[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 45.067040] audit: type=1800 audit(1544872594.114:25): pid=6270 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 45.086052] audit: type=1800 audit(1544872594.124:26): pid=6270 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 45.105784] audit: type=1800 audit(1544872594.134:27): pid=6270 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 50.315981] sshd (6408) used greatest stack depth: 53688 bytes left Warning: Permanently added '10.128.0.70' (ECDSA) to the list of known hosts. 2018/12/15 11:16:48 fuzzer started 2018/12/15 11:16:52 dialing manager at 10.128.0.26:37229 2018/12/15 11:16:52 syscalls: 1 2018/12/15 11:16:52 code coverage: enabled 2018/12/15 11:16:52 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/15 11:16:52 setuid sandbox: enabled 2018/12/15 11:16:52 namespace sandbox: enabled 2018/12/15 11:16:52 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/15 11:16:52 fault injection: enabled 2018/12/15 11:16:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/15 11:16:52 net packet injection: enabled 2018/12/15 11:16:52 net device setup: enabled 11:18:55 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sched_setaffinity(0x0, 0x3, &(0x7f0000000680)) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$admmidi(0x0, 0x8, 0x0) rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) add_key$keyring(&(0x7f0000000140)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) dup2(r1, r0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x100, 0x0) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000400)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) msgget(0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, 0x0, 0x0) [ 186.977133] IPVS: ftp: loaded support on port[0] = 21 [ 188.199828] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.206470] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.214648] device bridge_slave_0 entered promiscuous mode [ 188.289827] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.296431] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.304599] device bridge_slave_1 entered promiscuous mode [ 188.377329] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.450281] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.675842] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.753112] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.898131] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.905342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.133405] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.141782] team0: Port device team_slave_0 added [ 189.215405] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.223634] team0: Port device team_slave_1 added [ 189.298602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.378787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.457337] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.465051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.474078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.550720] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.558414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.567808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 11:18:59 executing program 1: socketpair$unix(0x1, 0x8000000000002, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000084) bind$inet6(r1, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r1, 0xffbd) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000000100)='F', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0xf4010000, 0x0, 0x0, 0x0, 0x0, 0x8dffffff00000000]}}}, 0x7, 0x0, 0x0, 0x107, 0x24}, 0x98) [ 190.454463] IPVS: ftp: loaded support on port[0] = 21 [ 190.756919] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.763510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.770574] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.777167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.786036] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 190.862164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.225994] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.232632] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.240771] device bridge_slave_0 entered promiscuous mode [ 192.331187] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.337801] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.345965] device bridge_slave_1 entered promiscuous mode [ 192.474144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 192.617823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 192.960683] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.119018] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.229151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 193.236326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.366650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 193.373768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.776571] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 193.785008] team0: Port device team_slave_0 added [ 193.953131] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 193.961599] team0: Port device team_slave_1 added [ 194.049839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 194.057007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.065844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.145413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 194.152554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.161302] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.238105] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 194.245872] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.254900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.333272] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 194.340900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.349916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 11:19:03 executing program 2: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$update(0x2, r0, &(0x7f0000000440)="c0ca1cdbaa1aedbbed80dddaa28e15b9449e2e82cca4244c40ffd0fd4e6631c7d3d86e1339de17344340b02dd527f2d8b3ae6c1db3594e657da33c3ec668f143974a65753472df5319a6b83e1e86b8f2666c61a2e700d1c1e0ae1fc52494bd4885a5c64e9007d39fa11313805290dd6342f9775f01a02ec88f6bee22f25a377a9b143abba1264586d2779088006d5f9be82b00f10287031623f73470264cc5897f18f357aad6deb3883da88ae2266664933785a3ce72bb224a441437ea93c217", 0xc0) r2 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x100, 0x0) ioctl$VIDIOC_G_AUDIO(r2, 0x80345621, 0x0) r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x9a, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r3, r0, r3}, &(0x7f00000009c0)=""/240, 0x75c, 0x0) dup2(r1, 0xffffffffffffffff) ioctl$DRM_IOCTL_ADD_BUFS(0xffffffffffffffff, 0xc0206416, 0x0) [ 195.364351] IPVS: ftp: loaded support on port[0] = 21 [ 195.898071] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.904670] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.911814] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.918344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.927191] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 195.934132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.268348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.887041] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.497815] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.504301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.512431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.906948] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.913592] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.921808] device bridge_slave_0 entered promiscuous mode [ 197.951382] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.126070] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.132725] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.140481] device bridge_slave_1 entered promiscuous mode [ 198.368937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 198.503741] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 198.988296] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.123679] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.236738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 199.244351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.426562] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.433706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.892640] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.900971] team0: Port device team_slave_0 added [ 200.005774] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.014707] team0: Port device team_slave_1 added [ 200.112925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.119935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.128740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.205410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.212637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.221326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.319749] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 200.327592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.336593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.510646] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 200.518350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.527613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 11:19:10 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r2, 0xc208ae62, 0x0) 11:19:10 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000440)={0x0, 0x6, 0x80000000}, &(0x7f0000000480)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000280)={r1, 0x290, 0x7fffffff, 0x9}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sched_setaffinity(0x0, 0x3, &(0x7f0000000680)=0x5) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, 0x0, 0x0) clone(0x2902001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$admmidi(&(0x7f00000003c0)='/dev/admmidi#\x00', 0x0, 0x408800) rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) r3 = getpid() setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000380), 0x4) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x7) ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f00000001c0)={0x0, {0x0, 0x0, 0x0, 0x0, 0x76a, 0x4}}) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305616, 0x0) rt_tgsigqueueinfo(r3, r3, 0x16, &(0x7f00000000c0)) msgget(0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ptrace(0x10, r3) ppoll(&(0x7f0000000240)=[{0xffffffffffffffff, 0x700}], 0x1, &(0x7f00000002c0), &(0x7f0000000300)={0xf1}, 0x8) ptrace$pokeuser(0x6, r3, 0x388, 0x3ff) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0) [ 201.495973] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 11:19:10 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x236, 0x0, 0x0, 0x105) 11:19:11 executing program 0: r0 = userfaultfd(0x800) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$RDS_GET_MR(r1, 0x114, 0x2, &(0x7f0000000240)={{&(0x7f0000000180)=""/116, 0x74}, &(0x7f0000000080), 0x10}, 0x20) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) unshare(0x600) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x8}, &(0x7f0000000200), &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) [ 202.293971] IPVS: ftp: loaded support on port[0] = 21 [ 202.308695] 8021q: adding VLAN 0 to HW filter on device bond0 11:19:11 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) r1 = accept(r0, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, &(0x7f0000000040)=0x80) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e22, 0x6, @remote, 0xff}, @in={0x2, 0x4e22, @remote}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e22, 0x2, @local, 0x9e6}, @in6={0xa, 0x4e20, 0xfb, @dev={0xfe, 0x80, [], 0x1d}, 0xa3c1}, @in6={0xa, 0x4e23, 0x2d, @dev={0xfe, 0x80, [], 0x16}, 0x2}], 0x90) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020300030b0000000000000000000000010009000000000003000600000000007e7f8f7316561bd3000000000000000002000100000000000000000b00000000030005000000000002000000e00000010000000000000000"], 0x58}}, 0x0) [ 202.521222] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.527927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.535147] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.541735] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.550576] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 202.557260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 11:19:11 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1400}, 0xc, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="28010000170001040000000000000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000ff0100000000000000000000000000010000000000000000000000000000000100000000000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000fe8000000000000000000000000000aa00000000000000000a000000000000007c9cd9d6f8b96a92473273f74ecd9de98597c5c9062c940b7a32bee93e7f053df0d396bd5727480d61dec3a74c953a87dccb6a7a2b79725fe742a2cd", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bb6b6e00000000000000000000000000000000000000000000000000"], 0x128}}, 0x0) 11:19:11 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x802, 0x0) socketpair$unix(0x1, 0x200002, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = accept4(r2, 0x0, &(0x7f0000000000), 0x80000) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000180)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000000640)={'syz0\x00', {}, 0x0, [], [], [0x7]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) dup2(r3, r1) write$uinput_user_dev(r0, &(0x7f00000001c0)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) [ 202.887179] input: syz0 as /devices/virtual/input/input5 [ 202.938362] input: syz0 as /devices/virtual/input/input6 [ 203.104457] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 11:19:12 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") socket$inet_smc(0x2b, 0x1, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x400000, 0x0) ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000080)=0x9) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000003c0)=@broute={'broute\x00', 0x20, 0x1, 0x150, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000240], 0x0, &(0x7f0000000000), &(0x7f0000000240)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x5, 0x0, 0x0, 'gre0\x00', 'ip6_vti0\x00', 'veth0_to_bridge\x00', 'vlan0\x00', @random="1d33f6472b92", [], @dev, [], 0xc0, 0x70, 0xc0}}, @common=@log={'log\x00', 0x28, {{0x0, "374782f512978fab81e27b6afb2bc3f091eed8f10145d9ca48157c7dbbda"}}}}]}]}, 0x1c8) [ 203.274113] kernel msg: ebtables bug: please report to author: entry offsets not in right order [ 203.305642] kernel msg: ebtables bug: please report to author: entry offsets not in right order 11:19:12 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNGETIFF(r0, 0x800454dd, &(0x7f0000000080)) 11:19:12 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000240)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585605, &(0x7f0000000180)={0x0, 0x0, {0x0, 0x0, 0x100000000003007}}) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7fffffff, 0x400000) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x40, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000280)={r3, @in6={{0xa, 0x4e20, 0x7, @mcast1, 0x7}}}, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={0x0, 0x0, 0xf4}, &(0x7f0000000080)=0x8) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={&(0x7f0000000380)=[0xfffffffffffffffd, 0x2, 0x401, 0x5], 0x4, 0x0, 0xffc2, 0x9, 0x3a, 0x474, {0x1, 0x9, 0x6112, 0x8, 0x5, 0x5, 0x9, 0xd00e, 0x6, 0xcd21, 0x12, 0x800, 0x5, 0x2, "1c1353f3d0a163d815fd95953cf6ae0b355ea7399a835008238a84f016ea0aaf"}}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r4, 0x5}, &(0x7f0000000100)=0x8) [ 203.814569] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 203.822545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.830357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.533120] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.578161] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.584781] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.592853] device bridge_slave_0 entered promiscuous mode [ 205.754689] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.761197] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.769388] device bridge_slave_1 entered promiscuous mode [ 205.880275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 206.030619] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 206.499820] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 206.659465] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 206.978202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 206.985391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.353026] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 207.361297] team0: Port device team_slave_0 added [ 207.520676] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 207.528876] team0: Port device team_slave_1 added [ 207.614127] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.773865] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.943205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 207.950690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.959744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.161792] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 208.169405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.178464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.263864] sctp: failed to load transform for md5: -2 11:19:17 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xa) r1 = socket(0x40000000015, 0x805, 0x0) getsockopt$inet_dccp_buf(r1, 0x21, 0xd, &(0x7f0000000000)=""/112, &(0x7f00000000c0)=0xd7) getsockopt(r1, 0x114, 0x0, 0x0, 0xfffffffffffffffd) [ 209.328306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.599803] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.606418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.613543] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.620474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.629258] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 209.636302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.929436] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 210.449140] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 210.455671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.463599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.988435] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.003457] 8021q: adding VLAN 0 to HW filter on device bond0 11:19:23 executing program 2: socketpair$unix(0x1, 0x8000000000002, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setgroups(0x0, 0x0) getgroups(0x1, &(0x7f00000002c0)=[0x0]) 11:19:23 executing program 0: capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000240)) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) r0 = gettid() syz_open_procfs(r0, &(0x7f0000000100)="73656367726fea7a7300") [ 214.094901] capability: warning: `syz-executor0' uses deprecated v2 capabilities in a way that may be insecure [ 214.304263] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 214.466384] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 214.472917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.480490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.644274] 8021q: adding VLAN 0 to HW filter on device team0 11:19:24 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000440)={0x0, 0x6, 0x80000000}, &(0x7f0000000480)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000280)={r1, 0x290, 0x7fffffff, 0x9}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sched_setaffinity(0x0, 0x3, &(0x7f0000000680)=0x5) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, 0x0, 0x0) clone(0x2902001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$admmidi(&(0x7f00000003c0)='/dev/admmidi#\x00', 0x0, 0x408800) rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) r3 = getpid() setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000380), 0x4) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x7) ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f00000001c0)={0x0, {0x0, 0x0, 0x0, 0x0, 0x76a, 0x4}}) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305616, 0x0) rt_tgsigqueueinfo(r3, r3, 0x16, &(0x7f00000000c0)) msgget(0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ptrace(0x10, r3) ppoll(&(0x7f0000000240)=[{0xffffffffffffffff, 0x700}], 0x1, &(0x7f00000002c0), &(0x7f0000000300)={0xf1}, 0x8) ptrace$pokeuser(0x6, r3, 0x388, 0x3ff) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0) 11:19:24 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockname$packet(0xffffffffffffff9c, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000001c0)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@broadcast}}, &(0x7f0000000080)=0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in=@loopback, 0x4e20, 0x0, 0x4e24, 0x800, 0xa, 0xa0, 0x80, 0x16, r2, r3}, {0x1, 0x5510, 0x4, 0x4, 0xfff, 0xfb9, 0x40, 0x9}, {0x80000000, 0x1, 0x8, 0xff}, 0x3f, 0x0, 0x3, 0x1, 0x1, 0x3}, {{@in6=@ipv4={[], [], @remote}, 0x4d6, 0x32}, 0x2, @in=@loopback, 0x3500, 0x2, 0x3, 0x7, 0x0, 0x4, 0x6}}, 0xe8) setsockopt$inet6_int(r1, 0x29, 0xd1, &(0x7f0000000180)=0x3c, 0x4) ioctl$sock_ifreq(r1, 0x89bf, 0x0) 11:19:24 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x80000001, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000240)={0xffffffffffffffff}, 0x13f, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000002c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000040), r1}}, 0x18) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000300)={0x1a, 0x7, 0x1, {{0xd, '/dev/usbmon#\x00'}, 0x10000}}, 0x1a) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) exit(0x8001) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rfkill\x00', 0x200000, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x4e22, 0x5}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xb}}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x16}}], 0x6c) write$FUSE_GETXATTR(r0, &(0x7f0000000400)={0x18, 0x0, 0x8, {0x8000}}, 0x18) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000440)="3d6e57355292c8f04e4a15fc680a71de05506991d45bbe70863a04b10d6d6a979c94f2ba", &(0x7f0000000480)="de7fb7ae9379b520d56d1207d156cd8524df952f755db6a4fb09337a126ec079e7da8b60b94fb8a421e4ab8c5a93149eee25d7ac4c092c102fa591237d7d44355f3a9d83cb64", 0x2}, 0x20) write$P9_RLERRORu(r0, &(0x7f0000000540)={0x13, 0x7, 0x1, {{0x6, 'md5sum'}, 0x1ff}}, 0x13) ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000580)) getsockopt$inet_sctp_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f0000000680)={0x0, 0x57, 0x8, 0x101, 0x2, 0x6, 0x44, 0x8, {0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}, 0x632, 0x2, 0x7fffffff, 0x6, 0x401}}, &(0x7f0000000740)=0xb0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000780)={r5, 0x5}, 0x8) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000800)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r3, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x808}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x34, r6, 0x2, 0x70bd28, 0x25dfdbfb, {{}, 0x0, 0x4102, 0x0, {0x18, 0x13, @l2={'ib', 0x3a, 'veth1_to_team\x00'}}}, ["", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x8800}, 0x1) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000900)={r4, 0x7, 0x7, 0x5, 0xb2, 0xb6}, 0x14) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000940)='trusted.overlay.origin\x00', &(0x7f0000000980)='y\x00', 0x2, 0x1) ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f00000009c0)={"7baf0e5775970f1d84b2151706475007d586202ddc4ad02f04bba114fd99b0bd4464de1e912ab45b3b373bd94922c1653e0fd3f9635ecd6cec04eecacb331f47655a3fbf239562d368d6911597dc791cdbe5239d8f063ac7626073af0910ef28b5bc5eb1431df286f44523d1d5185a62e3f4c2d634b31c5cf9dd6264d22bf908bc19f7b02f5cc0f910a8a4979dfaa6d91d21496b3b91d50d6c01a73f2e61caae9ef5aeffce5cf7ca2519641d64e5890e8f388d2285aa6d24c54e813478ee371c4c00e77ed4ee365a26736588e396f8c3bc0949129c2ec13724c1b6b7e513ad979c2cc7a8d748ad94df9cb018288c0ce28df15b4d653b8c08604d9fcea0d1db7cd5678d3218ddea0c2923937f9b9ed1294cf10dc5fb71a142979620d591ee21db678fd5d8d1fe2f7bbb5f4fb6b2ecbe876a916d0a2ec1d0467fb9b4800ea95d5fe90a7419318ea3f99bd882ec4aeda7b047e966f574bb3caebfd7301d0f3c5e52d032848cae6c43abc392ada2f80ea632ef7c716dc8aab488bf2b2bf628c656fc27c689fdd4f2608aa0590a4ad52340c21192d4903742098a01b843fa5f35c6c53beef697efd0651de66cb0a617ba4d6657b1d4bda8d9f90ff052536ab43905091a0d2f100af439407b2267a206942fa07374cbe2f21dd2287166a2c352f76aa565c1ea7f348f1afa3ebbb4b0d4bbb30addd941df03ee3cb1ac24280888ae338d6ea19986673a9125bf4cf0f854c3304525d5152a708459dbe2ca8bbedaa418c8b1a6841749c43f2ca7bdb24234de74503a05f43f8015743a5778c96b3d5b75ffd64a8c11faa22f62ec2c13a7dcd3cf317365037c972cb0f4364deefcdfde0a235f5540dc8d84d8c060d4ee37645f4333d8f06061d77e9b486765a7aa3ba9cbeb96cd9b03987d05f0bffb047418e92c940cfac0ed5ba15e4d8e8e24d57ef46aa61d5051f8269a16716192cedad7d851a1ab5e8b869e2997c87d591bb9b707e20222b56317da9b5fee54132328830f9ce9fddce363c32651331ede873ace009decb96b25fb3eb217e3d015fe40bdf8d087c6ae2c2610099d87fbe6fae3129f6952ff8cd90f3cfbb962cb10428dee12bcc2c5fbc31f31d55f5774418068e78ce07c450d54e918a7df804e47536f54d368d5d2fbb920460bfb64ed5e759855e175107d01aecc882daa53d70790f2f74a3e02f03198f24d87aa90b08cfab379b750a59800971c598239da18c9cc8a9bb00757146c1a3b4d2ec6705780aa8025853aabc2adc9326006f957a7b61c5997fa30367c04d8c9c468c384a9747c131e7548159f8014f27bfe9bf925107b6ec326a5b18f8446c6b36248d54891afdd17352a21d42fea3af3e1d55b5b2bfb14c75d3ad27f94222cc28e241f1a7f094beed90cc4b087d9b85523b0f28c28295c5d0ec3ae7f8efb5d3d473d189b13105d7583bd0b"}) getsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f00000021c0)={@remote, 0x0}, &(0x7f0000002200)=0x14) sendto$packet(r3, &(0x7f0000000dc0)="119d5f05c003d44982e8350aa9b41f7bf7c6f31bd6d0f40bcd136b16da79dce387fd172c53f111ef4707ebcf51e7f10ba566bf78cd96bd7aeeb060063a1fa10e4a5309ec53eabee1b1bbc4df5678001019a02ad7aca38ab8ff2ddfad6adca0844f77a9fd757bae2b07a1b35d1ba5a388a72eb479b9fe988464008c5a6d2d0ac2de5e99d675b0b7ec4947d441", 0x8c, 0x800, &(0x7f0000002240)={0x11, 0x1f, r7, 0x1, 0x5}, 0x14) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000002280)=0x0) fcntl$setown(r2, 0x8, r8) ioctl$EVIOCGPHYS(r3, 0x80404507, &(0x7f00000022c0)=""/255) prctl$PR_CAP_AMBIENT(0x2f, 0x6, 0x21) r9 = add_key$keyring(&(0x7f00000023c0)='keyring\x00', &(0x7f0000002400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$clear(0x7, r9) open(&(0x7f0000002440)='./file0\x00', 0x8000, 0x20) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2) 11:19:24 executing program 0: 11:19:24 executing program 5: prctl$PR_GET_TSC(0x19, &(0x7f0000000000)) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000040)) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000100)={0x8001, 0x4, 0x80000000, 0x9}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={0xffffffffffffffff}, 0x117}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000140), 0x3, r1, 0x30, 0x1, @ib={0x1b, 0x3a964b0e, 0x7ff, {"d65d14dccb454a0ad84643b2b0a84bba"}, 0x8001, 0x100000001, 0xffffffff}}}, 0xa0) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f0000000300)=0x7) shutdown(r0, 0x1) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video37\x00', 0x2, 0x0) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000380), 0x4) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f00000003c0)=""/155) r2 = getpgrp(0xffffffffffffffff) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000480)=0x0) setpgid(r2, r3) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/self/attr/exec\x00', 0x2, 0x0) gettid() ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000500)={0x0, @speck128, 0x1, "f1b7d0a8537e2b8a"}) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000540)='/dev/video37\x00', 0x2, 0x0) r4 = syz_open_dev$adsp(&(0x7f0000000580)='/dev/adsp#\x00', 0xfffffffffffffffb, 0x101100) timer_create(0x6, &(0x7f00000005c0)={0x0, 0x39, 0x0, @tid=r2}, &(0x7f0000000600)) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000640)) ioctl$KDSETMODE(r4, 0x4b3a, 0x2dbb) fsetxattr$security_smack_entry(r4, &(0x7f0000000680)='security.SMACK64IPOUT\x00', &(0x7f00000006c0)='.eth1locpuset\x00', 0xe, 0x0) perf_event_open(&(0x7f0000000740)={0x0, 0x70, 0x7, 0xffffffffffff0000, 0x72c4, 0x2ba, 0x0, 0x0, 0x4020, 0x4, 0xf026, 0x80000000, 0x100000001, 0x1397, 0xfff, 0x3, 0x9, 0x1ff, 0x800, 0x5, 0x81, 0x9, 0x2, 0x10001, 0x1, 0x1, 0x0, 0x9, 0x9, 0x8, 0xd7e, 0xff, 0x7, 0x35e9e3ec, 0x200, 0x4ad3, 0xff, 0x3, 0x0, 0x8000000000000, 0x0, @perf_bp={&(0x7f0000000700), 0x8}, 0x2000, 0x5, 0x3ff, 0x7, 0x987, 0x1, 0x5}, r3, 0xffffffffffffffff, r0, 0x8) syz_genetlink_get_family_id$tipc(&(0x7f00000007c0)='TIPC\x00') ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000800)=0x2) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000840)={{{@in=@multicast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@local}}, &(0x7f0000000940)=0xe8) fstat(r0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000a00)={0xa0, 0x0, 0x4, {{0x6, 0x3, 0x0, 0x1, 0x0, 0x3, {0x5, 0x8, 0x4, 0x101, 0x7, 0x400, 0x2, 0x100, 0xfffffffffffff448, 0x4, 0x10001, r5, r6, 0x0, 0x80}}, {0x0, 0x2}}}, 0xa0) 11:19:24 executing program 2: 11:19:25 executing program 1: 11:19:25 executing program 2: 11:19:25 executing program 0: 11:19:25 executing program 3: 11:19:25 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x1800000000000000, 0x54, 0x0, &(0x7f0000000440)="b90703e6681b00000000000000ead5dc57ee41dea43e63a377fb8a977c3f1d1700040000d80648a2ac141411e0000001e1977d486a72d7363417ef6c909047dc183aea9747b34b3cbaa8ad830be27f3c1c54e771", 0x0, 0x100}, 0x28) 11:19:25 executing program 2: socketpair$unix(0x1, 0x100000000001, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@updpolicy={0xb8, 0x19, 0x523, 0x0, 0x0, {{@in=@multicast2, @in6, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) 11:19:25 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000200)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000240)) 11:19:25 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20, &(0x7f00000001c0)=ANY=[@ANYBLOB=',defcontext=u']) [ 216.790750] IPVS: ftp: loaded support on port[0] = 21 [ 216.824964] IPVS: ftp: loaded support on port[0] = 21 [ 218.042460] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.049043] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.057041] device bridge_slave_0 entered promiscuous mode [ 218.071266] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.077854] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.086049] device bridge_slave_0 entered promiscuous mode [ 218.130479] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.137178] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.145340] device bridge_slave_1 entered promiscuous mode [ 218.158608] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.165298] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.173651] device bridge_slave_1 entered promiscuous mode [ 218.218192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 218.250286] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 218.289303] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 218.324216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 218.511874] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 218.550716] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 218.590094] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 218.628500] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 218.702635] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 218.709688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.738587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.745758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.785137] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.792302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.970508] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.979038] team0: Port device team_slave_0 added [ 219.016903] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.025221] team0: Port device team_slave_0 added [ 219.050973] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.059428] team0: Port device team_slave_1 added [ 219.100044] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.109473] team0: Port device team_slave_1 added [ 219.135150] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.183271] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.216013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.260650] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.293978] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.301728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.310600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.336469] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.344238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.353255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.387856] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.395556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.404619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.428334] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.436013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.445043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.237740] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.244347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.251393] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.258036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.266199] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.278981] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.285560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.292700] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.299206] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.308038] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.712693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.720705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.242034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.345931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.513143] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 223.622995] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 223.789783] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 223.796351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.804341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.894740] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 223.901123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.909102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.093546] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.202269] 8021q: adding VLAN 0 to HW filter on device team0 11:19:35 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 11:19:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x7a4a8d2032bd5179, 0x0, 0x0, {{}, 0x0, 0xffff800b}}, 0x1c}}, 0x0) 11:19:35 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) creat(0x0, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) seccomp(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xfffffdff}]}) syz_execute_func(&(0x7f0000000140)="cd8075fcb0b06969ef69dc00d9c4017d50fe8adcd0d01192000880410fd1b0b5d90000797c2a0f0fcdc4e3a95fd965eae23c3b4d4d408064797f41dfdf400f01efe5e59d7d2f2f1c0a1a63460fc4c161fccddfde9f") write$apparmor_exec(r0, 0x0, 0x0) syz_execute_func(&(0x7f0000000140)="cd80c20000b0b06969ef69dc00d9c4017d50ee8adcd0d01192000880410fd1b02db5d90000007cc4c4e3a95fd965ea262e410f0ff5bb408064797f41dfdf400e01efc4a1fd28d29d7d2f67450f483b1c0a1a63460fc4c161fc4d96040476789f") shutdown(0xffffffffffffffff, 0x0) 11:19:35 executing program 2: sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8000009) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = getpgrp(0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) capget(&(0x7f00000001c0)={0x20080522, r3}, &(0x7f0000000200)={0x9, 0x81, 0xffffffff, 0x6, 0x3ff, 0x8001}) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = dup(r5) fsync(r2) ioctl$ASHMEM_SET_PROT_MASK(r6, 0x40087705, &(0x7f0000000280)={0x100000000}) fcntl$lock(r1, 0x7, &(0x7f0000000340)={0x800000001, 0x0, 0x5, 0xffffffff80000000, r3}) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f00000000c0)='syzkaller1\x00', 0x10) io_setup(0x20, &(0x7f0000000300)=0x0) io_cancel(r7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x8, 0x423, r6, &(0x7f00000005c0)="f2f42245d196f91a48f2b821d3442e277a43f0ca0ad8ed1b65a81f934bc9a4fdca52f744ec264514eba836b2ca9b2e580d83a0ab4e20c5f62b71ca27af042df6ea32e6c5c9369755e64b56aec0188ec11bcea89595863c737ff8c0f248ad0d9201ff46962f0087fc1990817fdbaf8c2d3ca9a833872d38e2a9005b2e2903904e622869", 0x83, 0xf, 0x0, 0x0, r6}, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f0000000680)={&(0x7f0000000380), 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x2c, r8, 0x10, 0x70bd29, 0x101, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @l2={'eth', 0x3a, 'bpq0\x00'}}}, [""]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40000) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) io_submit(r7, 0x1, &(0x7f0000001900)=[&(0x7f00000018c0)={0x0, 0x0, 0x0, 0xf, 0x4, r0, &(0x7f0000001800)="0f02dde35a800f16c89531511c2988a61a6d42d0b0a678f00ff5e6c7c09334c4e18f2f37dc84b7aa29dc704109df6d7c60fb6b1db6e6a3c053b87ff71a376b022c0272c3dd68564413e9d29a34078f918ed81d00f6a836db0ceb252568f1392e2449a93807f4fae650ddf8530dee54a0e26074441e0b63f23f5d039dba88177dd56fe616d4290f20c7b444", 0x8b, 0x5, 0x0, 0x1, 0xffffffffffffff9c}]) setsockopt$sock_int(r5, 0x1, 0x2f, &(0x7f0000000240)=0x80000200, 0x2e5) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r9 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r9, 0x2007fff) sendfile(r6, r9, &(0x7f0000d83ff8), 0x8000fffffffe) 11:19:35 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1a) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xa7}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 11:19:35 executing program 5: socketpair$unix(0x1, 0x4000000003, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000002c0)=0x3) ioctl$KVM_RUN(r3, 0x8004ae98, 0x710000) 11:19:35 executing program 0: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced423) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lseek(r0, 0x0, 0x0) write$P9_RLOCK(r0, 0x0, 0xfffffffffffffe63) [ 226.745978] ptrace attach of "/root/syz-executor0"[8102] was attempted by "/root/syz-executor0"[8104] [ 226.826172] kauditd_printk_skb: 3 callbacks suppressed [ 226.826196] audit: type=1326 audit(1544872775.874:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8106 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ba code=0xffff0000 [ 226.880314] ================================================================== [ 226.887741] BUG: KMSAN: uninit-value in tipc_nl_compat_doit+0x5bf/0xb00 [ 226.894493] CPU: 0 PID: 8110 Comm: syz-executor1 Not tainted 4.20.0-rc5+ #2 [ 226.901581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.910931] Call Trace: [ 226.913523] dump_stack+0x1c9/0x220 [ 226.917153] kmsan_report+0x12d/0x290 [ 226.920955] __msan_warning+0x76/0xc0 [ 226.924757] tipc_nl_compat_doit+0x5bf/0xb00 [ 226.929174] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 226.934652] tipc_nl_compat_recv+0x14d7/0x2760 [ 226.939247] ? tipc_nl_net_dump+0xc30/0xc30 [ 226.943565] ? tipc_nl_compat_node_dump+0x5b0/0x5b0 [ 226.948578] ? tipc_netlink_compat_stop+0x40/0x40 [ 226.953435] genl_rcv_msg+0x185f/0x1a60 [ 226.957429] ? __msan_poison_alloca+0x1e0/0x270 [ 226.962113] netlink_rcv_skb+0x444/0x640 [ 226.966172] ? genl_unbind+0x390/0x390 [ 226.970065] genl_rcv+0x63/0x80 [ 226.973361] netlink_unicast+0xf80/0x1060 [ 226.977521] netlink_sendmsg+0x129d/0x1310 [ 226.981768] ___sys_sendmsg+0xdbc/0x11d0 [ 226.985832] ? netlink_getsockopt+0x15f0/0x15f0 [ 226.990504] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 226.995874] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 227.001234] ? __fget_light+0x714/0x780 [ 227.005223] __se_sys_sendmsg+0x305/0x460 [ 227.009391] __x64_sys_sendmsg+0x4a/0x70 [ 227.013451] do_syscall_64+0xcd/0x110 [ 227.017255] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 227.022440] RIP: 0033:0x457659 [ 227.025629] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.044528] RSP: 002b:00007f3c25d6ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 227.052231] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659 [ 227.059497] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 227.066761] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 227.074037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c25d6f6d4 [ 227.081302] R13: 00000000004ca6a0 R14: 00000000004d7028 R15: 00000000ffffffff [ 227.088573] [ 227.090189] Uninit was created at: [ 227.093729] kmsan_internal_poison_shadow+0x92/0x150 [ 227.098826] kmsan_kmalloc+0xa1/0x100 [ 227.103153] kmsan_slab_alloc+0xe/0x10 [ 227.107041] __kmalloc_node_track_caller+0xf06/0x1120 [ 227.112226] __alloc_skb+0x318/0xa40 [ 227.115937] netlink_sendmsg+0xba0/0x1310 [ 227.120086] ___sys_sendmsg+0xdbc/0x11d0 [ 227.124139] __se_sys_sendmsg+0x305/0x460 [ 227.128283] __x64_sys_sendmsg+0x4a/0x70 [ 227.132336] do_syscall_64+0xcd/0x110 [ 227.136131] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 227.141309] ================================================================== [ 227.148654] Disabling lock debugging due to kernel taint [ 227.154102] Kernel panic - not syncing: panic_on_warn set ... [ 227.159988] CPU: 0 PID: 8110 Comm: syz-executor1 Tainted: G B 4.20.0-rc5+ #2 [ 227.168464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.177823] Call Trace: [ 227.180413] dump_stack+0x1c9/0x220 [ 227.184041] panic+0x3f0/0x98f [ 227.187253] kmsan_report+0x290/0x290 [ 227.191056] __msan_warning+0x76/0xc0 [ 227.194860] tipc_nl_compat_doit+0x5bf/0xb00 [ 227.199272] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 227.204753] tipc_nl_compat_recv+0x14d7/0x2760 [ 227.209342] ? tipc_nl_net_dump+0xc30/0xc30 [ 227.213661] ? tipc_nl_compat_node_dump+0x5b0/0x5b0 [ 227.218676] ? tipc_netlink_compat_stop+0x40/0x40 [ 227.223513] genl_rcv_msg+0x185f/0x1a60 [ 227.227499] ? __msan_poison_alloca+0x1e0/0x270 [ 227.232180] netlink_rcv_skb+0x444/0x640 [ 227.236261] ? genl_unbind+0x390/0x390 [ 227.240156] genl_rcv+0x63/0x80 [ 227.243433] netlink_unicast+0xf80/0x1060 [ 227.247593] netlink_sendmsg+0x129d/0x1310 [ 227.251843] ___sys_sendmsg+0xdbc/0x11d0 [ 227.255906] ? netlink_getsockopt+0x15f0/0x15f0 [ 227.260577] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 227.265942] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 227.271746] ? __fget_light+0x714/0x780 [ 227.275731] __se_sys_sendmsg+0x305/0x460 [ 227.279892] __x64_sys_sendmsg+0x4a/0x70 [ 227.283947] do_syscall_64+0xcd/0x110 [ 227.287744] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 227.292929] RIP: 0033:0x457659 [ 227.296116] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.315009] RSP: 002b:00007f3c25d6ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 227.322730] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659 [ 227.329992] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 227.337254] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 227.344514] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c25d6f6d4 [ 227.351773] R13: 00000000004ca6a0 R14: 00000000004d7028 R15: 00000000ffffffff [ 227.360130] Kernel Offset: disabled [ 227.363754] Rebooting in 86400 seconds..