[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.740864][ T26] audit: type=1800 audit(1556697936.425:25): pid=7684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 38.768559][ T26] audit: type=1800 audit(1556697936.425:26): pid=7684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 38.808108][ T26] audit: type=1800 audit(1556697936.425:27): pid=7684 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts. 2019/05/01 08:05:44 fuzzer started 2019/05/01 08:05:47 dialing manager at 10.128.0.26:34869 2019/05/01 08:05:47 syscalls: 2440 2019/05/01 08:05:47 code coverage: enabled 2019/05/01 08:05:47 comparison tracing: enabled 2019/05/01 08:05:47 extra coverage: extra coverage is not supported by the kernel 2019/05/01 08:05:47 setuid sandbox: enabled 2019/05/01 08:05:47 namespace sandbox: enabled 2019/05/01 08:05:47 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/01 08:05:47 fault injection: enabled 2019/05/01 08:05:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/01 08:05:47 net packet injection: enabled 2019/05/01 08:05:47 net device setup: enabled 08:07:26 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000004080501ff0080fffdff01010ab0b1000c00030011000010870a00010c0002000002fa17711104a6"], 0x2c}}, 0x0) syzkaller login: [ 148.846896][ T7848] IPVS: ftp: loaded support on port[0] = 21 08:07:26 executing program 1: syz_execute_func(&(0x7f00000001c0)="98a84a2ae92cb91c020f05bfd9000100c4a37bf0c55c41e2e92e363e460f1a7000660fde978fe97c80660f383a9e02000000110f33b8c4014e4e4e5b7f4b4b26660f38091e14dec421045f4607c421dd5831c4e1340b07d2d266f30f51ac4cfdffffffc4c4a3bd4877f88ac483397fd300d8c0c4a3662ad764d3cf53afaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4e2899294d80000000019c2c2b0c10b0b0000c4414e53d2c4816016f7b8d4d466450fc4650000ebeb680864360fa25800218de3c02cf5f67e9949c45c450f91f3ffefffff47dcdc21c9568f8f0f66474eb838e2aaf12f2f0d") perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x3f, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0xfff) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) sched_setaffinity(0x0, 0xffffffffffffff6b, &(0x7f0000000940)=0x5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCMGET(0xffffffffffffffff, 0x5415, 0x0) ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, 0x0) semctl$SETALL(0x0, 0x0, 0x11, 0x0) semctl$GETNCNT(0x0, 0x4, 0xe, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x101002) write$evdev(r1, &(0x7f0000000000)=[{{0x0, 0x7530}}], 0xfe72) ioctl$TIOCSETD(r0, 0x5423, 0x0) [ 149.025504][ T7848] chnl_net:caif_netlink_parms(): no params data found [ 149.068033][ T7851] IPVS: ftp: loaded support on port[0] = 21 [ 149.117117][ T7848] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.125815][ T7848] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.134116][ T7848] device bridge_slave_0 entered promiscuous mode [ 149.150343][ T7848] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.163308][ T7848] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.171518][ T7848] device bridge_slave_1 entered promiscuous mode [ 149.218157][ T7848] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 149.233605][ T7848] bond0: Enslaving bond_slave_1 as an active interface with an up link 08:07:27 executing program 2: clone(0x200813fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x400, 0x0) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) syz_execute_func(&(0x7f0000000bc0)="c4e379614832074a2be92c3a980f0544dbeac4a37bf0c59f41e2e9c4e251b74c6e0f0f6e6232480f6ee736f344a738463da16379637902000000cc876112dc3ae00000c48253a3c4c40f5bc90f01570a02c48f8970915fbac4028d8ebf0500000041d09d54b00000491e2f163e83933a7f0000324cbec5a44d0f2c718f56c4e14dee1a6565400f0f34208e660f38dce844c3b45959410f8bbbb6a718dda4304a0000006a0f7a3134f08351595966410f38000843ad80807b4733ad0a000066450f3825a89d2424a4c423c96cb83d000000fe66410fd1e46bd104f0e14340d9e56a660f6eb45b000880417cd8f30f38f6d22636120ff360313143fd6cc80a00d8000f18c340406666413ac330c435cc5ac7d5000000000fdca0ef000000266573896f893f898900000100f199400f17976a5000000f092ddd8f0b00c4a17ae64295c4a174149b5e000000650fae59e1fb2e36646466264681b908000024000dc4c2d3f50b33c46645020fdf5f7777e12172e200c9c412b1bf70b47804000000c422a5ae9aad6974d8db90bb00000044ff7eaf79c15438c0c0c078470f0d8478038dacc60f01deb3dd676566f20f1a25ea656fc9edf2085621660f73e7da00008f8920016afcd0d0008fc93001aee15973d40c0b5765672d000000002f0fadb50000000065002d08000000439ba7452d00000000a9bb000042c4414974ecc4622d2d2551430000ffb2214e214e083143e200") add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) getpeername$netlink(r0, &(0x7f0000000040), &(0x7f0000000080)=0xc) add_key(&(0x7f0000000280)='id_legacy\x00', &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000300)="3775f0e87a84809b8a1cab52fb96df4a5739c4d92dddfc143d0d94715193c4e1665c245f7fbcb08e7e43919e690585ffa826d3e3", 0x34, 0xfffffffffffffff8) add_key(0x0, &(0x7f0000000440)={'syz', 0x2}, &(0x7f0000000480)="6678379705f38d34b7", 0x9, 0xfffffffffffffff9) [ 149.262889][ T7848] team0: Port device team_slave_0 added [ 149.275990][ T7848] team0: Port device team_slave_1 added [ 149.334791][ T7848] device hsr_slave_0 entered promiscuous mode [ 149.392252][ T7848] device hsr_slave_1 entered promiscuous mode 08:07:27 executing program 3: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x870b) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) [ 149.478057][ T7853] IPVS: ftp: loaded support on port[0] = 21 [ 149.487271][ T7848] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.494537][ T7848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 149.502555][ T7848] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.509681][ T7848] bridge0: port 1(bridge_slave_0) entered forwarding state [ 149.617449][ T7856] IPVS: ftp: loaded support on port[0] = 21 [ 149.715818][ T7851] chnl_net:caif_netlink_parms(): no params data found 08:07:27 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2, @loopback}, 0xc) setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f00000001c0)={0x1, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) [ 149.888156][ T7848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.908507][ T7851] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.918951][ T7851] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.936287][ T7851] device bridge_slave_0 entered promiscuous mode [ 149.970383][ T7859] IPVS: ftp: loaded support on port[0] = 21 [ 149.980445][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 149.994470][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.018681][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.028957][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 08:07:27 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) close(r0) close(r1) pipe(&(0x7f0000000240)) write$binfmt_misc(r1, &(0x7f0000000180)={'syz1'}, 0x20000184) vmsplice(r0, &(0x7f00000001c0)=[{&(0x7f0000000280)="9a8a", 0x2}], 0x1, 0x0) [ 150.072087][ T7851] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.079353][ T7851] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.088214][ T7851] device bridge_slave_1 entered promiscuous mode [ 150.097490][ T7848] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.188331][ T7851] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 150.209762][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 150.218662][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 150.227241][ T2497] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.234332][ T2497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.250868][ T7866] IPVS: ftp: loaded support on port[0] = 21 [ 150.262217][ T7853] chnl_net:caif_netlink_parms(): no params data found [ 150.276082][ T7851] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 150.289064][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 150.297907][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 150.306717][ T7860] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.313834][ T7860] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.321899][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 150.330490][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 150.339262][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 150.347941][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 150.383091][ T7856] chnl_net:caif_netlink_parms(): no params data found [ 150.399403][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 150.407429][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 150.416195][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 150.447805][ T7851] team0: Port device team_slave_0 added [ 150.471076][ T7851] team0: Port device team_slave_1 added [ 150.497413][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 150.506940][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 150.526774][ T7853] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.534988][ T7853] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.543197][ T7853] device bridge_slave_0 entered promiscuous mode [ 150.551085][ T7853] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.558328][ T7853] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.566057][ T7853] device bridge_slave_1 entered promiscuous mode [ 150.590876][ T7848] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 150.605701][ T7848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 150.640465][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 150.649950][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 150.715012][ T7851] device hsr_slave_0 entered promiscuous mode [ 150.771900][ T7851] device hsr_slave_1 entered promiscuous mode [ 150.823875][ T7853] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 150.832578][ T7856] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.839669][ T7856] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.847864][ T7856] device bridge_slave_0 entered promiscuous mode [ 150.860117][ T7856] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.867631][ T7856] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.875933][ T7856] device bridge_slave_1 entered promiscuous mode [ 150.904662][ T7853] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 150.962452][ T7856] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 151.001158][ T7853] team0: Port device team_slave_0 added [ 151.011224][ T7853] team0: Port device team_slave_1 added [ 151.027611][ T7856] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 151.050246][ T7859] chnl_net:caif_netlink_parms(): no params data found [ 151.146220][ T7853] device hsr_slave_0 entered promiscuous mode [ 151.211958][ T7853] device hsr_slave_1 entered promiscuous mode [ 151.276341][ T7856] team0: Port device team_slave_0 added [ 151.289253][ T7856] team0: Port device team_slave_1 added [ 151.299082][ T7848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.317781][ T7866] chnl_net:caif_netlink_parms(): no params data found [ 151.434166][ T7856] device hsr_slave_0 entered promiscuous mode [ 151.471936][ T7856] device hsr_slave_1 entered promiscuous mode [ 151.554836][ T7859] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.564203][ T7859] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.576334][ T7859] device bridge_slave_0 entered promiscuous mode [ 151.603393][ T7866] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.610524][ T7866] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.643931][ T7866] device bridge_slave_0 entered promiscuous mode [ 151.656268][ T7859] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.663614][ T7859] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.671628][ T7859] device bridge_slave_1 entered promiscuous mode [ 151.702614][ T7877] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 151.708027][ T7866] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.710835][ T7877] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 151.732090][ T7866] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.740357][ T7866] device bridge_slave_1 entered promiscuous mode [ 151.767182][ T7851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.786494][ T7876] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 151.794813][ T7876] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 151.806005][ T7866] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 151.818389][ T7866] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 151.834366][ T7859] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 151.846890][ T7859] bond0: Enslaving bond_slave_1 as an active interface with an up link 08:07:29 executing program 0: syz_execute_func(&(0x7f0000000100)="9826473e431c110f05f30f59bfd9130400c4a37bf0c53e41e2e9b55767660f6b32fb660f72d50f0fb8c4054e4eed751e0fa0e509ab34d1e0c40bf8c470c4c461cd583d280000812e2e6db712c483397fd300c9dcdcf345d9c6acacc4c3214cb9a5605419c29a01f2b00b4f4f000c00000c00a30b8a826eefa80dd4d48cc7e8628f6808a3056f0000004e00c4618de3c0f526264788fe58c4a1dd7dbbbfdd5cc600d030a1c9fb110fd3c4a26194c44225aea76c9091ce62") [ 151.894786][ T7866] team0: Port device team_slave_0 added [ 151.910569][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 151.918547][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.938907][ T7859] team0: Port device team_slave_0 added [ 151.971304][ T7859] team0: Port device team_slave_1 added [ 151.988071][ T7866] team0: Port device team_slave_1 added [ 152.009996][ T7851] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.050942][ T7853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.144630][ T7859] device hsr_slave_0 entered promiscuous mode [ 152.187628][ T7859] device hsr_slave_1 entered promiscuous mode [ 152.260745][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.269685][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.278938][ T2497] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.286074][ T2497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.294906][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 152.304138][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 152.313250][ T2497] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.320323][ T2497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.328450][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.337120][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.419252][ T7866] device hsr_slave_0 entered promiscuous mode [ 152.471896][ T7866] device hsr_slave_1 entered promiscuous mode [ 152.518248][ T7853] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.530753][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 152.542442][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 152.560180][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 152.571780][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 152.580837][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.599414][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 152.611086][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 152.628567][ T7856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.648041][ T7851] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 152.665775][ T7851] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 152.702673][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 152.717481][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 152.727729][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 152.743390][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 152.757072][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 152.777932][ T7856] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.820603][ T7851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.832961][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 152.840737][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready 08:07:30 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000003c0)='ip6_vti0\x00', 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000380)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) [ 152.864750][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.878729][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.888389][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.898974][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.906139][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.963686][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 152.979428][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.990543][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.003036][ T2497] bridge0: port 1(bridge_slave_0) entered blocking state 08:07:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, 0x0}) [ 153.010131][ T2497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.018947][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.028218][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.037324][ T2497] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.044475][ T2497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.053130][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 153.062861][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 153.071891][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.080960][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.095267][ T7894] binder: 7893:7894 transaction failed 29189/-22, size 0-0 line 2995 [ 153.104236][ T2497] bridge0: port 2(bridge_slave_1) entered blocking state 08:07:30 executing program 0: clone(0x200813fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x400, 0x0) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) syz_execute_func(&(0x7f0000000bc0)="c4e379614832074a2be92c3a980f0544dbeac4a37bf0c59f41e2e9c4e251b74c6e0f0f6e6232480f6ee736f344a738463da16379637902000000cc876112dc3ae00000c48253a3c4c40f5bc90f01570a02c48f8970915fbac4028d8ebf0500000041d09d54b00000491e2f163e83933a7f0000324cbec5a44d0f2c718f56c4e14dee1a6565400f0f34208e660f38dce844c3b45959410f8bbbb6a718dda4304a0000006a0f7a3134f08351595966410f38000843ad80807b4733ad0a000066450f3825a89d2424a4c423c96cb83d000000fe66410fd1e46bd104f0e14340d9e56a660f6eb45b000880417cd8f30f38f6d22636120ff360313143fd6cc80a00d8000f18c340406666413ac330c435cc5ac7d5000000000fdca0ef000000266573896f893f898900000100f199400f17976a5000000f092ddd8f0b00c4a17ae64295c4a174149b5e000000650fae59e1fb2e36646466264681b908000024000dc4c2d3f50b33c46645020fdf5f7777e12172e200c9c412b1bf70b47804000000c422a5ae9aad6974d8db90bb00000044ff7eaf79c15438c0c0c078470f0d8478038dacc60f01deb3dd676566f20f1a25ea656fc9edf2085621660f73e7da00008f8920016afcd0d0008fc93001aee15973d40c0b5765672d000000002f0fadb50000000065002d08000000439ba7452d00000000a9bb000042c4414974ecc4622d2d2551430000ffb2214e214e083143e200") add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) getpeername$netlink(r0, &(0x7f0000000040), &(0x7f0000000080)=0xc) add_key(&(0x7f0000000280)='id_legacy\x00', &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000300)="3775f0e87a84809b8a1cab52fb96df4a5739c4d92dddfc143d0d94715193c4e1665c245f7fbcb08e7e43919e690585ffa826d3e3", 0x34, 0xfffffffffffffff8) [ 153.110249][ T7867] binder: undelivered TRANSACTION_ERROR: 29189 [ 153.111391][ T2497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.111978][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 153.134509][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 153.143461][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 153.152412][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 153.161490][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 153.170551][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 153.234930][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 153.239408][ T7898] mmap: syz-executor.0 (7898) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 153.246709][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 153.269889][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 153.279452][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 153.288468][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 153.298126][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 153.307287][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 153.315976][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.325370][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 153.334062][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 153.343423][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 153.359709][ T7856] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 153.370418][ T7856] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 153.395802][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 153.407791][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 153.420464][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.429502][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 153.440013][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 153.467208][ T7859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.500283][ T2497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 153.523852][ T7856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.563009][ T7859] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.579925][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 153.591761][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 153.599764][ C0] hrtimer: interrupt took 37879 ns [ 153.636970][ T7853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.647517][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.658147][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.678074][ T7857] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.685326][ T7857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.721722][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.737626][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.750894][ T7857] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.758109][ T7857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.813465][ T7866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.823824][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 153.835640][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 153.862439][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 153.882171][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 153.891157][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 153.901011][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 153.911782][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 153.920447][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 153.929722][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.960737][ T7859] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 154.001607][ T7916] raw_sendmsg: syz-executor.3 forgot to set AF_INET. Fix it! [ 154.010640][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 154.030890][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 08:07:31 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0xffffffff) read(r0, &(0x7f0000000280)=""/11, 0xfe17) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) r2 = syz_open_pts(r0, 0x0) dup3(r2, r0, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) [ 154.052748][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 154.088522][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 08:07:31 executing program 0: r0 = socket$nl_crypto(0x10, 0x3, 0x15) ioctl$sock_netdev_private(r0, 0x89f1, &(0x7f0000000000)="a8731329a2a7afae1725bfc7de348f018581fcb192f34c463178466ba85cfd85a410e78d94e0419debc365e2b9eb6a9f9b03844f9d8a13c954889633122dc97aa059676168a2d6511475f7a1e96fcf120024feb03e805d60f1a1") r1 = accept4$inet6(0xffffffffffffff9c, 0x0, &(0x7f0000000080), 0x80800) prctl$PR_GET_KEEPCAPS(0x7) r2 = accept4(r0, &(0x7f0000000140)=@alg, &(0x7f00000001c0)=0x80, 0x80800) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000200)=[@sack_perm, @mss={0x2, 0xffffffffffffce0b}, @timestamp, @timestamp, @timestamp, @timestamp, @window={0x3, 0x80, 0x400}, @mss={0x2, 0xd0d5}], 0x8) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1080001}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x24, r3, 0x400, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x8001, 0x0, {0x8, 0x11, 0x9}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4801) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) r4 = dup3(r1, r1, 0x0) ioctl$BLKRESETZONE(r4, 0x40101283, &(0x7f0000000380)={0x40, 0x7fffffff}) ioctl$BLKTRACETEARDOWN(r4, 0x1276, 0x0) alarm(0x7) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400)='TIPCv2\x00') r5 = msgget$private(0x0, 0x8) shmctl$IPC_SET(r5, 0x1, &(0x7f0000000b40)={{0x538, 0x0, 0x0, 0x0, 0x0, 0x18, 0x6}, 0xf3b, 0x20, 0x0, 0xfffffffffffffff8, 0x0, 0x0, 0xd4}) [ 154.149076][ T7866] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.195091][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 154.210363][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 154.261079][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.270844][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.299323][ T7867] bridge0: port 1(bridge_slave_0) entered blocking state 08:07:32 executing program 3: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$cuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cuse\x00', 0x100000000000082, 0x0) syz_execute_func(&(0x7f0000000300)="994a2ae92c10964c0f05bf03000000c4a37bf0c50141e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc44264cd376d00009f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfbc401782f1108cf") [ 154.306574][ T7867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.329977][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.340002][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.350311][ T7867] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.357524][ T7867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.367137][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 154.385503][ T7859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.425418][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 154.449747][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 154.467243][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 154.487062][ T7867] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 154.514836][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 154.529198][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 154.545299][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 154.566886][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 154.579714][ T7857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 154.608249][ T7866] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 154.634575][ T7866] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 154.645459][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 154.656708][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 154.726313][ T7866] 8021q: adding VLAN 0 to HW filter on device batadv0 08:07:32 executing program 1: syz_execute_func(&(0x7f0000001580)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abbe2199b8835cb10090793d3d81810000262f2279c6c6f9c4c2b9b6b900000000803fdec461d855b166440f567bd917252500018f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace4d0fae63fec21d9099c4e179d7ea63d9497dbf8259598fe850ee98d5000000c442d16f00f8c4e3594c1e1a3a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c4a1bd71d265f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee47272c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e400f4260fe88c4200000000ca30cac46190546104f3450f2c6b002e66420f3a0f2665c4c17829c8c40fadd7964aca24240f84500000006466420f3a0b0100d845e6f78ff778cce16a85856d6d81759d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c100246cb4169fac8c8aa246681380010c441015dbcd4950000000f29a3780e0000026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fa66440f73fe0ffbfbc9ec3e46dfca0fadd5663ef0430bc5ab00660f01de880c000000c4627925b7a91f6037") 08:07:32 executing program 2: syz_execute_func(&(0x7f0000000000)="98aaaa473e431c120f05f30f59bfd9130400c4a37bf0c53e41e2e9b59c67660f6b32fb660f72d50f0fb8c4c24e4eb1751e0fa0e509c4819965985100000034d1c4e10bf8c464f22654c461cd583d000000812e2e6df20f2a5205c483397fd300c9dcdcf345d9c665472214b2acc4c3214cb9a5605419c29a01f2b00b08000c00000c00a30b8a826eefa80dd4d48cc7e8628f6808a3056f0000004e00c4618de3c0f526264788fe58c4a1dd7dbbbfdd5cc600d030a1c9fb110fd3c4a26194b77662") 08:07:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) mmap(&(0x7f0000010000/0x4000)=nil, 0x4000, 0x0, 0x4020011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4, 0x0, &(0x7f00000001c0)=[@register_looper], 0x1, 0x1000000, &(0x7f0000000280)=','}) 08:07:32 executing program 4: futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x0) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) [ 155.017176][ T7958] syz-executor.1 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 155.056142][ T7968] binder: 7966:7968 ERROR: BC_REGISTER_LOOPER called without request 08:07:33 executing program 5: syz_execute_func(0x0) syz_execute_func(&(0x7f0000001580)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abbe2199b8835cb10090793d3d81810000262f2279c6c6f9c4c2b9b6b900000000803fdec461d855b166440f567bd917252500018f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace4d0fae63fec21d9099c4e179d7ea63d9497dbf8259598fe850ee98d5000000c442d16f00f8c4e3594c1e1a3a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c4a1bd71d265f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee47272c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e400f4260fe88c4200000000ca30cac46190546104f3450f2c6b002e66420f3a0f2665c4c17829c8c40fadd7964aca24240f84500000006466420f3a0b0100d845e6f78ff778cce16a85856d6d81759d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c100246cb4169fac8c8aa246681380010c441015dbcd4950000000f29a3780e0000026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fa66440f73fe0ffbfbc9ec3e46dfca0fadd5663ef0430bc5ab00660f01de880c000000c4627925b7a91f6037") 08:07:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000980)='net/ptype\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[]}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 08:07:33 executing program 3: r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r0, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r2 = accept(r0, 0x0, 0x0) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f0000000200)={&(0x7f0000000040), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4851) 08:07:33 executing program 1: 08:07:33 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000017000)=0xfffff7fffffffffd, 0x4) bind$inet(r0, &(0x7f0000011ff0)={0x2, 0x4e20, @empty}, 0x10) [ 155.843800][ T7990] binder: BINDER_SET_CONTEXT_MGR already set [ 155.871013][ T7990] binder: 7966:7990 ioctl 40046207 0 returned -16 [ 155.891820][ T7968] binder: 7966:7968 ERROR: BC_REGISTER_LOOPER called without request 08:07:33 executing program 3: r0 = socket(0x2, 0x10000001, 0x84) connect$unix(r0, &(0x7f0000000000)=@file={0xbd5699bc1ec0282, './file0\x00'}, 0x10) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x107, &(0x7f0000000040), 0x0) 08:07:33 executing program 4: clone(0x3102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = msgget$private(0x0, 0x0) msgrcv(r2, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x3b, 0x0, &(0x7f00000001c0)) msgsnd(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="02"], 0x1, 0x0) 08:07:33 executing program 0: r0 = socket$packet(0x11, 0x100000000002, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={'\x02\x00\x81\x00\x7f\x00\x1e\x00 \x00\x8c\xa7\xcc\x99\x175'}) sendmmsg(r0, &(0x7f0000000b40)=[{{&(0x7f0000000000)=@caif=@rfm={0x25, 0x3, "cd63ac6de8bd3c404654eaf9280cc6d3"}, 0x139, 0x0}}], 0x4000000000001e5, 0x0) 08:07:33 executing program 1: 08:07:33 executing program 2: 08:07:33 executing program 1: 08:07:33 executing program 3: 08:07:34 executing program 5: 08:07:34 executing program 0: 08:07:34 executing program 2: 08:07:34 executing program 1: 08:07:34 executing program 3: 08:07:34 executing program 4: 08:07:34 executing program 1: 08:07:34 executing program 3: 08:07:34 executing program 0: 08:07:34 executing program 4: 08:07:34 executing program 2: 08:07:34 executing program 3: 08:07:34 executing program 5: 08:07:34 executing program 2: 08:07:34 executing program 4: 08:07:34 executing program 0: 08:07:34 executing program 1: 08:07:34 executing program 3: 08:07:34 executing program 5: 08:07:34 executing program 2: 08:07:34 executing program 4: pause() r0 = getpgrp(0x0) syz_open_procfs(r0, 0x0) syz_execute_func(&(0x7f0000000000)="2e6440d9e564ff0941c366440f56c9660f3a16649c6700c4617b12e5c441dfd04b00c442019dcc0f11d46f") syz_execute_func(0x0) syz_execute_func(&(0x7f0000000280)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abbe2199b8835cb10090793d3d81810000262f2279c6c6f9c4c2b9b6b900000000803fdec461d855b166440f567bd917252500018f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace4d0fae63fec21d9099c4e179d7ea63d9497dbf8259598fe850ee98d5000000c442d16f00f8c4e3594c1e1a3a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c4a1bd71d265f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee47272c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e400f4260fe88c4200000000ca30cad0d06190546104f3450f2c6b002e66420f3a0f2665c4c17829c8c40fadd7964aca24240f84500000006466420f3a0b0100d845e6f78ff778cce16a85856d6d81759d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c100246cb4169fac8c8aa246681380010c441015dbcd4950000000f29a3780e0000026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fa66440f73fe0ffbfbc9ec3e46dfca0fadd5663ef0430bc5ab00660f01de880c000000c4627925b7a91f6037") 08:07:34 executing program 0: 08:07:34 executing program 3: 08:07:34 executing program 5: 08:07:34 executing program 1: 08:07:34 executing program 3: 08:07:34 executing program 5: 08:07:35 executing program 0: 08:07:35 executing program 2: 08:07:35 executing program 1: 08:07:35 executing program 3: 08:07:35 executing program 5: 08:07:35 executing program 4: 08:07:35 executing program 0: 08:07:35 executing program 1: 08:07:35 executing program 2: 08:07:35 executing program 3: 08:07:35 executing program 5: 08:07:35 executing program 0: 08:07:35 executing program 2: 08:07:35 executing program 3: 08:07:35 executing program 1: 08:07:35 executing program 4: 08:07:35 executing program 5: 08:07:35 executing program 0: 08:07:36 executing program 2: 08:07:36 executing program 3: 08:07:36 executing program 1: 08:07:36 executing program 4: 08:07:36 executing program 5: 08:07:36 executing program 4: 08:07:36 executing program 2: 08:07:36 executing program 0: 08:07:36 executing program 5: 08:07:36 executing program 1: 08:07:36 executing program 3: 08:07:36 executing program 2: 08:07:36 executing program 4: 08:07:36 executing program 3: 08:07:36 executing program 5: 08:07:36 executing program 0: 08:07:36 executing program 2: 08:07:36 executing program 1: 08:07:36 executing program 0: 08:07:36 executing program 4: 08:07:36 executing program 5: 08:07:36 executing program 3: 08:07:36 executing program 0: 08:07:36 executing program 1: 08:07:36 executing program 2: 08:07:36 executing program 4: 08:07:36 executing program 5: 08:07:36 executing program 3: 08:07:36 executing program 1: 08:07:36 executing program 0: 08:07:36 executing program 4: 08:07:36 executing program 5: 08:07:36 executing program 2: 08:07:37 executing program 3: 08:07:37 executing program 0: 08:07:37 executing program 5: 08:07:37 executing program 1: 08:07:37 executing program 2: 08:07:37 executing program 3: 08:07:37 executing program 4: 08:07:37 executing program 0: 08:07:37 executing program 1: 08:07:37 executing program 2: 08:07:37 executing program 3: 08:07:37 executing program 5: 08:07:37 executing program 4: 08:07:37 executing program 1: 08:07:37 executing program 3: 08:07:37 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, r3, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x29a) 08:07:37 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) r1 = dup2(r0, r0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r1, 0x400443c9, &(0x7f0000000000)={{}, 0xfffffffffffffffa}) 08:07:37 executing program 5: pause() syz_execute_func(&(0x7f0000000000)="2e6440d9e564ff0941c366440f56c9660f3a16649c6700c4617b12e5c441dfd04b00c442019dcc0f11d46f") syz_execute_func(0x0) syz_execute_func(&(0x7f0000000140)="c4e3f9614832074a2be93699980f053ef3aec4a37bf0c50341e2e926b5c9f2abbe2199b8835cb10090793d3d81810000262f2279c6c6f9c4c2b9b6b900000000803fdec461d855b166440f567bd917252500018f470fc9c4032d5f374747f03acf8fe97c810f69e08f4cbec566420feace4d0fae63fec21d9099c4e179d7ea63d9497dbf8259598fe850ee98d5000000c442d16f00f8c4e3594c1e1a3a603d06f0ffff00c4e16d410f0feaa6d2564105ba16f2aed9fd4aeb660f3a089d0e0000002eeba225adeab413c4c37d096208c2c4a1bd71d265f9ef0008e4a25600b150400f381da900e001c4d5c6d59134ffffff66dee47272c442f191047b8f49580197feffff7fc401c5d1543f014080a009210000df3b7d0f12e400f4c482f1b6ffca30cac46190546104f3450f2c6b002e66420f3a0f2665c4c17829c8c40fadd7964aca24240f84500000006466420f3a0b0100d845e6f78ff778cce16a85856d6d81759d8a000000c462a52b6e0bc4a17a4295f046839200000080a7a2e99cffffc3bdc3bd8300af77cb44e42ec4a17c100246cb4169fac8c8aa246681380010c441015dbcd4950000000f29a3780e0000026726670f010ef7a698b900008374fb0af0460fbabe58db000006c40155f64e06f247aceced41cf97c1045c0b47cc5c389f9f140f0fc481635a9c70d3813811fa66440f73fe0ffbfbc9ec3e46dfca0fadd5663ef0430bc5ab00660f01de880c000000c4627925b7a91f6037") 08:07:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") syz_execute_func(&(0x7f0000000200)="984a2ae92cb8b64c0f05be03004000c4a37bf0c50141e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e0200000065450f38031d000000000f4e5bc4a265aa104b26660f38091edee51bc421045f450f2f02c421dd589fc4e10bf8c426f2f045f61964620f42c1bfffffffff0252262e2e8245320f7d64c60c0ca3bd4877f88a0383391d8fd3ffff0065f20f7cd8efa1a12ad764d3cf53af6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000f2da68f0b000000c2a0c10b00cca27a0e0f414e53d2c40f0f9f3c641236b2aaaa450fc4650000c4e39978c104c441c05983f9070bb3ddcd01cfa2a20f38346800c4e3295e4c3dc8a3c4c1045ccc7d7526802d08000000fa5c450f91f3f30f5ea5a9a50000ffffbedc4e61c9553131b83a00a2f1fbfb3b62") [ 159.817800][ T8220] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 159.908538][ T8228] deprecated_sysctl_warning: 3 callbacks suppressed [ 159.908549][ T8228] warning: process `syz-executor.1' used the deprecated sysctl system call with 08:07:37 executing program 4: unshare(0x600) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x100000000000, 0x2) getsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0x101440, 0x0) setsockopt$sock_void(r1, 0x1, 0x24, 0x0, 0x0) syz_open_dev$usb(0x0, 0x4, 0x80007fffd) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, &(0x7f0000000180)={{0x0, @empty, 0x4e20, 0x0, 'sed\x00', 0x8}, {@remote, 0x0, 0x0, 0x0, 0xfffffffffffffffc}}, 0x44) migrate_pages(0x0, 0x2a, &(0x7f00000004c0), 0x0) 08:07:37 executing program 2: r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = dup2(r0, r0) flistxattr(r1, &(0x7f0000000380)=""/4096, 0x1000) recvfrom(r0, &(0x7f0000001380)=""/82, 0x52, 0x3, &(0x7f0000001400)=@un=@file={0x1, './file0\x00'}, 0x80) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000340)={0xc, 0x8, 0xfa00, {&(0x7f00000001c0)}}, 0x10) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f0000000080)={0x0, 0x1d, 0x1d, 0x0, 0x0, 0x9, 0x1, 0x800, {0x0, @in={{0x2, 0x4e20, @loopback}}, 0x66ce, 0x59c, 0x4, 0xb12, 0x101}}, &(0x7f0000000000)=0xb0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={r2, 0x3}, &(0x7f0000000180)=0x8) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000040)={@mcast2={0xff, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}}, 0x21) 08:07:37 executing program 3: memfd_create(&(0x7f0000000140)=';\xe6\xaf\xb0\xd3\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\xbf\xec\aP\x15\r_T\xc5\xf2\xd1\xee}(\xb6\xaf\xce\xad\xe7\x05\xd3x\xba\x1b\x1bW\x1da\xe3\x92%@*\x971A`<\xdcj\x99\xcc\x98\x12\xb6\x00\xe6\xc4p\xdd\x17\xe9\x99H\xfa~\x99\x05\xfd|\x04\xe4\x0f\xcf[\xd31H\x16\xd2\xd1\x141)\x84\x84m\xd4\xeb\x14H\xa0\xefNUrE\x8b\x1bO\xaaJ\xe6E\x1d\x1b\x92\xff\xf6\xa5\xc4D\n\xfe6\x11\xb0\xaaP\xfaK\xd9\x06\xc9\x18\xb2\x19\x88#\xa2\x1c+/\xac\xb3\x0e\xff\xd0\xcd\xe2\x88\xb3\xbd3\xb2\xee\xe6u\x0e\x7fz{i\xbd\x91\x05\x8e;JT\xf9\xea\x98\x96\xfbqs|b`\x02FG\xfe\xef 1U}\x86\xc80\xf0o\x9c\x1d\x93\x9f!r\xfa\x8d\xce\xff\xce\xa8\x865ZWi8\xb9\x89\xd4P\x88\xf8FaQ\xff\xee\xdc\xb4rd\xe0>\x84\x8b~\xc6\xf2\x06\xc5KG\xbahU\xf4\xc1J=\n\x14M\xaa\x03\xa6Y\xde\xb7\x0e\xd1p\xc3\x11\xd2~\\\xb7\x88/\xf9\xb7m\x01\xfa1\xb6l\xf8\xc1bxF\xcd\b\x97sq\xf3G \xcd\x82H\xf9\x04@\xaca|\'\x02\xa0\xa0\xa7\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x10000004) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x6, 0x40000) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)=0x0) ioctl$SIOCAX25ADDUID(r0, 0x89e1, &(0x7f0000000100)={0x3, @bcast, r1}) 08:07:37 executing program 2: 08:07:37 executing program 3: 08:07:38 executing program 0: 08:07:38 executing program 2: 08:07:38 executing program 3: 08:07:38 executing program 0: 08:07:38 executing program 4: 08:07:38 executing program 5: 08:07:38 executing program 1: 08:07:38 executing program 3: 08:07:38 executing program 4: 08:07:38 executing program 2: 08:07:38 executing program 0: 08:07:38 executing program 5: 08:07:38 executing program 5: 08:07:38 executing program 4: 08:07:38 executing program 2: 08:07:38 executing program 3: 08:07:38 executing program 0: 08:07:38 executing program 1: 08:07:38 executing program 5: 08:07:38 executing program 3: 08:07:38 executing program 4: 08:07:38 executing program 2: 08:07:38 executing program 1: 08:07:38 executing program 0: 08:07:38 executing program 4: 08:07:38 executing program 3: 08:07:38 executing program 1: 08:07:38 executing program 2: 08:07:38 executing program 5: 08:07:38 executing program 2: 08:07:39 executing program 0: 08:07:39 executing program 4: 08:07:39 executing program 1: 08:07:39 executing program 3: 08:07:39 executing program 5: 08:07:39 executing program 0: 08:07:39 executing program 1: 08:07:39 executing program 4: 08:07:39 executing program 2: 08:07:39 executing program 5: 08:07:39 executing program 0: 08:07:39 executing program 3: write$evdev(0xffffffffffffffff, &(0x7f0000000100)=[{{}, 0x4, 0x4}], 0x18) r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x2, 0x28001) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000140)={0x4, 0x4, &(0x7f0000000000)="959e8ef4"}) write$evdev(r0, &(0x7f0000000040)=[{}, {}], 0x52a) 08:07:39 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr="d9715feffeace97a4c301f9b94db6efc"}, 0x1c) 08:07:39 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$bt_hci(r0, 0x65, 0x3, 0x0, &(0x7f0000000040)) 08:07:39 executing program 1: 08:07:39 executing program 0: 08:07:39 executing program 5: 08:07:39 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$bt_hci(r0, 0x65, 0x3, 0x0, &(0x7f0000000040)) [ 161.833907][ T8337] RDS: rds_bind could not find a transport for d971:5fef:feac:e97a:4c30:1f9b:94db:6efc, load rds_tcp or rds_rdma? 08:07:39 executing program 0: pause() syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_execute_func(&(0x7f0000000000)="3666440f50f564ff0941c3c4e1a5f97300c46269f7a41d000000003a8e16649c675181617b12e564660f2ef4c442019dccd2111db8d36f") syz_execute_func(&(0x7f0000000b80)="470f52e94a2be93699980f053ef3aec4a37bf0c50241e2e9450fe36a09c462f1920cbcc4027d30ef420f5a1ea35500262ff3906646da4e329200d2dec461dc55b13e410f3809132525000e818f470f94c967450f289369000000b100673e66470f0fa21900000090853665f3490f2cf18fe97c810f69e08f4cbec5c4c2858c3f8f56388d2b0000000f01d4263e4683215f497dbf30470fc4623dbfb20800000037ad59438f34b267f36ab4c4c2e9adc256c4810e5e2482263ef367650f0fb30080000094c4c29d962150386c6cb3f9b3f9491feefe8f08e4a25600b15009096667410f58d1e289e2897474e4b6c1f04346dce7440f704eee98d15f713b7d0f12e400f4c4617be6d2c4017a7fc3bb2cbb610209912af3430f47bb00000000000045126d6d8450000000c44299deb76a5babb9c463d90d2408433e65660f5cb54c0a0000dd4805c462a52b6e0b8fa810ecd6091a1af20fa576acffff65d085431fe720660f38219cbc7a46fc0c4577cbf043806d040ef4b0f4c4c1d72ab4e4c00000001002970606b2aa8fa8689fb900100002dac422e6912cb18374fb0a07c401f1eb277aa8abcbadcbaddd910cb1c4217c29f936660f38058b976192361d09f4f5e5e1979747910002c1045c0b47cc47cc5c0f1ea5322333332ef217640f28006c6c01a9bb000042d8fb6835b96de30b31c422358c083422") 08:07:39 executing program 5: r0 = epoll_create1(0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000100)={0x2, 0x0, {0x0, 0x0, 0x0, 0x1e, 0x0, 0x64}}) poll(&(0x7f0000000080)=[{r0}], 0x1, 0x0) 08:07:39 executing program 1: pause() syz_execute_func(&(0x7f0000000b80)="470f52e94a2be93699980f053ef3aec4a37bf0c50241e2e9450fe36a09c462f1920cbcc4027d30ef420f5a1ea35500262ff3906646da4e329200d2dec461dc55b13e410f3809132525000e818f470f94c967450f289369000000b100673e66470f0fa21900000090853665f3490f2cf18fe97c810f69e08f4cbec5c4c2858c3f8f56388d2b0000000f01d4263e4683215f497dbf30470fc4623dbfb20800000037ad59438f34b267f36ab4c4c2e9adc256c4810e5e2482263ef367650f0fb30080000094c4c29d962150386c6cb3f9b3f9491feefe8f08e4a25600b15009096667410f58d1e289e2897474e4b6c1f04346dce7440f704eee98d15f713b7d0f12e400f4c4617be6d2c4017a7fc3bb2cbb610209912af3430f47bb00000000000045126d6d8450000000c44299deb76a5babb9c463d90d2408433e65660f5cb54c0a0000dd4805c462a52b6e0b8fa810ecd6091a1af20fa576acffff65d085431fe720660f38219cbc7a46fc0c4577cbf043806d040ef4b0f4c4c1d72ab4e4c00000001002970606b2aa8fa8689fb900100002dac422e6912cb18374fb0a07c401f1eb277aa8abcbadcbaddd910cb1c4217c29f936660f38058b976192361d09f4f5e5e1979747910002c1045c0b47cc47cc5c0f1ea5322333332ef217640f28006c6c01a9bb000042d8fb6835b96de30b31c422358c083422") 08:07:39 executing program 3: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={0x7fffffff}, 0x8, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000380)=""/162, 0xa2}], 0x10000000000000dc) timer_create(0x2, &(0x7f00000001c0)={0x0, 0x800000000000001f}, &(0x7f0000000080)) syz_genetlink_get_family_id$tipc(0x0) timer_settime(0x0, 0x100000001, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x7}}, 0x0) 08:07:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000005c0)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffbff}}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x0, 0x203}) 08:07:39 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$bt_hci(r0, 0x65, 0x3, 0x0, &(0x7f0000000040)) 08:07:39 executing program 5: r0 = socket$packet(0x11, 0x0, 0x300) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000001480)={0x40000000}) socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380), &(0x7f0000001400)=0x4) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000300)=0x81, 0x4) bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x1d0) write$binfmt_elf64(r3, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) prctl$PR_CAPBSET_READ(0x17, 0x0) recvmsg(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475}, 0x100) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='highsteed\x00', 0x2e) write(r2, &(0x7f00000001c0), 0xfffffef3) write$eventfd(r1, &(0x7f00000001c0)=0x9, 0x5) read(r1, &(0x7f0000000200)=""/250, 0x50c7e3e3) r4 = socket$packet(0x11, 0xffffffffffffffff, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000}, 0xfffffd8f) recvmsg(0xffffffffffffffff, 0x0, 0x40000002) fchdir(r4) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, &(0x7f00000014c0)) ioctl$KDMKTONE(r2, 0x4b30, 0x5) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x25}}, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, 0x0, 0x0) ioctl$EVIOCGPHYS(r1, 0x80404507, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x7, 0x1ff) 08:07:39 executing program 3: 08:07:39 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$bt_hci(r0, 0x65, 0x3, 0x0, &(0x7f0000000040)) 08:07:39 executing program 3: 08:07:39 executing program 5: 08:07:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000005c0)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffbff}}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x0, 0x203}) 08:07:40 executing program 0: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x15}, 0x8) close(r0) 08:07:40 executing program 2: getsockopt$bt_hci(0xffffffffffffffff, 0x65, 0x3, 0x0, &(0x7f0000000040)) 08:07:40 executing program 1: 08:07:40 executing program 3: 08:07:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="8c"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 08:07:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000005c0)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffbff}}) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000000)={0x0, 0x203}) 08:07:40 executing program 2: getsockopt$bt_hci(0xffffffffffffffff, 0x65, 0x3, 0x0, &(0x7f0000000040)) 08:07:40 executing program 3: [ 162.974277][ T8403] kasan: CONFIG_KASAN_INLINE enabled [ 162.979784][ T8403] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 162.987887][ T8403] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 162.994844][ T8403] CPU: 0 PID: 8403 Comm: syz-executor.5 Not tainted 5.1.0-rc7-next-20190430 #33 [ 163.003886][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.013975][ T8403] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0 [ 163.019702][ T8403] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89 [ 163.039303][ T8403] RSP: 0018:ffff88805d91fa00 EFLAGS: 00010006 [ 163.045381][ T8403] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9001086a000 [ 163.053357][ T8403] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078 [ 163.061337][ T8403] RBP: ffff88805d91fb10 R08: ffff888099aaa340 R09: ffffed1015d06be0 [ 163.069317][ T8403] R10: ffffed1015d06bdf R11: ffff8880ae835efb R12: ffff88805d87806c [ 163.077304][ T8403] R13: 0000000000000001 R14: ffff88805d878070 R15: ffff88805d878040 [ 163.085292][ T8403] FS: 00007f80f367b700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 163.094240][ T8403] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.100843][ T8403] CR2: 00007fa6b6a80e99 CR3: 00000000a4d4f000 CR4: 00000000001426f0 [ 163.108851][ T8403] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 163.116850][ T8403] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 08:07:40 executing program 1: 08:07:40 executing program 2: getsockopt$bt_hci(0xffffffffffffffff, 0x65, 0x3, 0x0, &(0x7f0000000040)) 08:07:40 executing program 3: 08:07:40 executing program 1: [ 163.124851][ T8403] Call Trace: [ 163.128200][ T8403] ? emulator_read_emulated+0x50/0x50 [ 163.133627][ T8403] ? lock_acquire+0x16f/0x3f0 [ 163.138356][ T8403] ? kvm_check_async_pf_completion+0x2d8/0x440 [ 163.144553][ T8403] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 163.150152][ T8403] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 163.155956][ T8403] kvm_vcpu_ioctl+0x4dc/0xf90 [ 163.160680][ T8403] ? kvm_set_memory_region+0x50/0x50 [ 163.165992][ T8403] ? tomoyo_path_number_perm+0x263/0x520 [ 163.171673][ T8403] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 163.177617][ T8403] ? __fget+0x35a/0x550 [ 163.181785][ T8403] ? kvm_set_memory_region+0x50/0x50 [ 163.187087][ T8403] do_vfs_ioctl+0xd6e/0x1390 [ 163.191704][ T8403] ? ioctl_preallocate+0x210/0x210 [ 163.196839][ T8403] ? __fget+0x381/0x550 [ 163.201010][ T8403] ? ksys_dup3+0x3e0/0x3e0 [ 163.205443][ T8403] ? nsecs_to_jiffies+0x30/0x30 [ 163.210298][ T8403] ? tomoyo_file_ioctl+0x23/0x30 [ 163.215234][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.221476][ T8403] ? security_file_ioctl+0x93/0xc0 [ 163.226592][ T8403] ksys_ioctl+0xab/0xd0 [ 163.230757][ T8403] __x64_sys_ioctl+0x73/0xb0 [ 163.235345][ T8403] do_syscall_64+0x103/0x670 [ 163.239942][ T8403] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.245826][ T8403] RIP: 0033:0x458da9 [ 163.249716][ T8403] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 163.269416][ T8403] RSP: 002b:00007f80f367ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.277954][ T8403] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9 [ 163.285954][ T8403] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 163.293920][ T8403] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 163.301906][ T8403] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f80f367b6d4 [ 163.309863][ T8403] R13: 00000000004c1d42 R14: 00000000004d4550 R15: 00000000ffffffff [ 163.317828][ T8403] Modules linked in: [ 163.321720][ T8403] ---[ end trace fe0d628f5679a979 ]--- [ 163.327163][ T8403] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0 [ 163.332894][ T8403] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89 [ 163.352485][ T8403] RSP: 0018:ffff88805d91fa00 EFLAGS: 00010006 [ 163.358537][ T8403] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9001086a000 [ 163.366505][ T8403] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078 [ 163.374477][ T8403] RBP: ffff88805d91fb10 R08: ffff888099aaa340 R09: ffffed1015d06be0 [ 163.382435][ T8403] R10: ffffed1015d06bdf R11: ffff8880ae835efb R12: ffff88805d87806c [ 163.390414][ T8403] R13: 0000000000000001 R14: ffff88805d878070 R15: ffff88805d878040 [ 163.398375][ T8403] FS: 00007f80f367b700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 163.407291][ T8403] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.413857][ T8403] CR2: 00007fa6b6a80e99 CR3: 00000000a4d4f000 CR4: 00000000001426f0 [ 163.421821][ T8403] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 163.429779][ T8403] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 163.437758][ T8403] Kernel panic - not syncing: Fatal exception [ 163.444813][ T8403] Kernel Offset: disabled [ 163.449154][ T8403] Rebooting in 86400 seconds..