Warning: Permanently added '10.128.0.110' (ECDSA) to the list of known hosts. 2018/12/26 09:11:10 fuzzer started 2018/12/26 09:11:15 dialing manager at 10.128.0.26:36901 2018/12/26 09:11:15 syscalls: 1 2018/12/26 09:11:15 code coverage: enabled 2018/12/26 09:11:15 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/26 09:11:15 setuid sandbox: enabled 2018/12/26 09:11:15 namespace sandbox: enabled 2018/12/26 09:11:15 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/26 09:11:15 fault injection: enabled 2018/12/26 09:11:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/26 09:11:15 net packet injection: enabled 2018/12/26 09:11:15 net device setup: enabled 09:14:24 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001380)={'vcan0\x00', 0x0}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") bind$can_raw(r0, &(0x7f0000000000)={0x1d, r1}, 0x10) write(r0, &(0x7f00000001c0)="c4e1f64e08c456a36447bc9e5c17326a", 0x10) syzkaller login: [ 298.375926] IPVS: ftp: loaded support on port[0] = 21 [ 299.808762] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.815400] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.823980] device bridge_slave_0 entered promiscuous mode [ 299.919182] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.925818] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.934260] device bridge_slave_1 entered promiscuous mode [ 300.016824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 300.099136] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 300.358764] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 300.451040] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 300.537860] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 300.544955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 300.633605] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 300.640670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 300.904638] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 300.913413] team0: Port device team_slave_0 added [ 300.997577] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 301.006256] team0: Port device team_slave_1 added [ 301.089738] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 09:14:28 executing program 1: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) mlock2(&(0x7f0000a36000/0x2000)=nil, 0x2000, 0x0) writev(r1, &(0x7f0000000700), 0x1000000000000068) [ 301.179771] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 301.332453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 301.340114] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 301.349723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 301.519768] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 301.527586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 301.536931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 302.328484] IPVS: ftp: loaded support on port[0] = 21 [ 303.044383] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.050971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 303.058315] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.064890] bridge0: port 1(bridge_slave_0) entered forwarding state [ 303.074280] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 303.080784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 304.916361] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.923004] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.931847] device bridge_slave_0 entered promiscuous mode [ 305.074777] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.081318] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.089626] device bridge_slave_1 entered promiscuous mode [ 305.183762] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 305.299899] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 305.777398] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 305.946205] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 306.162900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 306.169923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:14:33 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x3001}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000e00)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfdef) [ 306.493255] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 306.502153] team0: Port device team_slave_0 added [ 306.673004] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 306.681916] team0: Port device team_slave_1 added [ 306.883537] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 307.079080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 307.185853] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 307.193614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 307.203035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 307.381046] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 307.388872] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 307.398101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 308.127387] IPVS: ftp: loaded support on port[0] = 21 [ 309.381935] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.388500] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.395673] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.402308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 309.411484] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 309.418145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 309.447360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 310.075364] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 310.665519] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 310.671902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 310.679970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 310.799923] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.806618] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.814961] device bridge_slave_0 entered promiscuous mode [ 310.978832] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.985476] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.994051] device bridge_slave_1 entered promiscuous mode [ 311.189968] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 311.204768] 8021q: adding VLAN 0 to HW filter on device team0 [ 311.348228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 311.906421] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 312.080454] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 312.801098] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 312.809867] team0: Port device team_slave_0 added [ 312.996132] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 313.005003] team0: Port device team_slave_1 added [ 313.133426] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 313.300291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 313.403476] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 313.411161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 313.420388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 313.583517] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 313.591152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 313.600253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 09:14:40 executing program 3: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x14103e, 0x0) write$binfmt_misc(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="89"], 0x1) fcntl$setstatus(r0, 0x4, 0x44000) io_setup(0x400000000000000b, &(0x7f0000000080)=0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x2000}]) [ 315.618501] IPVS: ftp: loaded support on port[0] = 21 09:14:42 executing program 0: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffff9c}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) openat$vicodec0(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video36\x00', 0x2, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="4c0000001400197f09004b0101048c590188ffffcf3d34740600d4ff5bffff00e7e5ed7d00000000c85500000000f0002758d60034650c0326356cdb47f6aaaa956086cbfe0db35200af4486", 0x4c}], 0x1) [ 315.755992] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.762614] bridge0: port 2(bridge_slave_1) entered forwarding state [ 315.769762] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.776394] bridge0: port 1(bridge_slave_0) entered forwarding state [ 315.785354] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 315.792105] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 315.945815] hrtimer: interrupt took 34245 ns 09:14:43 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0x61) read(r0, &(0x7f0000000040)=""/11, 0x155) r1 = syz_open_pts(r0, 0x0) syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2) ioctl$TCXONC(r1, 0x540a, 0x2) 09:14:43 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x6, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x200000, 0x0) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2283, &(0x7f0000000700)) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x101340, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000140)={0xdb25590000000000, 0x0, 0x0, 0x8001}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0x9, r3, 0x0, 0x7}) ioctl$DRM_IOCTL_SG_ALLOC(r2, 0xc0106438, &(0x7f00000000c0)={0x1e, r4}) write$P9_RMKDIR(r1, &(0x7f0000000180)={0x14, 0x49, 0x1, {0x8, 0x2, 0x1}}, 0x14) 09:14:43 executing program 0: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) fcntl$lock(r0, 0x5, &(0x7f0000000180)={0x0, 0x1, 0x0, 0xffffffffffffff7f}) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6f, @loopback, 0x4e24, 0x1, 'fo\x00', 0x10, 0x4, 0x68}, 0x2c) 09:14:43 executing program 0: clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) futex(&(0x7f0000000200)=0x1, 0x0, 0x1, &(0x7f00000002c0)={r0, r1+30000000}, &(0x7f0000000300), 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20000000008912, &(0x7f0000000000)="0a5c2d0240316285717070") r3 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0x0, 0x0) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0xc0002, 0x0) ioctl$PERF_EVENT_IOC_RESET(r4, 0x2403, 0x8) r5 = memfd_create(&(0x7f0000000100)='#v}*\xa1\xc7net1nodevem1\x00', 0x0) r6 = fcntl$getown(r3, 0x9) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r6, r4, 0x0, 0xb, &(0x7f0000000140)='/dev/mixer\x00'}, 0x30) write$cgroup_pid(r4, &(0x7f0000000080)=r7, 0x12) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r5, 0x0) sched_setparam(0x0, &(0x7f00000001c0)) ioctl$DRM_IOCTL_GET_CAP(r3, 0xc010640c, &(0x7f0000000040)) sched_getscheduler(r6) ioctl$DRM_IOCTL_GET_CAP(r3, 0xc010640c, &(0x7f0000000380)={0x3, 0xffff}) ioctl$EVIOCGSND(r4, 0x8040451a, &(0x7f00000003c0)=""/15) ioctl$RNDADDTOENTCNT(r4, 0x40045201, &(0x7f0000000340)=0x6d2) 09:14:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/kvm\x00', 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000040)={0x400, 0xeea}) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000180)={0x0, 0x0, 0x5, 0x3ff}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f0000000200)) mknod(&(0x7f00000001c0)='./file0\x00', 0xe902, 0x9e) syz_kvm_setup_cpu$x86(r3, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x4, 0x0, 0x0) ioctl$VIDIOC_S_FREQUENCY(r2, 0x402c5639, &(0x7f0000000080)={0x1, 0x7, 0x8}) ioctl$EVIOCGBITSND(r2, 0x80404532, &(0x7f0000000300)=""/93) openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x400, 0x0) [ 317.153465] 8021q: adding VLAN 0 to HW filter on device bond0 [ 317.176333] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 09:14:44 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000240)={0x28, 0x4}, 0x28) 09:14:44 executing program 0: socket$inet6(0xa, 0x803, 0x2) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000100)=0x1f40) [ 317.935127] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 09:14:45 executing program 0: socket$inet6(0xa, 0x803, 0x2) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000100)=0x1f40) [ 318.687409] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 318.693835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 318.701822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 318.991844] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.998388] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.006659] device bridge_slave_0 entered promiscuous mode [ 319.193390] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.199936] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.208436] device bridge_slave_1 entered promiscuous mode [ 319.266639] 8021q: adding VLAN 0 to HW filter on device team0 [ 319.392084] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 319.614618] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 320.207914] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 320.388010] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 320.589513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 320.596654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 320.704337] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 320.711422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 321.156911] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 321.167071] team0: Port device team_slave_0 added [ 321.368045] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 321.376870] team0: Port device team_slave_1 added [ 321.510894] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 321.517953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 321.526981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 321.723790] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 321.730819] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 321.739835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 321.898848] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 321.906663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 321.915795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 322.075860] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 322.083657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 322.092655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 09:14:50 executing program 0: ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000000)={0xd, 0x0, 0x10000, 0x4000, 0xffffffffffffffff}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/nfsfs\x00') mmap(&(0x7f00002e6000/0x4000)=nil, 0x4000, 0x0, 0x148010, r1, 0x0) unshare(0x20400) r2 = socket$inet_udp(0x2, 0x2, 0x0) signalfd(r0, &(0x7f00000000c0)={0x922}, 0x8) getsockopt$inet_udp_int(r2, 0x11, 0x0, &(0x7f0000000080), &(0x7f0000000140)=0xffffff72) [ 323.754039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 323.979297] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.985936] bridge0: port 2(bridge_slave_1) entered forwarding state [ 323.993150] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.999696] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.009642] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 324.016258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 324.121876] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 324.713069] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 324.719739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 324.728341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 325.311382] 8021q: adding VLAN 0 to HW filter on device team0 09:14:55 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x280140, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x4) r1 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x7, 0x400) ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f0000000080)={0x101, 0x10001, 0x4, 0x7, 0x12, 0x1}) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f00000000c0)="0a1c4988ef9629171620efae4087cc7ece9bc0151be96351ce3485d53714498450a7017834719c773664a8c61b949ae37917b1", 0x33) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000100)=[0x0, 0x4]) setsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000140)={0xf6}, 0x2) r2 = getpid() process_vm_readv(r2, &(0x7f0000000280)=[{&(0x7f0000000180)=""/216, 0xd8}], 0x1, &(0x7f00000004c0)=[{&(0x7f00000002c0)=""/248, 0xf8}, {&(0x7f00000003c0)=""/246, 0xf6}], 0x2, 0x0) r3 = getuid() r4 = getegid() fchown(r1, r3, r4) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r1, 0x10f, 0x84, &(0x7f0000000500), &(0x7f0000000540)=0x4) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4, 0x850, r1, 0x0) mount$fuse(0x0, &(0x7f0000000580)='.\x00', &(0x7f00000005c0)='fuse\x00', 0x100000, &(0x7f0000000600)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xe000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@max_read={'max_read'}}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@max_read={'max_read', 0x3d, 0x5}}], [{@uid_lt={'uid<', r3}}]}}) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000780)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x28, r5, 0x4, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x2000c000) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt(r6, 0x7fffffff, 0x3ff, &(0x7f00000008c0)="46637a2436da09de3b044461a530a21a1da6d023533f600fe0884c02c7b4b3d4ee30586fecdd7132f137fcb223435c490f847131d64c82a5f5ff2054543f008d652628e87aedaebbd00c449dc0e3eb353f72fc920fb8a953a4e4e1a7eba157a2641a68d2ddfe2047e7828e5384ff3c637525664f2acc0b1e", 0x78) ioctl$NBD_CLEAR_QUE(r0, 0xab05) r7 = accept$packet(r1, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000980)=0x14) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f00000009c0)={r8, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000a00)="19f7eeb649bf166f37727698a344618b16707ba31050649d285b45d0f51cb437ca771f2bcbf152999c9f7f9de4b0d16ee225fdac38b56ebcf6a66421ed7d8bf329bd37f50e4106137773262f230fed5249a4e30d6445ddef3a4ad4bfca67c9c3c67e34a3a9d971b0730e099c040b8c") bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000ac0)={r1, 0x28, &(0x7f0000000a80)}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000b40)={0xffffffffffffff9c, 0x28, &(0x7f0000000b00)}, 0x10) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000b80)={0x7, {{0x2, 0x4e21, @local}}, 0x1, 0x4, [{{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1f}}}, {{0x2, 0x4e22, @local}}, {{0x2, 0x4e20, @multicast1}}, {{0x2, 0x4e20, @multicast1}}]}, 0x290) fchown(r7, r3, r4) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000e40)={0x1, 0x0, 0x10000, 0x7f}) ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000e80)={0x2, r9}) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000f40)={0x10, 0x30, 0xfa00, {&(0x7f0000000f00)={0xffffffffffffffff}, 0x0, {0xa, 0x7f, 0xffff, @empty, 0xfa2}}}, 0x38) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000f80)={0x11, 0x10, 0xfa00, {&(0x7f0000000ec0), r10}}, 0x18) [ 329.297152] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.372720] IPVS: ftp: loaded support on port[0] = 21 [ 329.615422] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 329.923311] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 329.929917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 329.938067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 330.266082] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.782656] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.789218] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.797712] device bridge_slave_0 entered promiscuous mode [ 330.888013] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.894648] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.903079] device bridge_slave_1 entered promiscuous mode [ 330.980738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 331.061231] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 331.319499] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 331.406065] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 331.825692] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 331.834462] team0: Port device team_slave_0 added [ 331.915755] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 331.926527] team0: Port device team_slave_1 added [ 332.006621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 332.013731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 332.022798] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 332.107787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 332.115423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 332.124581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 332.184739] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 332.192481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 332.201398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 332.302339] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 332.309708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 332.319392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 09:14:59 executing program 3: r0 = gettid() futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) exit(0x0) tkill(r0, 0x0) 09:14:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c00)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000800)=""/65, 0x41}], 0x1}}], 0x1, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:14:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000a40)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000000)={0x1, 0x0, [{}]}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="c74424000d000000c744240200000000c7442406000000000f011424b9800000c00f3235002000000f306467660f2c46050f20c035000000400f22c066b84d000f00d066ba2100b07cee48b83f000000000000000f23c80f21f8350000e0000f23f866410f388059cbf2f30f232b36490fc79de4ee0000", 0x77}], 0x1, 0x1, &(0x7f0000000140), 0x0) dup2(r1, r2) 09:14:59 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2001, 0x0) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000040)={0x3, {0x1, 0x5, 0x1, 0x40}}) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000080)={0xa, [0x5, 0x7, 0x5, 0xfffffffffffff800, 0xffffffff, 0x165, 0x10001, 0x2, 0xfffffffffffffffa, 0x8]}, 0x18) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x2600, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000100)='ipddp0\x00') write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000000140)={0x2c, 0x3, 0x0, {0x5, 0xb, 0x0, 'vboxnet0\xd8))'}}, 0x2c) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4e24, 0x400, @mcast2, 0x7}, 0x1c) r2 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x7fff, 0x200000) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@dev, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@mcast2}}, &(0x7f00000003c0)=0xe8) fstat(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200)='/dev/loop0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='fuseblk\x00', 0x800000, &(0x7f0000000500)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xb000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions='default_permissions'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/dev/vcs\x00'}}, {@permit_directio='permit_directio'}, {@subj_role={'subj_role'}}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@fowner_eq={'fowner', 0x3d, r5}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'ipddp0\x00'}}, {@subj_user={'subj_user'}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@appraise_type='appraise_type=imasig'}]}}) r6 = dup2(r2, r1) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000680)={{0x6, 0x4d, 0x47b4, 0x20}, 'syz1\x00', 0x3c}) ioctl$TIOCLINUX4(r1, 0x541c, &(0x7f0000000700)) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000740)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000780)={0x0}, &(0x7f00000007c0)=0xc) ioctl$DRM_IOCTL_GEM_FLINK(r6, 0xc008640a, &(0x7f0000000800)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000840)={r8}) fsetxattr$trusted_overlay_opaque(r6, &(0x7f0000000880)='trusted.overlay.opaque\x00', &(0x7f00000008c0)='y\x00', 0x2, 0x1) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000900)={0xb, {0x7fff, 0x1, 0x5a, 0x6}}) setsockopt$inet_tcp_buf(r1, 0x6, 0x1f, &(0x7f0000000940), 0x0) ioctl$KVM_GET_TSC_KHZ(r6, 0xaea3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000009c0)={&(0x7f0000000980)='/dev/dri/card#\x00', r1}, 0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000a00)=@assoc_value, &(0x7f0000000a40)=0x8) syz_open_dev$vbi(&(0x7f0000000a80)='/dev/vbi#\x00', 0x2, 0x2) timerfd_gettime(r0, &(0x7f0000000ac0)) syz_open_procfs$namespace(r7, &(0x7f0000000b00)='ns/user\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={&(0x7f0000000b40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x100, 0x118, 0x0, {"247994d99177573120bad79a4651eb35d6b428f8222f3a122a0bb9425a2c604bfcd31bb62ef07e8e50fae00a947af2d522ce5ff76cc7874f98af6412515c784a727efbcea7349e32e0d8145d9f6df02211f8525d8623851e878086f696164abb9b78c91545b13ab025133f054fa40ed327472116d9b9f5b9d70f50efd8e41235f93f64374bf057c700242e4cd30c965d23a3ca0aaae7faf004351c77621e7e9c11358a5a654b8f7b12ce09927075d68422dc29962e19d809f40b3ad76736307cf0506633ebfec44daca36c0fa8878e6e7286cf61f861a7301e4a08c6962a8c729d6db4da20a736c5b1e56e2786e04f439d2819cc926956657a8b7ca8ba55"}}, {0x0, "a5998794da49cb4581e122383d697d9567cbfedb0f18f9d66a341260f48d09742d28869a8f99f73f4cc324856fc34388b1e02f7dd42395a23f2abe42c4913a50a76ee0be1f577323afdc5f59334ce888c9af9f173140a8ad0468024f5679b6d72fa7489feb2c618184ae5bd5087b1d1bee9bc7a0d1a1154daecce06cdbddb6e5"}}, &(0x7f0000000d00)=""/51, 0x19a, 0x33, 0x1}, 0x20) openat$full(0xffffffffffffff9c, &(0x7f0000000d80)='/dev/full\x00', 0x20040, 0x0) 09:14:59 executing program 1: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) mlock2(&(0x7f0000a36000/0x2000)=nil, 0x2000, 0x0) writev(r1, &(0x7f0000000700), 0x1000000000000068) 09:14:59 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1000002102005fd8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit(0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000100)="580000001400192340834b80040d8c560a02000000ff81004e227e00000058000b4824ca944f64009400050028925aa8000000000000008000f0ffffffff09000000fff5dd00000010000100050c0c00fcff0000040e05a5", 0x58}], 0x1) 09:14:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000340)=[@in6={0xa, 0x0, 0x0, @remote, 0x6}], 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x6d, &(0x7f0000000000)={r2}, &(0x7f00000000c0)=0xfd12) [ 333.020863] ================================================================== [ 333.028297] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x178/0x220 [ 333.034808] CPU: 1 PID: 12064 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #14 [ 333.042088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.051459] Call Trace: [ 333.054089] dump_stack+0x173/0x1d0 [ 333.057766] kmsan_report+0x12e/0x2a0 [ 333.061616] kmsan_internal_check_memory+0x455/0xb00 [ 333.066757] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 333.072660] kmsan_copy_to_user+0xab/0xc0 [ 333.076840] _copy_to_user+0x178/0x220 [ 333.080774] sctp_getsockopt+0x164fe/0x17550 [ 333.085272] ? aa_label_sk_perm+0x6d6/0x940 [ 333.089649] ? __se_sys_futex+0x43d/0x800 [ 333.093886] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 333.099288] ? aa_sk_perm+0x605/0x950 [ 333.103140] ? aa_sock_opt_perm+0x121/0x270 [ 333.107516] ? sctp_setsockopt+0x124c0/0x124c0 [ 333.112131] sock_common_getsockopt+0x13f/0x180 [ 333.116853] ? sock_recv_errqueue+0x8f0/0x8f0 [ 333.121409] __sys_getsockopt+0x489/0x550 [ 333.125612] __se_sys_getsockopt+0xe1/0x100 [ 333.129997] __x64_sys_getsockopt+0x62/0x80 [ 333.134358] do_syscall_64+0xbc/0xf0 [ 333.138106] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 333.143318] RIP: 0033:0x457759 [ 333.146563] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 333.165493] RSP: 002b:00007f309da50c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 333.173230] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457759 [ 333.180518] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000004 [ 333.187827] RBP: 000000000073bfa0 R08: 00000000200000c0 R09: 0000000000000000 [ 333.195118] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f309da516d4 [ 333.202411] R13: 00000000004c8708 R14: 00000000004cf2b0 R15: 00000000ffffffff [ 333.209805] [ 333.211434] Uninit was stored to memory at: [ 333.215781] kmsan_internal_chain_origin+0x134/0x230 [ 333.220982] kmsan_memcpy_memmove_metadata+0x58f/0xfa0 [ 333.226287] kmsan_memcpy_metadata+0xb/0x10 [ 333.230615] __msan_memcpy+0x5b/0x70 [ 333.234341] sctp_getsockopt+0x1633f/0x17550 [ 333.238765] sock_common_getsockopt+0x13f/0x180 [ 333.243457] __sys_getsockopt+0x489/0x550 [ 333.247618] __se_sys_getsockopt+0xe1/0x100 [ 333.251953] __x64_sys_getsockopt+0x62/0x80 [ 333.256292] do_syscall_64+0xbc/0xf0 [ 333.260013] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 333.265207] [ 333.266862] Uninit was stored to memory at: [ 333.271217] kmsan_internal_chain_origin+0x134/0x230 [ 333.276338] kmsan_memcpy_memmove_metadata+0x58f/0xfa0 [ 333.281646] kmsan_memcpy_metadata+0xb/0x10 [ 333.286001] __msan_memcpy+0x5b/0x70 [ 333.289739] sctp_getsockopt+0x1623e/0x17550 [ 333.294161] sock_common_getsockopt+0x13f/0x180 [ 333.298849] __sys_getsockopt+0x489/0x550 [ 333.303005] __se_sys_getsockopt+0xe1/0x100 [ 333.307337] __x64_sys_getsockopt+0x62/0x80 [ 333.311670] do_syscall_64+0xbc/0xf0 [ 333.315394] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 333.320582] [ 333.322214] Uninit was stored to memory at: [ 333.326549] kmsan_internal_chain_origin+0x134/0x230 [ 333.331666] kmsan_memcpy_memmove_metadata+0x58f/0xfa0 [ 333.336963] kmsan_memcpy_metadata+0xb/0x10 [ 333.341289] __msan_memcpy+0x5b/0x70 [ 333.345013] sctp_add_bind_addr+0x16f/0x610 [ 333.349348] sctp_copy_local_addr_list+0x4e7/0x660 [ 333.354283] sctp_copy_one_addr+0x1fd/0xc30 [ 333.358618] sctp_bind_addr_copy+0x22d/0x8a0 [ 333.363042] sctp_assoc_set_bind_addr_from_ep+0x219/0x270 [ 333.368591] __sctp_connect+0x121f/0x1c20 [ 333.372753] sctp_setsockopt+0x5931/0x124c0 [ 333.377092] sock_common_setsockopt+0x13b/0x170 [ 333.381788] __sys_setsockopt+0x493/0x540 [ 333.385967] __se_sys_setsockopt+0xdd/0x100 [ 333.390296] __x64_sys_setsockopt+0x62/0x80 [ 333.394630] do_syscall_64+0xbc/0xf0 [ 333.398350] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 333.403539] [ 333.405174] Uninit was created at: [ 333.408727] kmsan_internal_poison_shadow+0x92/0x150 [ 333.413840] kmsan_kmalloc+0xa6/0x130 [ 333.417647] kmem_cache_alloc_trace+0x55a/0xb90 [ 333.422324] sctp_inet6addr_event+0x5c9/0xc10 [ 333.426828] atomic_notifier_call_chain+0x13d/0x240 [ 333.431858] inet6addr_notifier_call_chain+0x76/0x90 [ 333.436969] ipv6_add_addr+0x2361/0x2620 [ 333.441037] inet6_addr_add+0xc75/0x1bd0 [ 333.445122] inet6_rtm_newaddr+0x15be/0x3ab0 [ 333.449596] rtnetlink_rcv_msg+0x115b/0x1550 [ 333.454046] netlink_rcv_skb+0x444/0x640 [ 333.458130] rtnetlink_rcv+0x50/0x60 [ 333.461848] netlink_unicast+0xf40/0x1020 [ 333.466006] netlink_sendmsg+0x127f/0x1300 [ 333.470246] ___sys_sendmsg+0xdb9/0x11b0 [ 333.474330] __se_sys_sendmsg+0x305/0x460 [ 333.478482] __x64_sys_sendmsg+0x4a/0x70 [ 333.482569] do_syscall_64+0xbc/0xf0 [ 333.486293] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 333.491476] [ 333.493109] Bytes 32-35 of 2044 are uninitialized [ 333.497955] Memory access of size 2044 starts at ffff888135660000 [ 333.504196] Data copied to user address 0000000020000008 [ 333.509666] ================================================================== [ 333.517054] Disabling lock debugging due to kernel taint [ 333.522504] Kernel panic - not syncing: panic_on_warn set ... [ 333.528402] CPU: 1 PID: 12064 Comm: syz-executor2 Tainted: G B 4.20.0-rc7+ #14 [ 333.537069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.546423] Call Trace: [ 333.549036] dump_stack+0x173/0x1d0 [ 333.552695] panic+0x3ce/0x961 [ 333.555951] kmsan_report+0x293/0x2a0 [ 333.559780] kmsan_internal_check_memory+0x455/0xb00 [ 333.564918] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 333.570331] kmsan_copy_to_user+0xab/0xc0 [ 333.574498] _copy_to_user+0x178/0x220 [ 333.578414] sctp_getsockopt+0x164fe/0x17550 [ 333.582854] ? aa_label_sk_perm+0x6d6/0x940 [ 333.587194] ? __se_sys_futex+0x43d/0x800 [ 333.591405] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 333.596783] ? aa_sk_perm+0x605/0x950 [ 333.600618] ? aa_sock_opt_perm+0x121/0x270 [ 333.604967] ? sctp_setsockopt+0x124c0/0x124c0 [ 333.609566] sock_common_getsockopt+0x13f/0x180 [ 333.614265] ? sock_recv_errqueue+0x8f0/0x8f0 [ 333.618778] __sys_getsockopt+0x489/0x550 [ 333.622968] __se_sys_getsockopt+0xe1/0x100 [ 333.627320] __x64_sys_getsockopt+0x62/0x80 [ 333.631659] do_syscall_64+0xbc/0xf0 [ 333.635398] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 333.640597] RIP: 0033:0x457759 [ 333.643803] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 333.662716] RSP: 002b:00007f309da50c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 333.670465] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457759 [ 333.677737] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000004 [ 333.685039] RBP: 000000000073bfa0 R08: 00000000200000c0 R09: 0000000000000000 [ 333.692319] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f309da516d4 [ 333.699595] R13: 00000000004c8708 R14: 00000000004cf2b0 R15: 00000000ffffffff [ 333.707909] Kernel Offset: disabled [ 333.711552] Rebooting in 86400 seconds..