[ 49.052524] audit: type=1800 audit(1538903778.070:28): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 50.373514] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 52.969256] random: sshd: uninitialized urandom read (32 bytes read) [ 53.297518] random: sshd: uninitialized urandom read (32 bytes read) [ 54.695883] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. [ 60.452116] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/07 09:16:31 fuzzer started [ 64.686574] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/07 09:16:35 dialing manager at 10.128.0.26:36867 2018/10/07 09:16:35 syscalls: 1 2018/10/07 09:16:35 code coverage: enabled 2018/10/07 09:16:35 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/07 09:16:35 setuid sandbox: enabled 2018/10/07 09:16:35 namespace sandbox: enabled 2018/10/07 09:16:35 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/07 09:16:35 fault injection: enabled 2018/10/07 09:16:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/07 09:16:35 net packed injection: enabled 2018/10/07 09:16:35 net device setup: enabled [ 70.034227] random: crng init done 09:18:18 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000) ioctl$int_in(r1, 0x40000000af01, &(0x7f0000000300)) readv(r1, &(0x7f00000014c0)=[{&(0x7f0000001400)=""/168, 0xa8}], 0x1) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) close(r2) socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000007c0)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000f1dff8)={0x0, r2}) [ 170.399228] IPVS: ftp: loaded support on port[0] = 21 [ 172.405161] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.411606] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.419851] device bridge_slave_0 entered promiscuous mode [ 172.540444] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.546979] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.555167] device bridge_slave_1 entered promiscuous mode [ 172.673602] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 172.791539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 173.152622] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.278012] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:18:22 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000000)={0x53, 0xfffffffffffffffd, 0xb9, 0x0, @buffer={0x0, 0x8a, &(0x7f00000001c0)=""/138}, &(0x7f0000000280)="0000feed34347e37e4d04a2d501e6a841ae24a65e1be95ed8bdfeb487295491b4fe2315790f4572ef21762e02569f2ea50333e98a05ece94371f50303863b3c4db3b10607fff696fd6e9510ffeeee0af88cacc2ab6d0307f6bc7bb5decf02e3cc886b4b8e54e253caf018019be4abe9932cf0c556edf6a3ac1f282995ab05fb8257cd28353873bb03c8be6c748bf13492c7225bbf58cf145c85fc664e418c766dbd4d37880a220facfce130abea1f45da0238c67f7fa9a06c1", &(0x7f00000000c0)=""/149, 0x0, 0x0, 0x0, &(0x7f00000008c0)}) [ 173.996002] IPVS: ftp: loaded support on port[0] = 21 [ 174.087097] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 174.095037] team0: Port device team_slave_0 added [ 174.277539] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 174.285585] team0: Port device team_slave_1 added [ 174.447070] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 174.455951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.464724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.623754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.873820] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 174.881539] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.890328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.074797] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 175.082373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.091112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.247741] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.254305] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.262494] device bridge_slave_0 entered promiscuous mode [ 177.387023] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.393564] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.401847] device bridge_slave_1 entered promiscuous mode [ 177.420530] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.427051] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.434017] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.440443] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.448905] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.462340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.518837] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 177.639591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 09:18:27 executing program 2: openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) prctl$intptr(0x0, 0x401) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f00000001c0)) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0xc, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000001180)}], 0x1, &(0x7f0000000200)}, 0x8000) set_robust_list(&(0x7f0000000180)={&(0x7f0000000080)={&(0x7f0000000040)}, 0x1, &(0x7f0000000140)={&(0x7f00000000c0)}}, 0xc) sendmsg(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001480)="d09a0e63c9476288b671afdbd53a5994e137381f62021d1951b627b8dda57a5d17d744648c81c5703ed8146ab1b0171f89091b1dd3238d03dbb686df460963245dedf2973ee555af99499e44ad420dbf65fd46fbc99a1274429e2d5783751815828ec8cb3553110cca66460215353d19f6d8bbd8fb264eddea60b18e16c31aa5e200000491634ac2fd10e2cd30bcd7fede24263a7fff16e53ea293f3551b7147c33a44ea437fb1515c3e8d4f162fdebf8ebe11ae6fcd9372c8d8f19556ae091fe94215ae9434da412f6fa4cb6561e5f78ff9707844ee5d573fb294437722d9a06dfa61748c32c73d759933a8dd344c947d3efdbe90d0eb049df5fbb0c19f6785264b619c530d97395d44b04f7e2a280d658c7871ad373b792678c49227999651ef3b2ee1bc2b8f3035db376e8e09aa3837233c8713065a8ad131d24f6c42a3220d0e07c3d3e95d59a5dd10c09716b5f874ecf53aadfa5050ff40f2c3c4a629b644", 0x161}], 0x1, &(0x7f0000001780)}, 0x0) [ 178.352183] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.645434] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 178.899797] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 178.906998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.109466] IPVS: ftp: loaded support on port[0] = 21 [ 179.203911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 179.212214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.958350] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.966349] team0: Port device team_slave_0 added [ 180.223243] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 180.231116] team0: Port device team_slave_1 added [ 180.487628] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.496330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.505086] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.631242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.638365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.647104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.907329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.915055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.923844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.097810] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.105440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.114247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.249288] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.255891] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.264086] device bridge_slave_0 entered promiscuous mode [ 183.561326] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.567903] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.576189] device bridge_slave_1 entered promiscuous mode [ 183.775222] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.781681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.788667] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.795190] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.803597] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 183.828225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.165400] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 184.664066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.019100] bond0: Enslaving bond_slave_0 as an active interface with an up link 09:18:34 executing program 3: r0 = syz_open_dev$vcsa(&(0x7f00000012c0)='/dev/vcsa#\x00', 0x3, 0x2081) write$UHID_INPUT(r0, &(0x7f0000000280)={0x8, "98571c6fcf4b7f6c5896660503e551d5b4ecb0a8a39b7996c9ab7126ab5c2a886fde126e4fbbd70f1f6e481b98dab990ee1803e1e2bdd0438c71030aa7fcc9b9bb3002747f9700c08808a5e9ca23c14693b1327dacecdd6370ddd638cb84893d9eb71ffd5c81f2b255c81cda89ffc1bd922c2dc254650c12498b20d081195156365216e3623644678c50170c959d8676082e1d3fa105fe28ef882ad3e9e1bee815d09e0f478a93a4ca4020c69527e4183ed41212593b56370bac9f22f0b02c06411fde5068feb4ce8ddd57f437aca8cb3ceab4cbcc425688dfb9e43bd992b562efe7577de621ce46653a7352f875fd29969a2486ec6af75b4c748620107e9b678562e6ad9a343d1246733671e9024733b867e4dbb27521b488163a5e0212edc9f11d6ed64621ae8af129cc38936c0a25668304ff7353cd8a666e31d53aa7727147b686286b7aac52723bad7b19e6e6892e8f0489a947bd644ab312f232fa2a4038aaae5cbad63ff4fbf6bbe2a7266f508a508b4948370953260e1e1377155a71b9ae21d9e2b5fd77d1986892ed85c5dee65b40691ce115b73caa18ad40523c265b8d044395716f7d989c88c2ed667fe75d9955aed1a41fd1afc2791c137077d159b0cb56e34e3a67b6a705e9c10bafe413b2b21b538c39ae61364d200511c109ddc03f76892e7d0e85acd68b25e0b7ddbed82ecd4c0f4db8ee48f6cce526f4fb4a5faf60857e9c4a6e9b2251854edb69fbeadc1d4caf073e36ac505effe36b71b908c5eb479b2a0e2062172464720db97341c801c9caa93ce6d9de4fa9f9bd56dcdb106c04c503d284dd6964c4ae57b977de1757b41b3fe54c2fbcdd83d7b17fe04afed4d529b416fab1b916d883d0de2de85252f8336c09a06d1d663ed1afde2e9cbeda051f4729c16f2ab6ee31a54889bc900496b3f989e8d5a20f8eb63f800ee8cfc0011da19dbfe194e3d10299cfd88d0ab12f73d4e05b6ed4534677a31e9e7d97b130c457749acc9d031bd42d0afd867220bbf06083f2d67787021362e6372995145198f3c6fe7842e3be8c87c937fbffe07c87566d97af7fc06ce3c9ccae5de77557e0b418f80f0f8bf4c93f32cf5d71099cdbb6a7f60ebd1201b1551d88d93b441b017d941b8da0880aa7aea75c6ed4922d9e2409c7059df0b71ad4fda1cabeaf2297110f76592bd6c4a62253f10061fdd6fc2150470bfd79e36016dc1c5d8bb18cf12d855883a0a5dfca0b6ae6c525b149f6dd3d2c350fbc28c54cc2fb9bbf9873a6be5e326ca5b1d349f71662339b322ed2aaad97f344645e61a2edff10e5fb7e42056bc49651bbf675406d0f13727908be81ec51d2d4c6defb42d17986eac5886e67d0d716517b7ab5c72d6e29c7dfe93a187e83b8e014187646e7b81f5f55d5b868321c5b69640dc8f149417793b2f6664f2f7117268235fab3e3573c3e9452eb05ef091f716d26ecca2766040cb91a77b264db722b22fc6b9a98e39bb35557d6426d4ffcf77f1eb19668cf3bf58fd055afdfca68aea699cbb18c689be45dc0abada9b59e90c3d16ef893d5cf980bbf6f5000576c2611fdb9a26db2a161e77b724690eb695c82c8bfc911c7f87bd861932f6332a9e1a0894b3cc572acb06d4c7305fe9f435a742e367fc003c49d88631de2a53711bc4eaa909fd3f1739f9ff832a42f8b00580913b51a1acb17689916be28519a8173d493a8f420b70ee748a2bcd57c9e0ae8ad49afd970baccd9e2f9f578083df47c904d2994f6ca2d04ccff3063d9edad6fcf45bebfd0a34823f608cf415007be6bf81b4d480032113894d098030f1105fbf885ceca8b7061ee6e0827cb605edd73b8e4ca0b69a5feb63c7d71ec4c31787547f62976981f55bb6e46b8593544c684fa928097cd92654f4627c41cad570c4c6c322195e987677c61e517184559355efda69b3ba7f0bd45efeb7388490f66f81ada3cec71ca24aafdc2321a3d9ea87c5e341ddc51eb023d97d9de274bf1d331eb4838f29933463ede0c707ccc033d34118e0233218bc273bf20742c58fe63e881f5cde391d45370759b1a82ec3a887a3b692992377857c9f48a434380d43b27529f9f12dae6ddbf303e80f902b1adc611729671d50b79644d88b853aa74e3a64fd94440f729655f339faadefacd3212ce30e8acbfe08943a1380e3a06e7597a616d5bba5814a58b4053528455e2e5cbd9f3c7a044125a2776dd70f7a277af59ee6dacf77a926cdd9f7696ef6f04118d8ebe3d112eb77fab9026aeeb7590ad2b92c284cad945251846ac77f38dc57e8f8166e504ec26c6fcce4ceb072165cba385ea71c2a1abfc765f679dd763bb3b88f48675d5cf0d7d7a02d3049f693a96279a0fca85ac8ce0910eec88bdf2b49f79cab7fac55a3418a4ff8aba1a326b9400057f879609f123cd322f707583c52474e53a983a9632353bebe8e2aa6d55970b42fa333a5930f32f2a88baa7762ab6dcb09ddc648586974b0ba4447f99460c21f447f256759aa801c86a6b5d8bbb313250e07918316ac905586544da69fb253b25844b0378d648225a5f605fd5875a2d0e09627c7266fbed2dfc28ce235fca921588cd385b10eb3c206c55783597f440a61701a3c2a79739ddd0da6fdd1d74e0d34d7d0db477db75b35f68fff334fca547df0a85fdeb7db9e8deb0870593c07714503170744e153404f5184c65ffd883884ff5da679f6239f4d054e908dc31827f1efc0ef525c8ebc0bb2d3ae330be90ba1ba7981811dc26b8d2093615ff000caceb4de34cc2b1798a16a2ff7468ca92a6a0ba2e86c63612b9a6b7ba84eabd3e4f22270904bbdd33fd1e021f4816d1f64060d784255b6d8a0808af0598495ba225e9907597cbc576577c201183d67a1db0f77b13e1370d68213d96c45befa3b2271ec40aec85da3fa172e83015f27561a54e16837bcf9f3cad9da3e13411afadcdad1c3c634f252c2caef62a80d026db05abfaa344d47438c5d9bf00ed183d4319eb57f8cd2707cbd887aed43c0f2f4211bcf93ced3ebb7daec29a6fe64cae5d13a3996399a276bd0d3b620569ea5f996bdcf17583cf758c1174edbac31558c7f134476f6dd47d02b08ac0c3ee1a69c041bd2f2ac674d059126fa6a3ca905b50523ee681dd3d2a22d330c696fb948f827392f0390a13be7fc5751dc4643f0b4f7c18635cda833d957a567d1b76bf73b1c5c5f7f6178235e00602bd6c59de3d6c050be5831106ec7c7791c6a2b938c326591faeebaab070c4001196537c17d77f9d388d84040405409792b21a8a806489edc0585a3d22c0c527831c5585acfdb85bd8896fb36effc9c468441a0beaed5f4ba911a1c3fa9b31d0702d8f708cf21b22f8016f3dedd63da231364bbb1e4a8e2493038963962d5f301d6118d0624b54c65cbf7213356015dc0e2170f74079bd67751f0cc9958fa4b935098565337d742238144c856e0c96f867ec2252b755ffdef3d70917050d5ad28afa9de063fb3d0dbecae4a2a1ea84b97b6e99d7c736a2305dc4e36c5af7130083b7cb2abb0ba3d3a40365871f48c375dec283c33dc3939e72f3cbfc3cbc3166ce4086f7a742f3d0c1d4ed1cdf6ef69b343ca19c186ff888ada3fe95ed2ca54e80c7dba1b9447011a703fbae5b29fadba2100abb47aa7d205767144b3b17bee74f4d360447bfb4ab14ca5d161a55bee42aa3656b57a23e18335dafca21f907d2746ddd63668c1249dc1fa96d8870f2adf181b066ebaaa2139e0be2a64b55f87a39f6923a5fd172ace89df00f3dd6ced1184d760a45c3f0a3dcdf3a41b2720eb380f05681a6ed476a84b2835cefc2bb52b0608a568b0e821f1cdc5821faa6d26fb767da3a8ffb6feb36eca4311fd0e6e2815e37ad10a60cf907fbb8225e1e984653eb55e586254946cac05d85e318044e638920b689557680c4198634fdab5a37639886981c04b4c7e5e2609f793f6cbc27922fa0606783b0ffec9b62ec38816542d70732f869c1366e2e813bbf10ffd51517c370303bb80202e00d0e6cdbef70f967754ac696279683b4419888d19115656bc3f677f98479a30be1df4cfa5cc0a297fc43a9c4a849feb66eb5b79d709999172715278ce632f7c7c959dd4d70044444fec83d6b47daa12310e7ac8ced8b2c5380139ee9be320542da12d003fe52ee6ed32308fe1fc92d4c93a9417c3776f89afb406f0639f07c25757df720932c803fd11748a7317b218c1945f8374903a60323f8841e1f02efc04f3b5e7f010344992e99f8656d69b8790eee8373fba768c4e2955f448cbe66d68af31587d23a57e9ee5333fd78af95119ff44194a3c12485eb3dee1ce3a79feffa66add411f6b6c573939b9e75427ae38e3d4c71f1fcd4dbafce689b991ffb519adc33d210838ce1417f7cd40e5d0567682c573050cd327c2ab20e5a3599894fb17e54ba376055eb626b396ac9454e9027c04e429690fc433414b2a14c55edfc4c5be25debf16175b8e05a979e8d35f2762483d82813154f004573bb8b9f41b56e4cfe6a733dd86357c8d25294d2fc6259f5688ee729f553da2bc646165226dc16b4a2494face3d5fe62cd824f150f2592feeee9ce84ad31a5bcc1eabacf860433659bf0b182f9393d82c9f7cb089fdfd08c112d511951bba3745ce9084a49f3bac16091277c97be468883a6ae1170e93279b5d0da829ae23f7a62b61d958bee33999b13035b28fec07b395d071a944420193693b69355ed728339a8977c3d3205ec5be5b745e729c136f3b2e163df59d77ef43720740dad97cad4f254d3778c9b65d8b168b466b81547b6c3221b7ceaee2bbdc1765ff2858cc3d3bd1ac931e9f314f9cfa8d86804762c7d74d8bb846e380b6ce233010824e5e91c139aa06e4201e3ff7248217a8a99c7db9a510f54834df71d907fd8a89b5acfc157cc37dedd42a5f0c44f89c0f19783ef6f9014099492ce5113e2e8c30aeb26efb3b446dcd97f704b5fee12c9abfae22709c55bf297ebdff1887bded57a4cdc6c8829d04a7af2a18f0f7f3f8824deac727cb23696dc9dfc3d98071f1693feb58fbc972a36e666299948fd5bc16bfa882193323f21a5342bd0e417aa5e4cf74599595ff6dbe3807e983797fb2c84876be8a61150f54c208860578d200acabf207a8070473a694cec05c672785dfc00cbc84da2eae51680ddf97b738c3951f60363996bc20a76509bffcfb82d246518286148ff95acc0264085ebcc7cb418d2dfc71793d30c1f4a6bde7c66c0e24aa361bd2b70a007d66f5813503f7a9ea53ca7211134db5e0502a2b155f0d5c40a0793398b9d1ac8059e90e786554ccdf40649253cc57d1155f0742b3d04435d7ceb46bd8d41ea3952fd024873720361c9f06d9eb2a8071061e3e94a65c653422c421f2f005b2533a36f5a3076387492624fa5f289ced912ac913f458d44ebf515f5cb38ded1a750c9e4541367cdaa8c6727bb73db63b943540acf1b826610e39ccec13c6561ffd6ab6f91ace951e8b6d0f9e354f1f05b44b00d811a87d324de505343c62991e1306ce302bde0480d5b9d776282e6e22ed818af1cf0fdd69c8bf9cc30606bb3ff062b90872fb6620e1a97e951d0f9c53dc8b2ad82253c30b4a6754ec591a87b732ce39d3ea3fff1736d7915785412ffe82ca33c470a7b04a633b3ecf36a442db0c54d30c06428b4e25b51cedb515454cf04bc1997608f5fbe50432184befef749eb49615c565f3e0c6843650859582eaf2c3a35fd749095ed8efa90cc07efc2fc8b5e580179c93e6eef9cfb0476fb38390376485f", 0x1000}, 0x1006) [ 185.319400] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.558210] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.566002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.894697] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.901950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.335641] IPVS: ftp: loaded support on port[0] = 21 [ 186.875834] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.883903] team0: Port device team_slave_0 added [ 187.267135] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 187.275096] team0: Port device team_slave_1 added [ 187.594006] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 187.601049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.609800] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.858200] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 187.865358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.874107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.245105] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 188.252742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.261506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.332404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.576464] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 188.584851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.593727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.690538] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.836410] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.842903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.850637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.471486] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.478125] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.486344] device bridge_slave_0 entered promiscuous mode [ 191.863359] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.869807] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.878141] device bridge_slave_1 entered promiscuous mode [ 192.037477] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.080471] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.086991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.093928] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.100355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.108674] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.167943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 192.461881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 193.062712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 09:18:42 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000400)={[], 0x0, 0x9, 0x4008001, 0x0, 0x5}) [ 193.454144] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.770455] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 194.054434] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 194.071468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.381391] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 194.389955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.485517] IPVS: ftp: loaded support on port[0] = 21 [ 195.395434] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 195.403551] team0: Port device team_slave_0 added [ 195.779419] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 195.787406] team0: Port device team_slave_1 added [ 196.066198] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 196.073382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.082173] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.450422] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 196.457695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.466211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.761183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.785322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 196.793337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.802056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.173738] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 197.181217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.190108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.026898] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.541174] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.547689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.555508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.534708] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.541150] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.549705] device bridge_slave_0 entered promiscuous mode [ 200.866744] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.943371] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.949833] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.958084] device bridge_slave_1 entered promiscuous mode [ 201.151574] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.158120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.165081] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.173102] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.183449] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 09:18:50 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00') preadv(r0, &(0x7f0000000000), 0x12e, 0x0) [ 201.396144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 201.688800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 09:18:50 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x2, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x6, 0x400002) getsockopt$inet_tcp_int(r2, 0x6, 0x0, &(0x7f0000000040), &(0x7f0000000080)=0x4) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) close(r0) [ 201.943855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 09:18:51 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="06631bddc4cc000063000600"], 0xfa, 0x0, &(0x7f00000000c0)="c1549b9fc4bfd91798305adb7db0382d60a1b927dc14d1733949370671607db9291b3ddf31f577de2f904be94cca27341c5b00fbffa5f8c4bbd50d45a2d40af42cc5faff13d615621521eb10e4bcaa57369bd8fefa82de5b700b1bf453e6eaecb10df98f75d6d42b3424ad4617243d3d9fe18775130aed8aa2150f90deb810e7dde21329f7a613c59a8fba151f6efbf78b31a40d188d536fd86c7d2a84c047aa1e8397b1b03f9911c08ea0f916ced86680f207d83cbeb81c6ac7e60c33bbc48303c3c692cae93f9d974ae0dc2caa2a6452fb153253850465a7037cf461ef69c443451adf98c030b137b2d106b558b813976cbce43baa3d663e0b"}) listen(r0, 0x8000000000000) ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000200)) ioctl$int_in(r0, 0x80000080044df9, &(0x7f0000000000)) [ 202.661375] bond0: Enslaving bond_slave_0 as an active interface with an up link 09:18:52 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="06631bddc4cc000063000600"], 0xfa, 0x0, &(0x7f00000000c0)="c1549b9fc4bfd91798305adb7db0382d60a1b927dc14d1733949370671607db9291b3ddf31f577de2f904be94cca27341c5b00fbffa5f8c4bbd50d45a2d40af42cc5faff13d615621521eb10e4bcaa57369bd8fefa82de5b700b1bf453e6eaecb10df98f75d6d42b3424ad4617243d3d9fe18775130aed8aa2150f90deb810e7dde21329f7a613c59a8fba151f6efbf78b31a40d188d536fd86c7d2a84c047aa1e8397b1b03f9911c08ea0f916ced86680f207d83cbeb81c6ac7e60c33bbc48303c3c692cae93f9d974ae0dc2caa2a6452fb153253850465a7037cf461ef69c443451adf98c030b137b2d106b558b813976cbce43baa3d663e0b"}) listen(r0, 0x8000000000000) ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000200)) ioctl$int_in(r0, 0x80000080044df9, &(0x7f0000000000)) [ 203.014477] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:18:52 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000040000)) prlimit64(0x0, 0xb, &(0x7f0000000000), &(0x7f00000000c0)) tkill(r0, 0x8001004000000016) recvmmsg(0xffffffffffffff9c, &(0x7f0000009e40)=[{{&(0x7f0000000140)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/84, 0x54}, {&(0x7f0000000240)=""/226, 0xe2}, {&(0x7f0000000340)=""/4096, 0x1000}], 0x3, &(0x7f0000001340)=""/65, 0x41, 0x8}, 0x6}, {{&(0x7f00000013c0)=@ipx, 0x80, &(0x7f0000001740)=[{&(0x7f0000001440)=""/140, 0x8c}, {&(0x7f0000001500)=""/142, 0x8e}, {&(0x7f00000015c0)=""/223, 0xdf}, {&(0x7f00000016c0)=""/100, 0x64}], 0x4, &(0x7f0000001780)=""/252, 0xfc, 0x8}, 0x1c0000000}, {{&(0x7f0000001880)=@xdp, 0x80, &(0x7f0000002b80)=[{&(0x7f0000001900)=""/4096, 0x1000}, {&(0x7f0000002900)=""/94, 0x5e}, {&(0x7f0000002980)=""/211, 0xd3}, {&(0x7f0000002a80)=""/35, 0x23}, {&(0x7f0000002ac0)=""/27, 0x1b}, {&(0x7f0000002b00)=""/71, 0x47}], 0x6, 0x0, 0x0, 0xffffffffffffff9e}, 0x1}, {{&(0x7f0000002c00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000003400)=[{&(0x7f0000002c80)=""/161, 0xa1}, {&(0x7f0000002d40)=""/99, 0x63}, {&(0x7f0000002dc0)=""/144, 0x90}, {&(0x7f0000002e80)=""/208, 0xd0}, {&(0x7f0000002f80)=""/166, 0xa6}, {&(0x7f0000003040)=""/58, 0x3a}, {&(0x7f0000003080)=""/203, 0xcb}, {&(0x7f0000003180)=""/171, 0xab}, {&(0x7f0000003240)=""/175, 0xaf}, {&(0x7f0000003300)=""/227, 0xe3}], 0xa, &(0x7f00000034c0)=""/5, 0x5, 0x3}, 0xd8}, {{&(0x7f0000003500)=@l2, 0xfffffefe, &(0x7f0000003680)=[{&(0x7f0000003580)=""/74, 0x4a}, {&(0x7f0000003600)=""/93, 0x5d}], 0x2, &(0x7f00000036c0)=""/69, 0x45, 0xa}, 0xffff}, {{&(0x7f0000003740)=@generic, 0x80, &(0x7f0000004800)=[{&(0x7f00000037c0)=""/18, 0x12}, {&(0x7f0000003800)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x5}, 0x5}, {{&(0x7f0000004840)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}}, 0x80, &(0x7f00000058c0)=[{&(0x7f00000048c0)=""/4096, 0x1000}], 0x1, &(0x7f0000005900)=""/4096, 0x1000, 0x10001}, 0x7987}, {{0x0, 0x0, &(0x7f0000008b80)=[{&(0x7f0000006900)=""/4096, 0x1000}, {&(0x7f0000007900)=""/4096, 0x1000}, {&(0x7f0000008900)=""/225, 0xe1}, {&(0x7f0000008a00)=""/156, 0x9c}, {&(0x7f0000008ac0)=""/102, 0x66}, {&(0x7f0000008b40)=""/40, 0x28}], 0x6, &(0x7f0000008c00)=""/4096, 0x1000, 0x7ff}, 0x4}, {{0x0, 0x0, &(0x7f0000009d00)=[{&(0x7f0000009c00)=""/251, 0xfb}], 0x1, &(0x7f0000009d40)=""/218, 0xda, 0x401}, 0xb12}], 0x9, 0x120, &(0x7f000000a080)={0x77359400}) timer_create(0x2, &(0x7f000000a280)={0x0, 0x1, 0x0, @thr={&(0x7f000000a140)="853dd638d6a3c018c819bab0472183b227605da70ee8943e4563c200ee429f4517577f32aad8fbd5d86785c58f41428312c7949f45760d0087a9b2a8f81e0dbdc12e71bd44c73d6deff23c3415bfbaffc54f0459ab40b3bf31a6330b666050b0aad3e9f133edbaf9cddb648cc98ceb97b56e1581d9d332d59abfb95099ee32f703b6ebf494424f3c8b883332d04b73746d4aa8d1394da4dd07673d4a02dec03ec79ab90593c2ad07e1bcdb", &(0x7f000000a200)="2df1091d890a94cfa5e9941f4f51a1c17a3935e51eb1df74d19a54bfaf34b4777cb58a7b48cbee1aeb801aeb6f5f0c29110b14b68506580a3c3c8dc19dbd97614b68ad8a2f870fd40f2c845e40c4f918763898e5e63369e341890d90a7dd78fdee4613555a7741c10962318e3b0f23226b02097b53cc893bc49029"}}, &(0x7f000000a2c0)) getsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f000000a380), &(0x7f000000a340)=0x8) [ 203.486852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.494110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 09:18:52 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write(r0, &(0x7f0000000040)="1f0000000104ff00fd4354c007110000f3e9000008000100010423dcffdf00", 0x1f) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00') sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={&(0x7f0000f8d000), 0xc, &(0x7f00008a7000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c00000001040101ff20070401000000000000000c00030000008d007f4fc5010c0004000000800000000000"], 0x2c}}, 0x0) r1 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x7, 0x400000) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x6, 0x7ff, 0x4, 0x18e, 0x4, 0x86, 0x1, 0x8, 0x0}, &(0x7f0000000140)=0x20) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000180)={r2, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xc}}}, 0x20, 0x3, 0x80000001, 0xefaf, 0x8}, 0x98) [ 203.888528] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 203.895851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.922545] netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. [ 204.072665] netlink: 'syz-executor0': attribute type 3 has an invalid length. [ 204.080042] netlink: 'syz-executor0': attribute type 4 has an invalid length. [ 204.237657] netlink: 'syz-executor0': attribute type 3 has an invalid length. [ 204.242979] netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. [ 204.245097] netlink: 'syz-executor0': attribute type 4 has an invalid length. 09:18:53 executing program 0: r0 = gettid() process_vm_readv(r0, &(0x7f0000001b80)=[{&(0x7f0000001a00)=""/111, 0x6f}, {&(0x7f0000001a80)=""/128, 0x80}, {&(0x7f0000001b00)=""/105, 0x69}], 0x3, &(0x7f0000002e80)=[{&(0x7f0000001c80)=""/4096, 0x1000}], 0x1, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x4000, 0x0) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r1, 0x111, 0x2, 0x1, 0x4) 09:18:53 executing program 5: r0 = accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14, 0x80800) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000080), &(0x7f00000000c0)=0x30) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000140)={{0x0, @rand_addr=0x80000001, 0x4e24, 0x4, 'sed\x00', 0x0, 0x7, 0x8}, {@multicast1, 0x4e23, 0x2, 0x8, 0x80, 0x5}}, 0x44) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000001c0)) getsockopt$EBT_SO_GET_ENTRIES(r2, 0x0, 0x81, &(0x7f0000000340)={'nat\x00', 0x0, 0x3, 0xfa, [], 0x2, &(0x7f0000000200)=[{}, {}], &(0x7f0000000240)=""/250}, &(0x7f00000003c0)=0x78) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000400)={0x0, 0xffff, 0x5, [0x2000000000, 0x1, 0xbf, 0x0, 0x0]}, &(0x7f0000000440)=0x12) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000480)={r3, 0x0, 0x2}, 0x8) renameat(r2, &(0x7f00000004c0)='./file0\x00', r2, &(0x7f0000000500)='./file0\x00') setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000540)={r3, 0x9}, 0x8) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f0000000580)={0x3ff}, 0x1) setsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000005c0)={r3, 0xfffffffffffffffd, 0x3, 0x9}, 0x10) ioctl$SG_SET_TIMEOUT(r2, 0x2201, &(0x7f0000000600)=0x6) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000640)=0x918f) r4 = accept(r1, &(0x7f0000000680)=@ax25, &(0x7f0000000700)=0x80) ioctl$sock_inet6_udp_SIOCINQ(r4, 0x541b, &(0x7f0000000740)) setsockopt$inet_group_source_req(r4, 0x0, 0x2f, &(0x7f0000000780)={0x1, {{0x2, 0x4e23, @remote}}, {{0x2, 0x4e22, @loopback}}}, 0x108) ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x8) ioctl$KDSETKEYCODE(r2, 0x4b4d, &(0x7f00000008c0)={0x6, 0x3}) setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f00000009c0)={@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @rand_addr=0x81}, 0x4, 0x1, 0x3}}, {&(0x7f0000000900)=""/108, 0x6c}, &(0x7f0000000980), 0x28}, 0xa0) ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000a80)={0x6, 0x3, 0x2, 0x1, 0xfffffffffffffffc}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000c80)={0x82, 0x7, 0x6, 0x9, &(0x7f0000000ac0)=[{}, {}, {}, {}, {}, {}, {}]}) r5 = fcntl$dupfd(r2, 0x406, r1) socket$inet6_udplite(0xa, 0x2, 0x88) fchdir(r5) fcntl$notify(r1, 0x402, 0x20) ioctl$PPPIOCSMRU(r5, 0x40047452, &(0x7f0000000d00)=0xffff) sync() fsetxattr(r0, &(0x7f0000000d40)=@known='com.apple.system.Security\x00', &(0x7f0000000d80)='nat\x00', 0x4, 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000dc0)={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x21}}, {0x1}, 0x6, {0x2, 0x4e20, @loopback}, 'ip6_vti0\x00'}) [ 205.000780] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 205.008947] team0: Port device team_slave_0 added [ 205.347189] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 205.355267] team0: Port device team_slave_1 added [ 205.663751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 205.670884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.679498] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.875145] IPVS: ftp: loaded support on port[0] = 21 [ 205.979954] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 205.987164] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.995843] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 206.297589] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 206.305173] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.313855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.556416] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 206.564048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.572804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.000725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.153718] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 09:18:58 executing program 1: [ 209.265488] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.272051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.279824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.073029] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.079511] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.086455] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.092931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.101013] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.343355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.379925] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.675122] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.681559] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.689821] device bridge_slave_0 entered promiscuous mode [ 210.909905] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.916436] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.924640] device bridge_slave_1 entered promiscuous mode [ 211.190700] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 211.424694] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.260924] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.496278] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.688998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.696340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.931025] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.938459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.612107] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.620068] team0: Port device team_slave_0 added [ 213.762709] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 213.770489] team0: Port device team_slave_1 added [ 214.026946] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.034151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.042908] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.309158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.316368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.325003] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.362714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.518794] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 214.526400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.535299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.773311] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 214.780941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.789699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.438661] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 216.505899] ================================================================== [ 216.513326] BUG: KMSAN: uninit-value in _decode_session6+0x635/0x1630 [ 216.519917] CPU: 0 PID: 7340 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #63 [ 216.527114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.536473] Call Trace: [ 216.539083] dump_stack+0x306/0x460 [ 216.542729] ? _decode_session6+0x635/0x1630 [ 216.547157] kmsan_report+0x1a3/0x2d0 [ 216.550969] __msan_warning+0x7c/0xe0 [ 216.554784] _decode_session6+0x635/0x1630 [ 216.559049] __xfrm_decode_session+0x156/0x200 [ 216.563653] ? xfrm6_get_saddr+0x520/0x520 [ 216.567909] icmp6_send+0x3037/0x3c50 [ 216.571777] ? icmpv6_param_prob+0xc0/0xc0 [ 216.576026] icmpv6_send+0xe5/0x110 [ 216.579677] ip6_link_failure+0x5c/0x310 [ 216.583753] ? ip6_negative_advice+0x3b0/0x3b0 [ 216.588352] ? ip6_negative_advice+0x3b0/0x3b0 [ 216.592955] ip6_tnl_xmit+0xea7/0x44b0 [ 216.596891] ? __msan_metadata_ptr_for_store_n+0xe/0x10 [ 216.602272] ? iptunnel_handle_offloads+0x722/0x810 [ 216.607314] ip6_tnl_start_xmit+0x1da2/0x2110 [ 216.611845] ? ip6_tnl_dev_uninit+0x740/0x740 [ 216.616354] dev_hard_start_xmit+0x6b8/0xdb0 [ 216.620796] __dev_queue_xmit+0x2e62/0x3d90 [ 216.625132] ? _raw_write_unlock_bh+0x4b/0x57 [ 216.629680] dev_queue_xmit+0x4b/0x60 [ 216.633492] neigh_direct_output+0x42/0x50 [ 216.636988] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 216.637752] ? neigh_connected_output+0x6f0/0x6f0 [ 216.644143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.648641] ip6_finish_output2+0x2090/0x21f0 [ 216.648687] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 216.648720] ? ip6_mtu+0x289/0x330 [ 216.656223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.659691] ip6_finish_output+0xbaa/0xc80 [ 216.679308] ip6_output+0x5a0/0x6e0 [ 216.682958] ? ip6_output+0x6e0/0x6e0 [ 216.686764] ? ac6_seq_show+0x200/0x200 [ 216.690843] ip6_local_out+0x164/0x1d0 [ 216.694750] ip6_push_pending_frames+0x218/0x4d0 [ 216.699525] rawv6_sendmsg+0x4266/0x53e0 [ 216.703604] ? aa_label_sk_perm+0x8da/0x950 [ 216.707970] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 216.713345] ? kmsan_set_origin_inline+0x6b/0x120 [ 216.718212] ? compat_rawv6_ioctl+0x100/0x100 [ 216.722721] inet_sendmsg+0x4d8/0x7f0 [ 216.726533] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 216.731906] ? security_socket_sendmsg+0x1bd/0x200 [ 216.737113] ___sys_sendmsg+0xe47/0x1200 [ 216.741192] ? inet_getname+0x490/0x490 [ 216.745184] ? __fget+0x8f7/0x940 [ 216.748680] ? __fdget+0x318/0x430 [ 216.752243] __se_sys_sendmsg+0x307/0x460 [ 216.756421] __x64_sys_sendmsg+0x4a/0x70 [ 216.760501] do_syscall_64+0xbe/0x100 [ 216.764324] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 216.769526] RIP: 0033:0x457579 [ 216.772733] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 216.791662] RSP: 002b:00007f870be4cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 216.799389] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 216.806685] RDX: 0000000000000000 RSI: 0000000020000a40 RDI: 0000000000000005 [ 216.813966] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 216.821242] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f870be4d6d4 [ 216.828516] R13: 00000000004c3536 R14: 00000000004d5328 R15: 00000000ffffffff [ 216.835800] [ 216.837423] Uninit was created at: [ 216.840976] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 216.846085] kmsan_kmalloc+0xa4/0x120 [ 216.849897] kmsan_slab_alloc+0x10/0x20 [ 216.853887] __kmalloc_node_track_caller+0xb43/0x1400 [ 216.859087] pskb_expand_head+0x319/0x1d00 [ 216.863338] __pskb_pull_tail+0x1db/0x21c0 [ 216.867586] ip6_tnl_parse_tlv_enc_lim+0x7f4/0xa90 [ 216.872541] ip6_tnl_start_xmit+0x87b/0x2110 [ 216.876963] dev_hard_start_xmit+0x6b8/0xdb0 [ 216.881385] __dev_queue_xmit+0x2e62/0x3d90 [ 216.885718] dev_queue_xmit+0x4b/0x60 [ 216.889534] neigh_direct_output+0x42/0x50 [ 216.893776] ip6_finish_output2+0x2090/0x21f0 [ 216.898276] ip6_finish_output+0xbaa/0xc80 [ 216.902521] ip6_output+0x5a0/0x6e0 [ 216.906152] ip6_local_out+0x164/0x1d0 [ 216.910046] ip6_push_pending_frames+0x218/0x4d0 [ 216.914816] rawv6_sendmsg+0x4266/0x53e0 [ 216.918885] inet_sendmsg+0x4d8/0x7f0 [ 216.922691] ___sys_sendmsg+0xe47/0x1200 [ 216.926764] __se_sys_sendmsg+0x307/0x460 [ 216.930914] __x64_sys_sendmsg+0x4a/0x70 [ 216.934981] do_syscall_64+0xbe/0x100 [ 216.938801] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 216.944093] ================================================================== [ 216.951450] Disabling lock debugging due to kernel taint [ 216.956906] Kernel panic - not syncing: panic_on_warn set ... [ 216.956906] [ 216.964282] CPU: 0 PID: 7340 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #63 [ 216.972857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.982220] Call Trace: [ 216.984831] dump_stack+0x306/0x460 [ 216.988486] panic+0x54c/0xafa [ 216.991721] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 216.997187] kmsan_report+0x2cd/0x2d0 [ 217.001013] __msan_warning+0x7c/0xe0 [ 217.004835] _decode_session6+0x635/0x1630 [ 217.009107] __xfrm_decode_session+0x156/0x200 [ 217.013704] ? xfrm6_get_saddr+0x520/0x520 [ 217.017959] icmp6_send+0x3037/0x3c50 [ 217.021822] ? icmpv6_param_prob+0xc0/0xc0 [ 217.026064] icmpv6_send+0xe5/0x110 [ 217.029706] ip6_link_failure+0x5c/0x310 [ 217.033777] ? ip6_negative_advice+0x3b0/0x3b0 [ 217.038373] ? ip6_negative_advice+0x3b0/0x3b0 [ 217.042965] ip6_tnl_xmit+0xea7/0x44b0 [ 217.046893] ? __msan_metadata_ptr_for_store_n+0xe/0x10 [ 217.052268] ? iptunnel_handle_offloads+0x722/0x810 [ 217.057302] ip6_tnl_start_xmit+0x1da2/0x2110 [ 217.061831] ? ip6_tnl_dev_uninit+0x740/0x740 [ 217.066339] dev_hard_start_xmit+0x6b8/0xdb0 [ 217.070781] __dev_queue_xmit+0x2e62/0x3d90 [ 217.075120] ? _raw_write_unlock_bh+0x4b/0x57 [ 217.079669] dev_queue_xmit+0x4b/0x60 [ 217.083491] neigh_direct_output+0x42/0x50 [ 217.087743] ? neigh_connected_output+0x6f0/0x6f0 [ 217.092607] ip6_finish_output2+0x2090/0x21f0 [ 217.097143] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 217.101525] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.102515] ? ip6_mtu+0x289/0x330 [ 217.102539] ip6_finish_output+0xbaa/0xc80 [ 217.102573] ip6_output+0x5a0/0x6e0 [ 217.102607] ? ip6_output+0x6e0/0x6e0 [ 217.102636] ? ac6_seq_show+0x200/0x200 [ 217.109005] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.112475] ip6_local_out+0x164/0x1d0 [ 217.112500] ip6_push_pending_frames+0x218/0x4d0 [ 217.112529] rawv6_sendmsg+0x4266/0x53e0 [ 217.112546] ? aa_label_sk_perm+0x8da/0x950 [ 217.112592] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 217.117088] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.120437] ? kmsan_set_origin_inline+0x6b/0x120 [ 217.124329] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.128197] ? compat_rawv6_ioctl+0x100/0x100 [ 217.136321] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.138544] inet_sendmsg+0x4d8/0x7f0 [ 217.138572] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 217.194501] ? security_socket_sendmsg+0x1bd/0x200 [ 217.200970] ___sys_sendmsg+0xe47/0x1200 [ 217.205045] ? inet_getname+0x490/0x490 [ 217.209035] ? __fget+0x8f7/0x940 [ 217.212520] ? __fdget+0x318/0x430 [ 217.216076] __se_sys_sendmsg+0x307/0x460 [ 217.220249] __x64_sys_sendmsg+0x4a/0x70 [ 217.224322] do_syscall_64+0xbe/0x100 [ 217.228136] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 217.233333] RIP: 0033:0x457579 [ 217.236542] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 217.255457] RSP: 002b:00007f870be4cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 217.263181] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 217.270457] RDX: 0000000000000000 RSI: 0000000020000a40 RDI: 0000000000000005 [ 217.277733] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 217.285008] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f870be4d6d4 [ 217.292285] R13: 00000000004c3536 R14: 00000000004d5328 R15: 00000000ffffffff [ 217.300734] Kernel Offset: disabled [ 217.304358] Rebooting in 86400 seconds..