[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   45.067040] audit: type=1800 audit(1544872594.114:25): pid=6270 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   45.086052] audit: type=1800 audit(1544872594.124:26): pid=6270 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   45.105784] audit: type=1800 audit(1544872594.134:27): pid=6270 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   50.315981] sshd (6408) used greatest stack depth: 53688 bytes left
Warning: Permanently added '10.128.0.70' (ECDSA) to the list of known hosts.
2018/12/15 11:16:48 fuzzer started
2018/12/15 11:16:52 dialing manager at 10.128.0.26:37229
2018/12/15 11:16:52 syscalls: 1
2018/12/15 11:16:52 code coverage: enabled
2018/12/15 11:16:52 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/15 11:16:52 setuid sandbox: enabled
2018/12/15 11:16:52 namespace sandbox: enabled
2018/12/15 11:16:52 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/15 11:16:52 fault injection: enabled
2018/12/15 11:16:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/15 11:16:52 net packet injection: enabled
2018/12/15 11:16:52 net device setup: enabled
11:18:55 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sched_setaffinity(0x0, 0x3, &(0x7f0000000680))
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$admmidi(0x0, 0x8, 0x0)
rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8)
add_key$keyring(&(0x7f0000000140)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc)
dup2(r1, r0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x100, 0x0)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000400)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
msgget(0xffffffffffffffff, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, 0x0, 0x0)

[  186.977133] IPVS: ftp: loaded support on port[0] = 21
[  188.199828] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.206470] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.214648] device bridge_slave_0 entered promiscuous mode
[  188.289827] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.296431] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.304599] device bridge_slave_1 entered promiscuous mode
[  188.377329] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  188.450281] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  188.675842] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  188.753112] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  188.898131] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  188.905342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  189.133405] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  189.141782] team0: Port device team_slave_0 added
[  189.215405] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  189.223634] team0: Port device team_slave_1 added
[  189.298602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  189.378787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  189.457337] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  189.465051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  189.474078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  189.550720] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  189.558414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  189.567808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
11:18:59 executing program 1:
socketpair$unix(0x1, 0x8000000000002, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000084)
bind$inet6(r1, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c)
listen(r1, 0xffbd)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000000100)='F', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0xf4010000, 0x0, 0x0, 0x0, 0x0, 0x8dffffff00000000]}}}, 0x7, 0x0, 0x0, 0x107, 0x24}, 0x98)

[  190.454463] IPVS: ftp: loaded support on port[0] = 21
[  190.756919] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.763510] bridge0: port 2(bridge_slave_1) entered forwarding state
[  190.770574] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.777167] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.786036] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  190.862164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.225994] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.232632] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.240771] device bridge_slave_0 entered promiscuous mode
[  192.331187] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.337801] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.345965] device bridge_slave_1 entered promiscuous mode
[  192.474144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  192.617823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  192.960683] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  193.119018] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  193.229151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  193.236326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  193.366650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  193.373768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  193.776571] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  193.785008] team0: Port device team_slave_0 added
[  193.953131] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  193.961599] team0: Port device team_slave_1 added
[  194.049839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  194.057007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  194.065844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  194.145413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  194.152554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  194.161302] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  194.238105] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  194.245872] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  194.254900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  194.333272] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  194.340900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  194.349916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
11:19:03 executing program 2:
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0)
r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$update(0x2, r0, &(0x7f0000000440)="c0ca1cdbaa1aedbbed80dddaa28e15b9449e2e82cca4244c40ffd0fd4e6631c7d3d86e1339de17344340b02dd527f2d8b3ae6c1db3594e657da33c3ec668f143974a65753472df5319a6b83e1e86b8f2666c61a2e700d1c1e0ae1fc52494bd4885a5c64e9007d39fa11313805290dd6342f9775f01a02ec88f6bee22f25a377a9b143abba1264586d2779088006d5f9be82b00f10287031623f73470264cc5897f18f357aad6deb3883da88ae2266664933785a3ce72bb224a441437ea93c217", 0xc0)
r2 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x100, 0x0)
ioctl$VIDIOC_G_AUDIO(r2, 0x80345621, 0x0)
r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x9a, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r3, r0, r3}, &(0x7f00000009c0)=""/240, 0x75c, 0x0)
dup2(r1, 0xffffffffffffffff)
ioctl$DRM_IOCTL_ADD_BUFS(0xffffffffffffffff, 0xc0206416, 0x0)

[  195.364351] IPVS: ftp: loaded support on port[0] = 21
[  195.898071] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.904670] bridge0: port 2(bridge_slave_1) entered forwarding state
[  195.911814] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.918344] bridge0: port 1(bridge_slave_0) entered forwarding state
[  195.927191] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  195.934132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  196.268348] 8021q: adding VLAN 0 to HW filter on device bond0
[  196.887041] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  197.497815] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  197.504301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  197.512431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  197.906948] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.913592] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.921808] device bridge_slave_0 entered promiscuous mode
[  197.951382] 8021q: adding VLAN 0 to HW filter on device team0
[  198.126070] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.132725] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.140481] device bridge_slave_1 entered promiscuous mode
[  198.368937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  198.503741] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  198.988296] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  199.123679] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  199.236738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  199.244351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  199.426562] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  199.433706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  199.892640] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  199.900971] team0: Port device team_slave_0 added
[  200.005774] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  200.014707] team0: Port device team_slave_1 added
[  200.112925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  200.119935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  200.128740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  200.205410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  200.212637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  200.221326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  200.319749] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  200.327592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  200.336593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  200.510646] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  200.518350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  200.527613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
11:19:10 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_GET_IRQCHIP(r2, 0xc208ae62, 0x0)

11:19:10 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000440)={<r1=>0x0, 0x6, 0x80000000}, &(0x7f0000000480)=0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000280)={r1, 0x290, 0x7fffffff, 0x9}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sched_setaffinity(0x0, 0x3, &(0x7f0000000680)=0x5)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, 0x0, 0x0)
clone(0x2902001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_open_dev$admmidi(&(0x7f00000003c0)='/dev/admmidi#\x00', 0x0, 0x408800)
rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8)
r3 = getpid()
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000380), 0x4)
ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x7)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f00000001c0)={0x0, {0x0, 0x0, 0x0, 0x0, 0x76a, 0x4}})
ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305616, 0x0)
rt_tgsigqueueinfo(r3, r3, 0x16, &(0x7f00000000c0))
msgget(0xffffffffffffffff, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ptrace(0x10, r3)
ppoll(&(0x7f0000000240)=[{0xffffffffffffffff, 0x700}], 0x1, &(0x7f00000002c0), &(0x7f0000000300)={0xf1}, 0x8)
ptrace$pokeuser(0x6, r3, 0x388, 0x3ff)
setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0)

[  201.495973] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
11:19:10 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x236, 0x0, 0x0, 0x105)

11:19:11 executing program 0:
r0 = userfaultfd(0x800)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$RDS_GET_MR(r1, 0x114, 0x2, &(0x7f0000000240)={{&(0x7f0000000180)=""/116, 0x74}, &(0x7f0000000080), 0x10}, 0x20)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
unshare(0x600)
pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x8}, &(0x7f0000000200), &(0x7f0000000300)={&(0x7f00000002c0), 0x8})

[  202.293971] IPVS: ftp: loaded support on port[0] = 21
[  202.308695] 8021q: adding VLAN 0 to HW filter on device bond0
11:19:11 executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = accept(r0, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, &(0x7f0000000040)=0x80)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e22, 0x6, @remote, 0xff}, @in={0x2, 0x4e22, @remote}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e22, 0x2, @local, 0x9e6}, @in6={0xa, 0x4e20, 0xfb, @dev={0xfe, 0x80, [], 0x1d}, 0xa3c1}, @in6={0xa, 0x4e23, 0x2d, @dev={0xfe, 0x80, [], 0x16}, 0x2}], 0x90)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020300030b0000000000000000000000010009000000000003000600000000007e7f8f7316561bd3000000000000000002000100000000000000000b00000000030005000000000002000000e00000010000000000000000"], 0x58}}, 0x0)

[  202.521222] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.527927] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.535147] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.541735] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.550576] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  202.557260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
11:19:11 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1400}, 0xc, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="28010000170001040000000000000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000ff0100000000000000000000000000010000000000000000000000000000000100000000000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000fe8000000000000000000000000000aa00000000000000000a000000000000007c9cd9d6f8b96a92473273f74ecd9de98597c5c9062c940b7a32bee93e7f053df0d396bd5727480d61dec3a74c953a87dccb6a7a2b79725fe742a2cd", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bb6b6e00000000000000000000000000000000000000000000000000"], 0x128}}, 0x0)

11:19:11 executing program 0:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0)
socketpair$unix(0x1, 0x200002, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = accept4(r2, 0x0, &(0x7f0000000000), 0x80000)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000180))
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
write$uinput_user_dev(r0, &(0x7f0000000640)={'syz0\x00', {}, 0x0, [], [], [0x7]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)
dup2(r3, r1)
write$uinput_user_dev(r0, &(0x7f00000001c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c)

[  202.887179] input: syz0 as /devices/virtual/input/input5
[  202.938362] input: syz0 as /devices/virtual/input/input6
[  203.104457] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
11:19:12 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x400000, 0x0)
ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000080)=0x9)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000003c0)=@broute={'broute\x00', 0x20, 0x1, 0x150, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000240], 0x0, &(0x7f0000000000), &(0x7f0000000240)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x5, 0x0, 0x0, 'gre0\x00', 'ip6_vti0\x00', 'veth0_to_bridge\x00', 'vlan0\x00', @random="1d33f6472b92", [], @dev, [], 0xc0, 0x70, 0xc0}}, @common=@log={'log\x00', 0x28, {{0x0, "374782f512978fab81e27b6afb2bc3f091eed8f10145d9ca48157c7dbbda"}}}}]}]}, 0x1c8)

[  203.274113] kernel msg: ebtables bug: please report to author: entry offsets not in right order
[  203.305642] kernel msg: ebtables bug: please report to author: entry offsets not in right order
11:19:12 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNGETIFF(r0, 0x800454dd, &(0x7f0000000080))

11:19:12 executing program 0:
r0 = syz_open_dev$video4linux(&(0x7f0000000240)='/dev/v4l-subdev#\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585605, &(0x7f0000000180)={0x0, 0x0, {0x0, 0x0, 0x100000000003007}})
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7fffffff, 0x400000)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x40, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000140)={<r3=>0x0, 0x8}, &(0x7f0000000200)=0x8)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000280)={r3, @in6={{0xa, 0x4e20, 0x7, @mcast1, 0x7}}}, 0x84)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={<r4=>0x0, 0x0, 0xf4}, &(0x7f0000000080)=0x8)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={&(0x7f0000000380)=[0xfffffffffffffffd, 0x2, 0x401, 0x5], 0x4, 0x0, 0xffc2, 0x9, 0x3a, 0x474, {0x1, 0x9, 0x6112, 0x8, 0x5, 0x5, 0x9, 0xd00e, 0x6, 0xcd21, 0x12, 0x800, 0x5, 0x2, "1c1353f3d0a163d815fd95953cf6ae0b355ea7399a835008238a84f016ea0aaf"}})
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r4, 0x5}, &(0x7f0000000100)=0x8)

[  203.814569] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  203.822545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  203.830357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  204.533120] 8021q: adding VLAN 0 to HW filter on device team0
[  205.578161] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.584781] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.592853] device bridge_slave_0 entered promiscuous mode
[  205.754689] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.761197] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.769388] device bridge_slave_1 entered promiscuous mode
[  205.880275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  206.030619] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  206.499820] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  206.659465] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  206.978202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  206.985391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.353026] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  207.361297] team0: Port device team_slave_0 added
[  207.520676] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  207.528876] team0: Port device team_slave_1 added
[  207.614127] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.773865] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.943205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  207.950690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.959744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  208.161792] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  208.169405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  208.178464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  208.263864] sctp: failed to load transform for md5: -2
11:19:17 executing program 0:
r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2)
ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xa)
r1 = socket(0x40000000015, 0x805, 0x0)
getsockopt$inet_dccp_buf(r1, 0x21, 0xd, &(0x7f0000000000)=""/112, &(0x7f00000000c0)=0xd7)
getsockopt(r1, 0x114, 0x0, 0x0, 0xfffffffffffffffd)

[  209.328306] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.599803] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.606418] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.613543] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.620474] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.629258] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  209.636302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  209.929436] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  210.449140] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  210.455671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  210.463599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  210.988435] 8021q: adding VLAN 0 to HW filter on device team0
[  214.003457] 8021q: adding VLAN 0 to HW filter on device bond0
11:19:23 executing program 2:
socketpair$unix(0x1, 0x8000000000002, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
setgroups(0x0, 0x0)
getgroups(0x1, &(0x7f00000002c0)=[0x0])

11:19:23 executing program 0:
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000240))
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc)
r0 = gettid()
syz_open_procfs(r0, &(0x7f0000000100)="73656367726fea7a7300")

[  214.094901] capability: warning: `syz-executor0' uses deprecated v2 capabilities in a way that may be insecure
[  214.304263] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  214.466384] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  214.472917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  214.480490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  214.644274] 8021q: adding VLAN 0 to HW filter on device team0
11:19:24 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00')
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000440)={<r1=>0x0, 0x6, 0x80000000}, &(0x7f0000000480)=0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000280)={r1, 0x290, 0x7fffffff, 0x9}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sched_setaffinity(0x0, 0x3, &(0x7f0000000680)=0x5)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, 0x0, 0x0)
clone(0x2902001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_open_dev$admmidi(&(0x7f00000003c0)='/dev/admmidi#\x00', 0x0, 0x408800)
rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8)
r3 = getpid()
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000380), 0x4)
ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x7)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f00000001c0)={0x0, {0x0, 0x0, 0x0, 0x0, 0x76a, 0x4}})
ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305616, 0x0)
rt_tgsigqueueinfo(r3, r3, 0x16, &(0x7f00000000c0))
msgget(0xffffffffffffffff, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ptrace(0x10, r3)
ppoll(&(0x7f0000000240)=[{0xffffffffffffffff, 0x700}], 0x1, &(0x7f00000002c0), &(0x7f0000000300)={0xf1}, 0x8)
ptrace$pokeuser(0x6, r3, 0x388, 0x3ff)
setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0)

11:19:24 executing program 1:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockname$packet(0xffffffffffffff9c, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000001c0)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000080)=0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in=@loopback, 0x4e20, 0x0, 0x4e24, 0x800, 0xa, 0xa0, 0x80, 0x16, r2, r3}, {0x1, 0x5510, 0x4, 0x4, 0xfff, 0xfb9, 0x40, 0x9}, {0x80000000, 0x1, 0x8, 0xff}, 0x3f, 0x0, 0x3, 0x1, 0x1, 0x3}, {{@in6=@ipv4={[], [], @remote}, 0x4d6, 0x32}, 0x2, @in=@loopback, 0x3500, 0x2, 0x3, 0x7, 0x0, 0x4, 0x6}}, 0xe8)
setsockopt$inet6_int(r1, 0x29, 0xd1, &(0x7f0000000180)=0x3c, 0x4)
ioctl$sock_ifreq(r1, 0x89bf, 0x0)

11:19:24 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x80000001, 0x400000)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000240)={<r1=>0xffffffffffffffff}, 0x13f, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000002c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000040), r1}}, 0x18)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)
write$P9_RLERRORu(r0, &(0x7f0000000300)={0x1a, 0x7, 0x1, {{0xd, '/dev/usbmon#\x00'}, 0x10000}}, 0x1a)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
exit(0x8001)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rfkill\x00', 0x200000, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x4e22, 0x5}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xb}}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x16}}], 0x6c)
write$FUSE_GETXATTR(r0, &(0x7f0000000400)={0x18, 0x0, 0x8, {0x8000}}, 0x18)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000440)="3d6e57355292c8f04e4a15fc680a71de05506991d45bbe70863a04b10d6d6a979c94f2ba", &(0x7f0000000480)="de7fb7ae9379b520d56d1207d156cd8524df952f755db6a4fb09337a126ec079e7da8b60b94fb8a421e4ab8c5a93149eee25d7ac4c092c102fa591237d7d44355f3a9d83cb64", 0x2}, 0x20)
write$P9_RLERRORu(r0, &(0x7f0000000540)={0x13, 0x7, 0x1, {{0x6, 'md5sum'}, 0x1ff}}, 0x13)
ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000580))
getsockopt$inet_sctp_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000680)={<r4=>0x0, 0x57, 0x8, 0x101, 0x2, 0x6, 0x44, 0x8, {<r5=>0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}, 0x632, 0x2, 0x7fffffff, 0x6, 0x401}}, &(0x7f0000000740)=0xb0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000780)={r5, 0x5}, 0x8)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000800)='TIPC\x00')
sendmsg$TIPC_CMD_DISABLE_BEARER(r3, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x808}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x34, r6, 0x2, 0x70bd28, 0x25dfdbfb, {{}, 0x0, 0x4102, 0x0, {0x18, 0x13, @l2={'ib', 0x3a, 'veth1_to_team\x00'}}}, ["", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x8800}, 0x1)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000900)={r4, 0x7, 0x7, 0x5, 0xb2, 0xb6}, 0x14)
fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000940)='trusted.overlay.origin\x00', &(0x7f0000000980)='y\x00', 0x2, 0x1)
ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f00000009c0)={"7baf0e5775970f1d84b2151706475007d586202ddc4ad02f04bba114fd99b0bd4464de1e912ab45b3b373bd94922c1653e0fd3f9635ecd6cec04eecacb331f47655a3fbf239562d368d6911597dc791cdbe5239d8f063ac7626073af0910ef28b5bc5eb1431df286f44523d1d5185a62e3f4c2d634b31c5cf9dd6264d22bf908bc19f7b02f5cc0f910a8a4979dfaa6d91d21496b3b91d50d6c01a73f2e61caae9ef5aeffce5cf7ca2519641d64e5890e8f388d2285aa6d24c54e813478ee371c4c00e77ed4ee365a26736588e396f8c3bc0949129c2ec13724c1b6b7e513ad979c2cc7a8d748ad94df9cb018288c0ce28df15b4d653b8c08604d9fcea0d1db7cd5678d3218ddea0c2923937f9b9ed1294cf10dc5fb71a142979620d591ee21db678fd5d8d1fe2f7bbb5f4fb6b2ecbe876a916d0a2ec1d0467fb9b4800ea95d5fe90a7419318ea3f99bd882ec4aeda7b047e966f574bb3caebfd7301d0f3c5e52d032848cae6c43abc392ada2f80ea632ef7c716dc8aab488bf2b2bf628c656fc27c689fdd4f2608aa0590a4ad52340c21192d4903742098a01b843fa5f35c6c53beef697efd0651de66cb0a617ba4d6657b1d4bda8d9f90ff052536ab43905091a0d2f100af439407b2267a206942fa07374cbe2f21dd2287166a2c352f76aa565c1ea7f348f1afa3ebbb4b0d4bbb30addd941df03ee3cb1ac24280888ae338d6ea19986673a9125bf4cf0f854c3304525d5152a708459dbe2ca8bbedaa418c8b1a6841749c43f2ca7bdb24234de74503a05f43f8015743a5778c96b3d5b75ffd64a8c11faa22f62ec2c13a7dcd3cf317365037c972cb0f4364deefcdfde0a235f5540dc8d84d8c060d4ee37645f4333d8f06061d77e9b486765a7aa3ba9cbeb96cd9b03987d05f0bffb047418e92c940cfac0ed5ba15e4d8e8e24d57ef46aa61d5051f8269a16716192cedad7d851a1ab5e8b869e2997c87d591bb9b707e20222b56317da9b5fee54132328830f9ce9fddce363c32651331ede873ace009decb96b25fb3eb217e3d015fe40bdf8d087c6ae2c2610099d87fbe6fae3129f6952ff8cd90f3cfbb962cb10428dee12bcc2c5fbc31f31d55f5774418068e78ce07c450d54e918a7df804e47536f54d368d5d2fbb920460bfb64ed5e759855e175107d01aecc882daa53d70790f2f74a3e02f03198f24d87aa90b08cfab379b750a59800971c598239da18c9cc8a9bb00757146c1a3b4d2ec6705780aa8025853aabc2adc9326006f957a7b61c5997fa30367c04d8c9c468c384a9747c131e7548159f8014f27bfe9bf925107b6ec326a5b18f8446c6b36248d54891afdd17352a21d42fea3af3e1d55b5b2bfb14c75d3ad27f94222cc28e241f1a7f094beed90cc4b087d9b85523b0f28c28295c5d0ec3ae7f8efb5d3d473d189b13105d7583bd0b"})
getsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f00000021c0)={@remote, <r7=>0x0}, &(0x7f0000002200)=0x14)
sendto$packet(r3, &(0x7f0000000dc0)="119d5f05c003d44982e8350aa9b41f7bf7c6f31bd6d0f40bcd136b16da79dce387fd172c53f111ef4707ebcf51e7f10ba566bf78cd96bd7aeeb060063a1fa10e4a5309ec53eabee1b1bbc4df5678001019a02ad7aca38ab8ff2ddfad6adca0844f77a9fd757bae2b07a1b35d1ba5a388a72eb479b9fe988464008c5a6d2d0ac2de5e99d675b0b7ec4947d441", 0x8c, 0x800, &(0x7f0000002240)={0x11, 0x1f, r7, 0x1, 0x5}, 0x14)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000002280)=<r8=>0x0)
fcntl$setown(r2, 0x8, r8)
ioctl$EVIOCGPHYS(r3, 0x80404507, &(0x7f00000022c0)=""/255)
prctl$PR_CAP_AMBIENT(0x2f, 0x6, 0x21)
r9 = add_key$keyring(&(0x7f00000023c0)='keyring\x00', &(0x7f0000002400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$clear(0x7, r9)
open(&(0x7f0000002440)='./file0\x00', 0x8000, 0x20)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2)

11:19:24 executing program 0:

11:19:24 executing program 5:
prctl$PR_GET_TSC(0x19, &(0x7f0000000000))
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000040))
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000100)={0x8001, 0x4, 0x80000000, 0x9}, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={<r1=>0xffffffffffffffff}, 0x117}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000140), 0x3, r1, 0x30, 0x1, @ib={0x1b, 0x3a964b0e, 0x7ff, {"d65d14dccb454a0ad84643b2b0a84bba"}, 0x8001, 0x100000001, 0xffffffff}}}, 0xa0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00')
ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f0000000300)=0x7)
shutdown(r0, 0x1)
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video37\x00', 0x2, 0x0)
setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000380), 0x4)
ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f00000003c0)=""/155)
r2 = getpgrp(0xffffffffffffffff)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000480)=<r3=>0x0)
setpgid(r2, r3)
openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/self/attr/exec\x00', 0x2, 0x0)
gettid()
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000500)={0x0, @speck128, 0x1, "f1b7d0a8537e2b8a"})
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000540)='/dev/video37\x00', 0x2, 0x0)
r4 = syz_open_dev$adsp(&(0x7f0000000580)='/dev/adsp#\x00', 0xfffffffffffffffb, 0x101100)
timer_create(0x6, &(0x7f00000005c0)={0x0, 0x39, 0x0, @tid=r2}, &(0x7f0000000600))
ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000640))
ioctl$KDSETMODE(r4, 0x4b3a, 0x2dbb)
fsetxattr$security_smack_entry(r4, &(0x7f0000000680)='security.SMACK64IPOUT\x00', &(0x7f00000006c0)='.eth1locpuset\x00', 0xe, 0x0)
perf_event_open(&(0x7f0000000740)={0x0, 0x70, 0x7, 0xffffffffffff0000, 0x72c4, 0x2ba, 0x0, 0x0, 0x4020, 0x4, 0xf026, 0x80000000, 0x100000001, 0x1397, 0xfff, 0x3, 0x9, 0x1ff, 0x800, 0x5, 0x81, 0x9, 0x2, 0x10001, 0x1, 0x1, 0x0, 0x9, 0x9, 0x8, 0xd7e, 0xff, 0x7, 0x35e9e3ec, 0x200, 0x4ad3, 0xff, 0x3, 0x0, 0x8000000000000, 0x0, @perf_bp={&(0x7f0000000700), 0x8}, 0x2000, 0x5, 0x3ff, 0x7, 0x987, 0x1, 0x5}, r3, 0xffffffffffffffff, r0, 0x8)
syz_genetlink_get_family_id$tipc(&(0x7f00000007c0)='TIPC\x00')
ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000800)=0x2)
getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000840)={{{@in=@multicast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6}, 0x0, @in=@local}}, &(0x7f0000000940)=0xe8)
fstat(r0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000a00)={0xa0, 0x0, 0x4, {{0x6, 0x3, 0x0, 0x1, 0x0, 0x3, {0x5, 0x8, 0x4, 0x101, 0x7, 0x400, 0x2, 0x100, 0xfffffffffffff448, 0x4, 0x10001, r5, r6, 0x0, 0x80}}, {0x0, 0x2}}}, 0xa0)

11:19:24 executing program 2:

11:19:25 executing program 1:

11:19:25 executing program 2:

11:19:25 executing program 0:

11:19:25 executing program 3:

11:19:25 executing program 1:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x1800000000000000, 0x54, 0x0, &(0x7f0000000440)="b90703e6681b00000000000000ead5dc57ee41dea43e63a377fb8a977c3f1d1700040000d80648a2ac141411e0000001e1977d486a72d7363417ef6c909047dc183aea9747b34b3cbaa8ad830be27f3c1c54e771", 0x0, 0x100}, 0x28)

11:19:25 executing program 2:
socketpair$unix(0x1, 0x100000000001, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@updpolicy={0xb8, 0x19, 0x523, 0x0, 0x0, {{@in=@multicast2, @in6, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0)

11:19:25 executing program 3:
r0 = syz_open_dev$dri(&(0x7f0000000200)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000240))

11:19:25 executing program 0:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20, &(0x7f00000001c0)=ANY=[@ANYBLOB=',defcontext=u'])

[  216.790750] IPVS: ftp: loaded support on port[0] = 21
[  216.824964] IPVS: ftp: loaded support on port[0] = 21
[  218.042460] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.049043] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.057041] device bridge_slave_0 entered promiscuous mode
[  218.071266] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.077854] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.086049] device bridge_slave_0 entered promiscuous mode
[  218.130479] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.137178] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.145340] device bridge_slave_1 entered promiscuous mode
[  218.158608] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.165298] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.173651] device bridge_slave_1 entered promiscuous mode
[  218.218192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  218.250286] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  218.289303] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  218.324216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  218.511874] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  218.550716] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  218.590094] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  218.628500] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  218.702635] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  218.709688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  218.738587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  218.745758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  218.785137] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  218.792302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  218.970508] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  218.979038] team0: Port device team_slave_0 added
[  219.016903] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  219.025221] team0: Port device team_slave_0 added
[  219.050973] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  219.059428] team0: Port device team_slave_1 added
[  219.100044] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  219.109473] team0: Port device team_slave_1 added
[  219.135150] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  219.183271] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  219.216013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  219.260650] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  219.293978] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  219.301728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  219.310600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  219.336469] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  219.344238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  219.353255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  219.387856] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  219.395556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  219.404619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  219.428334] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  219.436013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  219.445043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  220.237740] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.244347] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.251393] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.258036] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.266199] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  220.278981] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.285560] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.292700] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.299206] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.308038] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  220.712693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  220.720705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  223.242034] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.345931] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.513143] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  223.622995] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  223.789783] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  223.796351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  223.804341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  223.894740] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  223.901123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  223.909102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  224.093546] 8021q: adding VLAN 0 to HW filter on device team0
[  224.202269] 8021q: adding VLAN 0 to HW filter on device team0
11:19:35 executing program 4:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0)
mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x0, 0xffffffffffffffff)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})

11:19:35 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00')
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x7a4a8d2032bd5179, 0x0, 0x0, {{}, 0x0, 0xffff800b}}, 0x1c}}, 0x0)

11:19:35 executing program 3:
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
creat(0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x0)
fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
seccomp(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xfffffdff}]})
syz_execute_func(&(0x7f0000000140)="cd8075fcb0b06969ef69dc00d9c4017d50fe8adcd0d01192000880410fd1b0b5d90000797c2a0f0fcdc4e3a95fd965eae23c3b4d4d408064797f41dfdf400f01efe5e59d7d2f2f1c0a1a63460fc4c161fccddfde9f")
write$apparmor_exec(r0, 0x0, 0x0)
syz_execute_func(&(0x7f0000000140)="cd80c20000b0b06969ef69dc00d9c4017d50ee8adcd0d01192000880410fd1b02db5d90000007cc4c4e3a95fd965ea262e410f0ff5bb408064797f41dfdf400e01efc4a1fd28d29d7d2f67450f483b1c0a1a63460fc4c161fc4d96040476789f")
shutdown(0xffffffffffffffff, 0x0)

11:19:35 executing program 2:
sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8000009)
perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = getpgrp(0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
capget(&(0x7f00000001c0)={0x20080522, r3}, &(0x7f0000000200)={0x9, 0x81, 0xffffffff, 0x6, 0x3ff, 0x8001})
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
r6 = dup(r5)
fsync(r2)
ioctl$ASHMEM_SET_PROT_MASK(r6, 0x40087705, &(0x7f0000000280)={0x100000000})
fcntl$lock(r1, 0x7, &(0x7f0000000340)={0x800000001, 0x0, 0x5, 0xffffffff80000000, r3})
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f00000000c0)='syzkaller1\x00', 0x10)
io_setup(0x20, &(0x7f0000000300)=<r7=>0x0)
io_cancel(r7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x8, 0x423, r6, &(0x7f00000005c0)="f2f42245d196f91a48f2b821d3442e277a43f0ca0ad8ed1b65a81f934bc9a4fdca52f744ec264514eba836b2ca9b2e580d83a0ab4e20c5f62b71ca27af042df6ea32e6c5c9369755e64b56aec0188ec11bcea89595863c737ff8c0f248ad0d9201ff46962f0087fc1990817fdbaf8c2d3ca9a833872d38e2a9005b2e2903904e622869", 0x83, 0xf, 0x0, 0x0, r6}, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4)
bind$inet6(r5, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00')
sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f0000000680)={&(0x7f0000000380), 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x2c, r8, 0x10, 0x70bd29, 0x101, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @l2={'eth', 0x3a, 'bpq0\x00'}}}, [""]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
io_submit(r7, 0x1, &(0x7f0000001900)=[&(0x7f00000018c0)={0x0, 0x0, 0x0, 0xf, 0x4, r0, &(0x7f0000001800)="0f02dde35a800f16c89531511c2988a61a6d42d0b0a678f00ff5e6c7c09334c4e18f2f37dc84b7aa29dc704109df6d7c60fb6b1db6e6a3c053b87ff71a376b022c0272c3dd68564413e9d29a34078f918ed81d00f6a836db0ceb252568f1392e2449a93807f4fae650ddf8530dee54a0e26074441e0b63f23f5d039dba88177dd56fe616d4290f20c7b444", 0x8b, 0x5, 0x0, 0x1, 0xffffffffffffff9c}])
setsockopt$sock_int(r5, 0x1, 0x2f, &(0x7f0000000240)=0x80000200, 0x2e5)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
r9 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0)
ftruncate(r9, 0x2007fff)
sendfile(r6, r9, &(0x7f0000d83ff8), 0x8000fffffffe)

11:19:35 executing program 0:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1a)
ptrace$cont(0x18, r0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xa7})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x1f, r0, 0x0, 0x0)

11:19:35 executing program 5:
socketpair$unix(0x1, 0x4000000003, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000002c0)=0x3)
ioctl$KVM_RUN(r3, 0x8004ae98, 0x710000)

11:19:35 executing program 0:
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced423)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
lseek(r0, 0x0, 0x0)
write$P9_RLOCK(r0, 0x0, 0xfffffffffffffe63)

[  226.745978] ptrace attach of "/root/syz-executor0"[8102] was attempted by "/root/syz-executor0"[8104]
[  226.826172] kauditd_printk_skb: 3 callbacks suppressed
[  226.826196] audit: type=1326 audit(1544872775.874:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8106 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ba code=0xffff0000
[  226.880314] ==================================================================
[  226.887741] BUG: KMSAN: uninit-value in tipc_nl_compat_doit+0x5bf/0xb00
[  226.894493] CPU: 0 PID: 8110 Comm: syz-executor1 Not tainted 4.20.0-rc5+ #2
[  226.901581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  226.910931] Call Trace:
[  226.913523]  dump_stack+0x1c9/0x220
[  226.917153]  kmsan_report+0x12d/0x290
[  226.920955]  __msan_warning+0x76/0xc0
[  226.924757]  tipc_nl_compat_doit+0x5bf/0xb00
[  226.929174]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  226.934652]  tipc_nl_compat_recv+0x14d7/0x2760
[  226.939247]  ? tipc_nl_net_dump+0xc30/0xc30
[  226.943565]  ? tipc_nl_compat_node_dump+0x5b0/0x5b0
[  226.948578]  ? tipc_netlink_compat_stop+0x40/0x40
[  226.953435]  genl_rcv_msg+0x185f/0x1a60
[  226.957429]  ? __msan_poison_alloca+0x1e0/0x270
[  226.962113]  netlink_rcv_skb+0x444/0x640
[  226.966172]  ? genl_unbind+0x390/0x390
[  226.970065]  genl_rcv+0x63/0x80
[  226.973361]  netlink_unicast+0xf80/0x1060
[  226.977521]  netlink_sendmsg+0x129d/0x1310
[  226.981768]  ___sys_sendmsg+0xdbc/0x11d0
[  226.985832]  ? netlink_getsockopt+0x15f0/0x15f0
[  226.990504]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  226.995874]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  227.001234]  ? __fget_light+0x714/0x780
[  227.005223]  __se_sys_sendmsg+0x305/0x460
[  227.009391]  __x64_sys_sendmsg+0x4a/0x70
[  227.013451]  do_syscall_64+0xcd/0x110
[  227.017255]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  227.022440] RIP: 0033:0x457659
[  227.025629] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  227.044528] RSP: 002b:00007f3c25d6ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  227.052231] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659
[  227.059497] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  227.066761] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  227.074037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c25d6f6d4
[  227.081302] R13: 00000000004ca6a0 R14: 00000000004d7028 R15: 00000000ffffffff
[  227.088573] 
[  227.090189] Uninit was created at:
[  227.093729]  kmsan_internal_poison_shadow+0x92/0x150
[  227.098826]  kmsan_kmalloc+0xa1/0x100
[  227.103153]  kmsan_slab_alloc+0xe/0x10
[  227.107041]  __kmalloc_node_track_caller+0xf06/0x1120
[  227.112226]  __alloc_skb+0x318/0xa40
[  227.115937]  netlink_sendmsg+0xba0/0x1310
[  227.120086]  ___sys_sendmsg+0xdbc/0x11d0
[  227.124139]  __se_sys_sendmsg+0x305/0x460
[  227.128283]  __x64_sys_sendmsg+0x4a/0x70
[  227.132336]  do_syscall_64+0xcd/0x110
[  227.136131]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  227.141309] ==================================================================
[  227.148654] Disabling lock debugging due to kernel taint
[  227.154102] Kernel panic - not syncing: panic_on_warn set ...
[  227.159988] CPU: 0 PID: 8110 Comm: syz-executor1 Tainted: G    B             4.20.0-rc5+ #2
[  227.168464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  227.177823] Call Trace:
[  227.180413]  dump_stack+0x1c9/0x220
[  227.184041]  panic+0x3f0/0x98f
[  227.187253]  kmsan_report+0x290/0x290
[  227.191056]  __msan_warning+0x76/0xc0
[  227.194860]  tipc_nl_compat_doit+0x5bf/0xb00
[  227.199272]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  227.204753]  tipc_nl_compat_recv+0x14d7/0x2760
[  227.209342]  ? tipc_nl_net_dump+0xc30/0xc30
[  227.213661]  ? tipc_nl_compat_node_dump+0x5b0/0x5b0
[  227.218676]  ? tipc_netlink_compat_stop+0x40/0x40
[  227.223513]  genl_rcv_msg+0x185f/0x1a60
[  227.227499]  ? __msan_poison_alloca+0x1e0/0x270
[  227.232180]  netlink_rcv_skb+0x444/0x640
[  227.236261]  ? genl_unbind+0x390/0x390
[  227.240156]  genl_rcv+0x63/0x80
[  227.243433]  netlink_unicast+0xf80/0x1060
[  227.247593]  netlink_sendmsg+0x129d/0x1310
[  227.251843]  ___sys_sendmsg+0xdbc/0x11d0
[  227.255906]  ? netlink_getsockopt+0x15f0/0x15f0
[  227.260577]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  227.265942]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  227.271746]  ? __fget_light+0x714/0x780
[  227.275731]  __se_sys_sendmsg+0x305/0x460
[  227.279892]  __x64_sys_sendmsg+0x4a/0x70
[  227.283947]  do_syscall_64+0xcd/0x110
[  227.287744]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  227.292929] RIP: 0033:0x457659
[  227.296116] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  227.315009] RSP: 002b:00007f3c25d6ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  227.322730] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659
[  227.329992] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  227.337254] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  227.344514] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c25d6f6d4
[  227.351773] R13: 00000000004ca6a0 R14: 00000000004d7028 R15: 00000000ffffffff
[  227.360130] Kernel Offset: disabled
[  227.363754] Rebooting in 86400 seconds..