[ 51.091008] audit: type=1800 audit(1545347215.143:25): pid=6349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 52.792020] kauditd_printk_skb: 3 callbacks suppressed [ 52.792058] audit: type=1800 audit(1545347216.853:29): pid=6349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 52.816886] audit: type=1800 audit(1545347216.853:30): pid=6349 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. 2018/12/20 23:07:09 fuzzer started 2018/12/20 23:07:13 dialing manager at 10.128.0.26:46613 2018/12/20 23:07:13 syscalls: 1 2018/12/20 23:07:13 code coverage: enabled 2018/12/20 23:07:13 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/20 23:07:13 setuid sandbox: enabled 2018/12/20 23:07:13 namespace sandbox: enabled 2018/12/20 23:07:13 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/20 23:07:13 fault injection: enabled 2018/12/20 23:07:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/20 23:07:13 net packet injection: enabled 2018/12/20 23:07:13 net device setup: enabled 23:09:52 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080), 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='syz_tun\x00\x98\x9b\x00\x00\xf2\x00', 0xce) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write(r0, &(0x7f0000000000), 0x0) syzkaller login: [ 229.018940] IPVS: ftp: loaded support on port[0] = 21 [ 230.431678] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.438269] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.446733] device bridge_slave_0 entered promiscuous mode [ 230.532385] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.538971] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.547416] device bridge_slave_1 entered promiscuous mode [ 230.630468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 230.714383] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 230.972429] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.063154] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.150435] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 231.157618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.243003] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 231.250023] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 231.509925] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.518738] team0: Port device team_slave_0 added [ 231.602094] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.610690] team0: Port device team_slave_1 added [ 231.695232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.787419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.874944] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.882672] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.892128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 231.981888] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 231.989581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.999157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 23:09:56 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000180)=0x580, 0x4) sendto$inet6(r1, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000b85fe4)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000240)=0x8, 0x4) recvmsg(r1, &(0x7f0000000400)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000080)=""/36, 0x16}, 0x2000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000001c, 0x0) [ 232.796405] IPVS: ftp: loaded support on port[0] = 21 [ 233.220395] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.227079] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.234357] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.240944] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.250338] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 233.256990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 235.189545] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.196269] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.204600] device bridge_slave_0 entered promiscuous mode [ 235.389398] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.396093] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.404375] device bridge_slave_1 entered promiscuous mode [ 235.487139] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 235.648532] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 236.063957] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.195027] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.501191] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 236.508304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.996479] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 237.005331] team0: Port device team_slave_0 added [ 237.210815] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 237.219565] team0: Port device team_slave_1 added [ 237.371292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.481905] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 237.488998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.498218] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 23:10:01 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x2) sendmmsg(r0, &(0x7f00000000c0)=[{{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0}}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) [ 237.733433] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.741120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.750306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.949723] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 237.957511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.966910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.150121] IPVS: ftp: loaded support on port[0] = 21 [ 238.686932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.309021] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 239.692579] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.699165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.706428] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.713068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.723191] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.729764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.059763] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.066541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.074658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.708949] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.955000] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.961850] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.970173] device bridge_slave_0 entered promiscuous mode [ 241.124819] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.131370] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.139858] device bridge_slave_1 entered promiscuous mode [ 241.231818] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 241.361407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 241.824033] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 242.021869] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 242.172149] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 242.179154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.348347] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.355496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.796346] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 242.805048] team0: Port device team_slave_0 added [ 242.908563] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 242.917208] team0: Port device team_slave_1 added [ 243.093193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 243.100222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 243.109309] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 243.281213] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 243.288779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 243.298536] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 243.449116] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 243.456906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 243.465927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 243.572980] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 243.580634] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 243.590028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 23:10:08 executing program 0: unshare(0x20400) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) ioctl$HDIO_GETGEO(r0, 0x301, 0x0) 23:10:09 executing program 3: socket$tipc(0xa, 0x3, 0x88) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@random="59cc9ee6e8e1", @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "06f526", 0x8, 0x88, 0x0, @empty={[0x0, 0x1f4]}, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) 23:10:09 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) mknod$loop(&(0x7f0000000080)='./control\x00', 0x1020, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f00007a7000)='./control\x00', 0xa4000960) open(&(0x7f00000000c0)='./control\x00', 0x80000000800, 0x0) 23:10:09 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) mknod$loop(&(0x7f0000000080)='./control\x00', 0x1020, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f00007a7000)='./control\x00', 0xa4000960) open(&(0x7f00000000c0)='./control\x00', 0x80000000800, 0x0) 23:10:09 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) mknod$loop(&(0x7f0000000080)='./control\x00', 0x1020, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f00007a7000)='./control\x00', 0xa4000960) open(&(0x7f00000000c0)='./control\x00', 0x80000000800, 0x0) 23:10:09 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) mknod$loop(&(0x7f0000000080)='./control\x00', 0x1020, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f00007a7000)='./control\x00', 0xa4000960) open(&(0x7f00000000c0)='./control\x00', 0x80000000800, 0x0) [ 245.711303] IPVS: ftp: loaded support on port[0] = 21 [ 245.723783] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.730362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.737686] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.744302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.753733] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 245.760320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 23:10:10 executing program 0: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffff9c) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) utimensat(r0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)={{}, {r1, r2/1000+10000}}, 0x100) r3 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$FIBMAP(r3, 0x1, &(0x7f0000000100)=0x7f) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000980)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000000000000007000000040000008004000080020000000000008002000098030000980300009803000004000000", @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0004001000000000000000000000000000000000000000000000000000050006d616e676c65000000000000000000000000000000000000000000000000000000000000000000000000000000000b05157c656a0000000000000000000000000009000000000200000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0004001000000000000000000000000000000000000000000000000000050006d616e676c650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac1414bb0000000006000000ffffffffe0000002ac141410ffffff00ff000000000000000000000000000000000000000000000000000000ff00ffffffff00000000000000000000000000000000000000000000000000000000000000000000ffffffffffff0000000000000000000000080005000400040003f6fa697036746e6c3000000000000000000076657468305f746f5f626f6e6400000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000f000180100000000000000000000000000000000000000000000000000002800434c4153534946590000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e8000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff0000000032a2fa352cd2"], 0x4d0) r4 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) getsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000140), &(0x7f0000000180)=0x4) syz_open_dev$radio(&(0x7f0000000300)='/dev/radio#\x00', 0x1, 0x2) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d778066f9d1ac8a570e3a42f70a7c0f30f66157a96aae15813f0dceb297", "a8a4cd01e527e6fd3de45387daf7b1ac786d0e8a75e89046550fa2d2d25b60361fe06f308fe6033a61edb75c8d51c055faf7f4fdb16e0cdaa4276939a3410334", "7b8ddcc0c891591c4116893616105829576914e70bfed06d00f97c97644ab8a7"}) ioctl$LOOP_CLR_FD(r3, 0x4c01) [ 246.082420] loop_reread_partitions: partition scan of loop0 (p|' $`BT՜G%ֳwfѬW:B [ 246.082420] |0aWj? β) failed (rc=-13) [ 246.212756] loop_reread_partitions: partition scan of loop0 () failed (rc=-13) [ 246.282286] loop_reread_partitions: partition scan of loop0 (p|' $`BT՜G%ֳwfѬW:B [ 246.282286] |0aWj? β) failed (rc=-13) [ 246.413522] loop_reread_partitions: partition scan of loop0 () failed (rc=-13) 23:10:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x7, 0x2) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x200000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0xcc) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x10, 0x0, &(0x7f0000000480)=[@request_death], 0x0, 0x0, &(0x7f0000000540)}) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) write$binfmt_elf64(r2, &(0x7f00000004c0)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x10001, 0x3b, 0xdd, 0x10001, 0x0, 0x3f, 0x101, 0xffffffffffff3d84, 0x40, 0x1c3, 0x52, 0x3, 0x38, 0x2, 0x7, 0x0, 0x5}, [{0x3, 0x6, 0x800, 0x100000000, 0x1000, 0x9, 0x7fffffff, 0x100}, {0x7474e557, 0x2, 0x8, 0x8, 0x7, 0x7, 0x5, 0x1}], "0ca8b631d94f8e14c791820f91844f920bdba854526103804cb956036e10d67ceb29967394bc4c4bc6a13bd3a7", [[], [], [], [], [], [], [], [], [], []]}, 0xadd) [ 246.665157] binder: 7082:7084 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 246.694535] binder_alloc: binder_alloc_mmap_handler: 7082 20001000-20004000 already mapped failed -16 [ 246.732212] binder: BINDER_SET_CONTEXT_MGR already set [ 246.737579] binder: 7082:7084 ioctl 40046207 0 returned -16 [ 246.772276] binder_alloc: 7082: binder_alloc_buf, no vma [ 246.778007] binder: 7082:7087 transaction failed 29189/-3, size 24-8 line 2973 [ 246.804415] binder: 7082:7084 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 246.825719] binder: release 7082:7084 transaction 2 out, still active [ 246.832483] binder: unexpected work type, 4, not freed [ 246.837806] binder: undelivered TRANSACTION_COMPLETE [ 246.872700] binder: undelivered TRANSACTION_ERROR: 29189 [ 246.878388] binder: send failed reply for transaction 2, target dead 23:10:11 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x80200000006, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000000c0)={0x7, 0xa, 0x0, "17606e0f2b5c2bc9db5a0f9cc0fbda7643ed12de15d50361a077e48500"}) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x0) write$P9_RAUTH(r1, &(0x7f0000000040)={0x14, 0x67, 0x2, {0x90, 0x4, 0x8}}, 0x14) ioctl$VIDIOC_S_AUDIO(r1, 0x40345622, &(0x7f0000000100)={0x3, "41c0d1b9f9fc652329d9c3906fc9a43ab024056d8a72b50a26cf580a463c0b08", 0x1, 0x1}) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x22042, 0x0) 23:10:11 executing program 0: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x84000, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = semget$private(0x0, 0x2, 0x3278272bd04191ba) semtimedop(r2, &(0x7f0000000100)=[{0x1, 0xfffffffffffffff9, 0x1800}, {0x0, 0x6, 0x1800}, {0x7, 0x4, 0x1000}], 0x3, &(0x7f0000000280)={0x77359400}) connect$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10) r3 = socket(0xa, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) fstat(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setfsgid(r4) socketpair$unix(0x1, 0x40000000002, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000240)=0x1000, 0x4) [ 247.549261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.240706] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 248.799346] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 248.805906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 248.813860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 249.218650] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.225272] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.233527] device bridge_slave_0 entered promiscuous mode [ 249.334416] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.423430] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.430063] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.438451] device bridge_slave_1 entered promiscuous mode [ 249.608337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 249.740666] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 250.258730] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 250.483523] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 250.669466] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 250.677433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 250.862931] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 250.869980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 251.243277] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 251.252099] team0: Port device team_slave_0 added [ 251.349597] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 251.358367] team0: Port device team_slave_1 added [ 251.483698] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 251.490735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 251.499882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 251.616570] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 251.623751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 251.632793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 251.801722] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 251.809594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 251.818779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 251.994111] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 252.001898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 252.010981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 253.080483] 8021q: adding VLAN 0 to HW filter on device bond0 23:10:17 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000180)=0x580, 0x4) sendto$inet6(r1, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000b85fe4)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000240)=0x8, 0x4) recvmsg(r1, &(0x7f0000000400)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000080)=""/36, 0x16}, 0x2000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000001c, 0x0) [ 253.676579] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 254.009456] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.016110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.023287] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.029857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.038962] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 254.045699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 254.210988] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 254.217471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 254.225463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 254.906893] 8021q: adding VLAN 0 to HW filter on device team0 23:10:22 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xffffffffffffff03, 0x10d000) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000040)={0x9, 0x1, 0xa, 0xce7, 0x80000000, 0x1000, 0x8e, 0x0, 0x0}, &(0x7f0000000080)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000200)={r2, @in6={{0xa, 0x4e22, 0x6, @mcast1, 0xffff}}, 0x4, 0x800}, &(0x7f0000000140)=0x90) r3 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r3, &(0x7f0000000100)=[{{}, 0x1, 0x51, 0x400000002}], 0xb69) 23:10:22 executing program 0: vmsplice(0xffffffffffffffff, &(0x7f0000001000)=[{&(0x7f0000000040)="120345", 0x3}], 0x1, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000004c0)=""/246) ioctl$EVIOCGREP(0xffffffffffffffff, 0x4010744d, &(0x7f0000001000)=""/174) [ 258.948599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.126600] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 259.298823] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.305171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.313164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.487361] 8021q: adding VLAN 0 to HW filter on device team0 23:10:24 executing program 3: capset(&(0x7f00000000c0)={0x20071026}, &(0x7f0000000240)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) 23:10:24 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000180)=0x580, 0x4) sendto$inet6(r1, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000b85fe4)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000240)=0x8, 0x4) recvmsg(r1, &(0x7f0000000400)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000080)=""/36, 0x16}, 0x2000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000001c, 0x0) 23:10:24 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000180)=0x580, 0x4) sendto$inet6(r1, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000b85fe4)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000240)=0x8, 0x4) recvmsg(r1, &(0x7f0000000400)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000080)=""/36, 0x16}, 0x2000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000001c, 0x0) 23:10:24 executing program 2: unshare(0x25ffffff) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x4) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8000, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0x50, &(0x7f00000000c0)}, 0x10) 23:10:24 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000001080)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x25, &(0x7f0000000040)={0x2, 0x7, 0x7, 0x0, r1}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/vcs\x00', 0x0, 0x0) dup2(r3, r0) tkill(r1, 0x15) 23:10:24 executing program 5: r0 = memfd_create(&(0x7f0000000000)='\x00', 0x2) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000000040)={0x6, 0x8000, 0x3}) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000080)=""/134, &(0x7f0000000140)=0x86) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x8, 0x0, [], [{0x6, 0x6, 0x9, 0xfff, 0x6, 0xfffffffffffffffb}, {0x2, 0x80000001, 0x100, 0x4e21bae9, 0xfffffff800000000, 0x1ff165b}], [[], [], [], [], [], [], [], []]}) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000440)={{{@in=@multicast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@broadcast}}, &(0x7f0000000540)=0xe8) fstat(r0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ENTRY(r0, &(0x7f0000000600)={0x90, 0x0, 0x4, {0x1, 0x0, 0x1ff, 0x4, 0x1ff, 0x8, {0x5, 0xdd9, 0x40, 0x5, 0x7fff, 0x0, 0x8, 0x3, 0x100, 0x6, 0x7, r1, r2, 0x4, 0x6}}}, 0x90) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000006c0)={0x0, 0x80e8, 0x2, {0x5, @pix={0x9, 0x401, 0x48524742, 0x1, 0x5518, 0x1, 0x0, 0x8, 0x1, 0x0, 0x2, 0x6}}}) openat$ion(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/ion\x00', 0x2000, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000800)='/dev/rfkill\x00', 0x101000, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000900)={0x200, 0x9, 0x8d, &(0x7f0000000840)="f06c4c07387e0ee15c4518e7c34fb7c463174d5418dd42ad622b97a2baf14a2ebb7e6719e978accc0f09eb97c4b502b594c623b444d560fb12dfd9d41b24902353a87a794814678d5d2c0288e0190d9596f7f39c9392ae1e143e237ea95e22491c1ab0c6f4c8a7cdcf6702c00ad9e28442843368fc8af52e459b804ac3fc3ff8edee70baf7950c96c00e283a4f"}) ioctl$SIOCGIFHWADDR(r3, 0x8927, &(0x7f0000000940)) write$FUSE_ENTRY(r0, &(0x7f0000000980)={0x90, 0x0, 0x2, {0x4, 0x1, 0x6, 0x8, 0x20, 0x274, {0x2, 0x1, 0x7ff, 0x6, 0x5, 0x1f, 0xffff, 0x2ced, 0x80000001, 0x80000000, 0x0, r1, r2, 0x7ff, 0x3}}}, 0x90) write$P9_RSYMLINK(r0, &(0x7f0000000a40)={0x14, 0x11, 0x2, {0x40, 0x3, 0x2}}, 0x14) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000a80)=""/137) creat(&(0x7f0000000b40)='./file0\x00', 0xa4) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000b80)='/dev/ppp\x00', 0x10000, 0x0) r5 = add_key(&(0x7f0000000bc0)='id_legacy\x00', &(0x7f0000000c00)={'syz', 0x0}, &(0x7f0000000c40)="ea6ba3490c685a45f127b95259e77c6e791b201a869ecc9bc7518179dde65b0398ebc88679336df38564a01593d680eafbd827c204efe8747edcfc4eab204972092f7223b492538676340e77c79a827a5d4723a8be6bf4ab20bfb26cc005637385a386cfcebb33c7ff8df9ed7ae42546759858e4f223a34fede0c3c7a310c2a88a5428995acd507ae8a3bd9b10b480da976311724ccec54af8c5b8de", 0x9c, 0xfffffffffffffffd) keyctl$assume_authority(0x10, r5) fcntl$getownex(r4, 0x10, &(0x7f0000000d00)={0x0, 0x0}) ioctl$TIOCSPGRP(r4, 0x5410, &(0x7f0000000d40)=r6) r7 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000d80)='/dev/dlm-monitor\x00', 0x44a800, 0x0) write$P9_RLOCK(r4, &(0x7f0000000dc0)={0x8, 0x35, 0x2}, 0x8) ioctl$DRM_IOCTL_RES_CTX(r7, 0xc0106426, &(0x7f0000000e40)={0x4, &(0x7f0000000e00)=[{}, {}, {}, {}]}) r8 = syz_open_dev$cec(&(0x7f0000000e80)='/dev/cec#\x00', 0x1, 0x2) getsockopt$inet_sctp_SCTP_NODELAY(r4, 0x84, 0x3, &(0x7f0000000ec0), &(0x7f0000000f00)=0x4) pipe(&(0x7f0000000f40)={0xffffffffffffffff}) openat$cgroup_type(r7, &(0x7f0000000f80)='cgroup.type\x00', 0x2, 0x0) r10 = inotify_add_watch(r9, &(0x7f0000000fc0)='./file0\x00', 0x41000028) inotify_rm_watch(r8, r10) [ 260.760035] capability: warning: `syz-executor3' uses deprecated v2 capabilities in a way that may be insecure 23:10:24 executing program 2: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de56b5000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00b6fc663019bf476a25"], 0x1}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000010000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23:10:24 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000180)=0x580, 0x4) sendto$inet6(r1, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000b85fe4)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000240)=0x8, 0x4) recvmsg(r1, &(0x7f0000000400)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000080)=""/36, 0x16}, 0x2000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000001c, 0x0) 23:10:25 executing program 0: creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) unlink(&(0x7f0000000180)='./file0\x00') 23:10:25 executing program 3: capset(&(0x7f00001e8ff8)={0x19980330}, &(0x7f0000032fe8)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a0676ffffff81004e220000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 260.941494] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 261.086171] capability: warning: `syz-executor3' uses 32-bit capabilities (legacy support in use) 23:10:25 executing program 1: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) r2 = epoll_create(0x80000000000009) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x90000001}) epoll_wait(r2, &(0x7f00000000c0)=[{}], 0x1, 0x47) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 23:10:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = getpgid(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000380)={0x1, 0x0, 0x0, 0x0, r1}) 23:10:25 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') read(r0, &(0x7f00000001c0)=""/83, 0x11) lseek(r0, 0x200, 0x0) 23:10:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = getpgid(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000380)={0x1, 0x0, 0x0, 0x0, r1}) [ 261.713111] IPVS: ftp: loaded support on port[0] = 21 [ 261.748106] IPVS: ftp: loaded support on port[0] = 21 [ 263.219485] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.226682] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.235090] device bridge_slave_0 entered promiscuous mode [ 263.283927] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.290844] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.299286] device bridge_slave_0 entered promiscuous mode [ 263.317422] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.324131] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.332451] device bridge_slave_1 entered promiscuous mode [ 263.379204] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.385892] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.394237] device bridge_slave_1 entered promiscuous mode [ 263.412842] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 263.474008] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 263.493070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 263.552695] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 263.738553] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 263.796976] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 263.823534] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 263.889683] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 263.904470] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 263.911493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 263.969629] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 263.976714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 263.993307] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 264.000310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 264.059118] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 264.066236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 264.249534] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 264.258240] team0: Port device team_slave_0 added [ 264.315135] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 264.323885] team0: Port device team_slave_0 added [ 264.338952] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 264.347640] team0: Port device team_slave_1 added [ 264.405084] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 264.414860] team0: Port device team_slave_1 added [ 264.429066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 264.495328] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 264.524461] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 264.578536] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 264.608655] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 264.616486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 264.625711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 264.663230] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 264.670886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 264.680140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 264.708339] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 264.716059] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 264.725297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 264.783175] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 264.790779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 264.800046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 265.670169] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.676782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.684006] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.690556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.699684] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 265.738432] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.745090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.752286] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.758864] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.768140] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 265.871930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 265.879950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 268.963910] 8021q: adding VLAN 0 to HW filter on device bond0 [ 269.102982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 269.267621] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 269.408056] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 269.573087] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 269.579444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 269.587582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 269.718885] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 269.725316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 269.733410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 269.901769] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.045873] 8021q: adding VLAN 0 to HW filter on device team0 23:10:36 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000180)=0x580, 0x4) sendto$inet6(r1, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000b85fe4)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000240)=0x8, 0x4) recvmsg(r1, &(0x7f0000000400)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000080)=""/36, 0x16}, 0x2000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000001c, 0x0) 23:10:36 executing program 3: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000000)={'ip_vti0\x00', @ifru_data=&(0x7f0000000040)="635e9537d475cf912822b8b3532ee1cf3be4469deb510465c9eb58cbd8641d57"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'ip_vti0\x00', @ifru_flags}) 23:10:36 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@loopback={0xff00000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x1}, 0x20) 23:10:36 executing program 5: r0 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x17, r0, 0x0, 0x0) 23:10:36 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = getpgid(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000380)={0x1, 0x0, 0x0, 0x0, r1}) 23:10:36 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000c03000)=[@in], 0x10) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00009baffc), 0x4) getsockname(r0, &(0x7f0000000040)=@pppol2tpv3, &(0x7f00000000c0)=0x80) 23:10:36 executing program 3: process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000002040)=""/224, 0xe0}], 0x1, 0x0) r0 = socket(0x10, 0x803, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000c80)={'\x00\x00\x01\x00\x00\x00\x00\x00\x80\x00'}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000700)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, 0x0, 0x0, &(0x7f0000000e00)=""/241, 0xf1}, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000f00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000140)=@hci, 0x80, 0x0}, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/186, 0xba}, {&(0x7f0000000900)=""/124, 0x7c}, {&(0x7f0000000d00)=""/226, 0xe2}, {&(0x7f0000000980)=""/69, 0x45}], 0x4, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) 23:10:36 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = getpgid(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000380)={0x1, 0x0, 0x0, 0x0, r1}) 23:10:36 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000180)=0x580, 0x4) sendto$inet6(r1, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000b85fe4)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000240)=0x8, 0x4) recvmsg(r1, &(0x7f0000000400)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000080)=""/36, 0x16}, 0x2000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000001c, 0x0) 23:10:36 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@loopback={0xff00000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x1}, 0x20) 23:10:36 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r0, 0x107, 0xe, 0xffffffffffffffff, &(0x7f0000000040)=0x8) 23:10:36 executing program 5: r0 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x17, r0, 0x0, 0x0) 23:10:36 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x86b3d8b1) recvmmsg(r1, &(0x7f0000002c40)=[{{&(0x7f0000000240)=@nfc_llcp, 0x80, &(0x7f0000000440)=[{&(0x7f0000000000)=""/22, 0x16}, {&(0x7f0000000180)=""/53, 0x35}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/208, 0xd0}, {&(0x7f00000003c0)=""/84, 0x54}], 0x5, &(0x7f00000004c0)=""/163, 0xa3, 0x1ff}, 0x8000}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f00000029c0)=""/76, 0x4c}], 0x1, &(0x7f0000002b80)=""/138, 0x8a}}], 0x2, 0x100, &(0x7f0000002d00)={0x77359400}) 23:10:36 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'eql\x00', 0x805}) ioctl$sock_ifreq(r0, 0x8923, &(0x7f0000000200)={'eql\x00\x00\x00\xa9[\x00', @ifru_names='eql\x00'}) 23:10:36 executing program 3: mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x0, 0x32, 0xffffffffffffffff, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001680)}], 0x1, 0x0) 23:10:36 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@loopback={0xff00000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x1}, 0x20) 23:10:36 executing program 1: io_setup(0x8c, &(0x7f00000000c0)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) close(r1) syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x0, 0x0) io_submit(r0, 0x1ffffffffffffe76, &(0x7f0000000b00)=[&(0x7f00000002c0)={0x7fffffffefff, 0x4, 0x0, 0x80000000005, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff9c}]) 23:10:36 executing program 5: r0 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x17, r0, 0x0, 0x0) 23:10:36 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'eql\x00', 0x805}) ioctl$sock_ifreq(r0, 0x8923, &(0x7f0000000200)={'eql\x00\x00\x00\xa9[\x00', @ifru_names='eql\x00'}) 23:10:36 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) r1 = memfd_create(&(0x7f0000000140)='^\x00', 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x102002700) 23:10:37 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@loopback={0xff00000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x1}, 0x20) 23:10:37 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="de75e1fe7d087634b214a3765ba0017995103a08917fc2a1", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$netlink(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{0x0}, {&(0x7f0000000540)={0x10}, 0x10}], 0x2}, 0x0) 23:10:37 executing program 5: r0 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$chown(0x17, r0, 0x0, 0x0) 23:10:37 executing program 2: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000011000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x3000}) 23:10:37 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x86b3d8b1) recvmmsg(r1, &(0x7f0000002c40)=[{{&(0x7f0000000240)=@nfc_llcp, 0x80, &(0x7f0000000440)=[{&(0x7f0000000000)=""/22, 0x16}, {&(0x7f0000000180)=""/53, 0x35}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/208, 0xd0}, {&(0x7f00000003c0)=""/84, 0x54}], 0x5, &(0x7f00000004c0)=""/163, 0xa3, 0x1ff}, 0x8000}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f00000029c0)=""/76, 0x4c}], 0x1, &(0x7f0000002b80)=""/138, 0x8a}}], 0x2, 0x100, &(0x7f0000002d00)={0x77359400}) 23:10:37 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'eql\x00', 0x805}) ioctl$sock_ifreq(r0, 0x8923, &(0x7f0000000200)={'eql\x00\x00\x00\xa9[\x00', @ifru_names='eql\x00'}) 23:10:37 executing program 3: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r0, 0x29, 0x6, &(0x7f0000000040), &(0x7f0000013000)=0x4) 23:10:37 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='io\x00[\xfcW\x16\x9b\xab\xeeT\xed\x16\xe3\x9ez\x8f\xe4\xb9\x00\x16\xf2f\xe3\xf60xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'eql\x00', 0x805}) ioctl$sock_ifreq(r0, 0x8923, &(0x7f0000000200)={'eql\x00\x00\x00\xa9[\x00', @ifru_names='eql\x00'}) [ 273.847834] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 23:10:38 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f000089b000)=0xffffffffffffffff, 0x4) connect$inet6(r0, &(0x7f000000cfe4)={0xa, 0x0, 0x807}, 0x1c) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[{0x18, 0x29, 0xb, "0f"}], 0x18}}], 0x1, 0x0) 23:10:38 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x86b3d8b1) recvmmsg(r1, &(0x7f0000002c40)=[{{&(0x7f0000000240)=@nfc_llcp, 0x80, &(0x7f0000000440)=[{&(0x7f0000000000)=""/22, 0x16}, {&(0x7f0000000180)=""/53, 0x35}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/208, 0xd0}, {&(0x7f00000003c0)=""/84, 0x54}], 0x5, &(0x7f00000004c0)=""/163, 0xa3, 0x1ff}, 0x8000}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f00000029c0)=""/76, 0x4c}], 0x1, &(0x7f0000002b80)=""/138, 0x8a}}], 0x2, 0x100, &(0x7f0000002d00)={0x77359400}) 23:10:38 executing program 2: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x8447, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000280)={0x3, @win={{}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)}}) 23:10:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) 23:10:38 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0_to_bridge\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x1, 0x6, @remote}, 0x10) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={r1, 0x1, 0x5, @link_local}, 0x10) 23:10:38 executing program 4: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='setgroups\x00') exit(0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00W\xf6Je|H\x10\x05\xf1\xab\xc4MJ\xcbP\xed@\xe8\xe39\xd2\xea\xaap\xf9\x1aTM\x1f\x8e\x86c\xb4T\xde\x10\xf6\xa1\x89\xea)6\xca\x00\xa2\x04\xe6}\xaa\xd4\xf6~\xd0\x04bq\xe5\xa2\x99t;zzV\x15t[f\x16\x9dL\xe3\xc9\xf8Q\xf3<\x98\x9a\x1b\xb9\x87@\xe9#\x99\xd6\xb8\xa4\xb1T\xdd\xe0\x93\xd0\xd5\xd8\x0f\x11y\xef\xf1R\v\xd6\x81\x97\xa96,q\xd053\x1a\x11VEG(\x93\x18\xf2\xbc\x17\x1f\xd7\x89F(G\x18S\xda\x99\xdb\xeb\xa0\xc9*\xbd\xb4=Y;\xa8\xed\xd2\xa9\xa2\x87\xa0\xfb\r\xf7I1]:\xd1;h\xc6\xe2M\xf2\x005\x96\x9b\xd1\x92\x048\xb2\x02\xf1C\xdf\xa6\xc2\xb2\x1d\n:mnO8\\\xa1\x7f\x92r\x95\x96\xda7\xea\x85\xc8\x8c\xa8^\xb7\x1f\x80\x05\x03\xbb\xef9C\xcb(\x9bF\vHFW\x04\x1d\xc7LkW\xb2\xe9\xdd\x17\xe8%\x86\xd1H\rR\xafX\x1f\xea') 23:10:38 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000002c0)="d3abc79901535c9e70bc111c8eff7f0055", 0x11) [ 274.471399] device veth0_to_bridge entered promiscuous mode 23:10:38 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0x67}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x1, 0xc3, &(0x7f0000000000)=""/195}, 0x48) 23:10:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) [ 274.532538] device veth0_to_bridge left promiscuous mode 23:10:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0xf00}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@bridge_delneigh={0x28, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x40030000000000}, [@NDA_LLADDR={0xa, 0x2, @local}]}, 0xff8e}}, 0x0) 23:10:38 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) connect$inet6(r0, &(0x7f0000419000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x700000000000000, 0x0, 0xe00000000000000]}}, 0x1b) 23:10:38 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3ffffffffff0c00, 0x0) shutdown(r0, 0x1) 23:10:38 executing program 3: mkdir(&(0x7f0000000300)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) unlink(&(0x7f00000000c0)='./control/file0\x00') mount(&(0x7f0000000180)=@filename='./control/file0\x00', &(0x7f00000001c0)='./control/file0\x00', &(0x7f0000000240)='gfs2\x00', 0x241808, &(0x7f0000000280)='\x00') close(r0) [ 274.884788] ================================================================== [ 274.892263] BUG: KMSAN: uninit-value in __siphash_aligned+0x512/0xae0 [ 274.898910] CPU: 0 PID: 8331 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #8 [ 274.906042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 274.915412] Call Trace: [ 274.918040] dump_stack+0x173/0x1d0 [ 274.921719] kmsan_report+0x120/0x290 [ 274.925569] kmsan_internal_check_memory+0x9a7/0xa20 [ 274.930746] __msan_instrument_asm_load+0x8a/0x90 [ 274.935629] __siphash_aligned+0x512/0xae0 [ 274.939961] secure_dccpv6_sequence_number+0x143/0x2c0 [ 274.945285] ? inet6_hash_connect+0x176/0x1a0 [ 274.949826] dccp_v6_connect+0x1ad1/0x1e20 [ 274.954134] ? __msan_poison_alloca+0x1e0/0x270 [ 274.958852] ? dccp_v6_exit_batch+0x40/0x40 [ 274.963208] __inet_stream_connect+0x2f9/0x1340 [ 274.967944] inet_stream_connect+0x101/0x180 [ 274.972401] __sys_connect+0x664/0x820 [ 274.976331] ? __inet_stream_connect+0x1340/0x1340 [ 274.981291] ? 0xffffffff81000000 [ 274.984778] ? prepare_exit_to_usermode+0x114/0x420 [ 274.989822] ? syscall_return_slowpath+0x50/0x650 [ 274.994726] __se_sys_connect+0x8d/0xb0 [ 274.998742] __x64_sys_connect+0x4a/0x70 [ 275.002851] do_syscall_64+0xbc/0xf0 [ 275.006602] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 275.011809] RIP: 0033:0x457669 [ 275.015039] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 275.033979] RSP: 002b:00007f5724979c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 275.041727] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 275.049021] RDX: 000000000000001b RSI: 0000000020419000 RDI: 0000000000000003 [ 275.056320] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 275.063608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f572497a6d4 [ 275.070897] R13: 00000000004bdc27 R14: 00000000004cd678 R15: 00000000ffffffff [ 275.078209] [ 275.079870] Local variable description: ----combined@secure_dccpv6_sequence_number [ 275.087589] Variable was created at: [ 275.091330] secure_dccpv6_sequence_number+0x7d/0x2c0 [ 275.096546] dccp_v6_connect+0x1ad1/0x1e20 [ 275.100786] [ 275.102427] Bytes 4-7 of 8 are uninitialized [ 275.106863] Memory access of size 8 starts at ffff88813901fa70 [ 275.112861] ================================================================== [ 275.120236] Disabling lock debugging due to kernel taint [ 275.125700] Kernel panic - not syncing: panic_on_warn set ... [ 275.131609] CPU: 0 PID: 8331 Comm: syz-executor2 Tainted: G B 4.20.0-rc7+ #8 [ 275.140111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.149485] Call Trace: [ 275.152109] dump_stack+0x173/0x1d0 [ 275.155783] panic+0x3ce/0x961 [ 275.159061] kmsan_report+0x285/0x290 [ 275.162926] kmsan_internal_check_memory+0x9a7/0xa20 [ 275.168099] __msan_instrument_asm_load+0x8a/0x90 [ 275.172986] __siphash_aligned+0x512/0xae0 [ 275.177292] secure_dccpv6_sequence_number+0x143/0x2c0 [ 275.182609] ? inet6_hash_connect+0x176/0x1a0 [ 275.187144] dccp_v6_connect+0x1ad1/0x1e20 [ 275.191442] ? __msan_poison_alloca+0x1e0/0x270 [ 275.196166] ? dccp_v6_exit_batch+0x40/0x40 [ 275.200530] __inet_stream_connect+0x2f9/0x1340 [ 275.205272] inet_stream_connect+0x101/0x180 [ 275.209728] __sys_connect+0x664/0x820 [ 275.213664] ? __inet_stream_connect+0x1340/0x1340 [ 275.218624] ? 0xffffffff81000000 [ 275.222108] ? prepare_exit_to_usermode+0x114/0x420 [ 275.227162] ? syscall_return_slowpath+0x50/0x650 [ 275.232055] __se_sys_connect+0x8d/0xb0 [ 275.236079] __x64_sys_connect+0x4a/0x70 [ 275.240174] do_syscall_64+0xbc/0xf0 [ 275.243912] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 275.249105] RIP: 0033:0x457669 [ 275.252319] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 275.271244] RSP: 002b:00007f5724979c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 275.278985] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 275.286268] RDX: 000000000000001b RSI: 0000000020419000 RDI: 0000000000000003 [ 275.293906] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 275.301192] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f572497a6d4 [ 275.308484] R13: 00000000004bdc27 R14: 00000000004cd678 R15: 00000000ffffffff [ 275.316608] Kernel Offset: disabled [ 275.320239] Rebooting in 86400 seconds..