x7f0000000140)) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000300)={0x188, r1, 0x304, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x81}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1000}]}, @TIPC_NLA_NET={0x40, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9e2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x81}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK={0xac, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000001}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x80}, 0x40000) ioctl$RTC_WIE_OFF(r0, 0x7010) r2 = socket(0x2, 0x8000a, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f00000002c0)={'lo\x00'}) 21:48:59 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000008380)=[{{&(0x7f0000000000)=@in={0x2, 0x0, @dev}, 0x80, 0x0}}], 0x1, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x3, 0x2) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000100)={0x5, &(0x7f00000000c0)=[{0x0}, {}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(r1, 0x40086424, &(0x7f0000000140)={r2, 0x1}) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x11) 21:48:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x81) r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x8, 0x400000) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) r2 = syz_open_pts(r0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ppoll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$TCFLSH(r2, 0x540b, 0x7708) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f00000000c0)=0x10) 21:48:59 executing program 0: syz_emit_ethernet(0x3e, &(0x7f0000000940)=ANY=[@ANYBLOB="bd6d2b2131e0aaaaaaaaaaaa86dd6077055300087300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22000b9078"], 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8, 0x0) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000040)) 21:48:59 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0102000000000000000001000000000000000141000000200017000000000000000069623a76657468315f6681c685a57c8b1c66086f"], 0x3c}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='memory.events\x00', 0x0, 0x0) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000080)=0x1) write$P9_RSETATTR(r2, &(0x7f00000000c0)={0x7, 0x1b, 0x1}, 0x7) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x1, 0x0) [ 292.548975] ================================================================== [ 292.556418] BUG: KMSAN: uninit-value in memchr+0xce/0x110 [ 292.562071] CPU: 0 PID: 10831 Comm: syz-executor.0 Not tainted 5.0.0+ #11 [ 292.569005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.578370] Call Trace: [ 292.581005] dump_stack+0x173/0x1d0 [ 292.584671] kmsan_report+0x12e/0x2a0 [ 292.588511] __msan_warning+0x82/0xf0 [ 292.592346] memchr+0xce/0x110 [ 292.595577] tipc_nl_compat_bearer_enable+0x2c4/0x910 [ 292.600820] ? tipc_nl_compat_dumpit+0x820/0x820 [ 292.605603] tipc_nl_compat_doit+0x3aa/0xaf0 [ 292.610037] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.615288] tipc_nl_compat_recv+0x1ae7/0x2750 [ 292.619912] ? tipc_nl_bearer_disable+0xb0/0xb0 [ 292.624607] ? tipc_nl_compat_dumpit+0x820/0x820 [ 292.629392] ? tipc_netlink_compat_stop+0x40/0x40 [ 292.634272] genl_rcv_msg+0x185f/0x1a60 [ 292.638334] netlink_rcv_skb+0x431/0x620 [ 292.642430] ? genl_unbind+0x390/0x390 [ 292.646362] genl_rcv+0x63/0x80 [ 292.649680] netlink_unicast+0xf3e/0x1020 [ 292.653878] netlink_sendmsg+0x127f/0x1300 [ 292.658175] ___sys_sendmsg+0xdb9/0x11b0 [ 292.662275] ? netlink_getsockopt+0x1460/0x1460 [ 292.666984] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.672204] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 292.677591] ? __fget_light+0x6e1/0x750 [ 292.681609] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.686829] __se_sys_sendmsg+0x305/0x460 [ 292.691038] __x64_sys_sendmsg+0x4a/0x70 [ 292.695122] do_syscall_64+0xbc/0xf0 [ 292.698907] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 292.704114] RIP: 0033:0x457f29 [ 292.707319] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 292.726240] RSP: 002b:00007f911affdc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 292.733961] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 292.741244] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 292.748530] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 292.755811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f911affe6d4 [ 292.763090] R13: 00000000004cb900 R14: 00000000004d8fe8 R15: 00000000ffffffff [ 292.770389] [ 292.772038] Uninit was created at: [ 292.775608] kmsan_internal_poison_shadow+0x92/0x150 [ 292.780734] kmsan_kmalloc+0xa6/0x130 [ 292.784556] kmsan_slab_alloc+0xe/0x10 [ 292.788474] __kmalloc_node_track_caller+0xe9e/0xff0 [ 292.793598] __alloc_skb+0x309/0xa20 [ 292.797325] netlink_sendmsg+0xb82/0x1300 [ 292.801493] ___sys_sendmsg+0xdb9/0x11b0 [ 292.805568] __se_sys_sendmsg+0x305/0x460 [ 292.809819] __x64_sys_sendmsg+0x4a/0x70 [ 292.813899] do_syscall_64+0xbc/0xf0 [ 292.817634] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 292.822826] ================================================================== [ 292.830188] Disabling lock debugging due to kernel taint [ 292.835645] Kernel panic - not syncing: panic_on_warn set ... [ 292.841548] CPU: 0 PID: 10831 Comm: syz-executor.0 Tainted: G B 5.0.0+ #11 [ 292.849866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.859229] Call Trace: [ 292.861852] dump_stack+0x173/0x1d0 [ 292.865513] panic+0x3d1/0xb01 [ 292.868780] kmsan_report+0x293/0x2a0 [ 292.872621] __msan_warning+0x82/0xf0 [ 292.876468] memchr+0xce/0x110 [ 292.879703] tipc_nl_compat_bearer_enable+0x2c4/0x910 [ 292.884946] ? tipc_nl_compat_dumpit+0x820/0x820 [ 292.889730] tipc_nl_compat_doit+0x3aa/0xaf0 [ 292.894167] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.899441] tipc_nl_compat_recv+0x1ae7/0x2750 [ 292.904075] ? tipc_nl_bearer_disable+0xb0/0xb0 [ 292.908765] ? tipc_nl_compat_dumpit+0x820/0x820 [ 292.913546] ? tipc_netlink_compat_stop+0x40/0x40 [ 292.918416] genl_rcv_msg+0x185f/0x1a60 [ 292.922491] netlink_rcv_skb+0x431/0x620 [ 292.926576] ? genl_unbind+0x390/0x390 [ 292.930505] genl_rcv+0x63/0x80 [ 292.933810] netlink_unicast+0xf3e/0x1020 [ 292.938009] netlink_sendmsg+0x127f/0x1300 [ 292.942315] ___sys_sendmsg+0xdb9/0x11b0 [ 292.946413] ? netlink_getsockopt+0x1460/0x1460 [ 292.951125] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.956344] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 292.961730] ? __fget_light+0x6e1/0x750 [ 292.965743] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 292.970968] __se_sys_sendmsg+0x305/0x460 [ 292.975173] __x64_sys_sendmsg+0x4a/0x70 [ 292.979254] do_syscall_64+0xbc/0xf0 [ 292.982992] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 292.988194] RIP: 0033:0x457f29 [ 292.991412] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 293.010347] RSP: 002b:00007f911affdc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 293.018108] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457f29 [ 293.025385] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 293.032674] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 293.039950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f911affe6d4 [ 293.047230] R13: 00000000004cb900 R14: 00000000004d8fe8 R15: 00000000ffffffff [ 293.055303] Kernel Offset: disabled [ 293.058951] Rebooting in 86400 seconds..