[ 57.287143] audit: type=1800 audit(1538950755.317:27): pid=6057 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.824760] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.329935] random: sshd: uninitialized urandom read (32 bytes read) [ 61.814804] random: sshd: uninitialized urandom read (32 bytes read) [ 63.781231] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. [ 69.547874] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/07 22:19:29 fuzzer started [ 74.232125] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/07 22:19:34 dialing manager at 10.128.0.26:36867 2018/10/07 22:19:34 syscalls: 1 2018/10/07 22:19:34 code coverage: enabled 2018/10/07 22:19:34 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/07 22:19:34 setuid sandbox: enabled 2018/10/07 22:19:34 namespace sandbox: enabled 2018/10/07 22:19:34 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/07 22:19:34 fault injection: enabled 2018/10/07 22:19:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/07 22:19:34 net packed injection: enabled 2018/10/07 22:19:34 net device setup: enabled [ 80.311398] random: crng init done 22:21:43 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x8000000}, &(0x7f0000000100)={0x20}, &(0x7f0000000140)={0x8}, &(0x7f0000000200)={0x0, r2+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000280)) [ 206.250544] IPVS: ftp: loaded support on port[0] = 21 [ 208.669447] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.676086] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.684848] device bridge_slave_0 entered promiscuous mode [ 208.847467] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.854020] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.862583] device bridge_slave_1 entered promiscuous mode [ 209.006707] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.149621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 22:21:47 executing program 1: clone(0x200, &(0x7f0000000600), &(0x7f0000000640), &(0x7f0000000580), &(0x7f0000000800)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000140)='./file0\x00', &(0x7f0000000540), &(0x7f0000000040)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000680)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000300)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) execve(&(0x7f0000000100)='./file0/file0/file0\x00', &(0x7f00000000c0), &(0x7f0000000740)) ioctl$KDSIGACCEPT(r0, 0x4b4e, 0x0) open$dir(&(0x7f0000000540)='./file0\x00', 0x82, 0x0) [ 209.575931] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.799084] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.203489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.210577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.428382] IPVS: ftp: loaded support on port[0] = 21 [ 210.925783] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.934103] team0: Port device team_slave_0 added [ 211.113104] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.121201] team0: Port device team_slave_1 added [ 211.351497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.358898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.368124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.608165] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.615428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.624666] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.847733] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.855625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.865263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.056989] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.064856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.074118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.687763] ip (6334) used greatest stack depth: 53056 bytes left [ 214.394115] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.400606] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.409223] device bridge_slave_0 entered promiscuous mode [ 214.685241] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.691974] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.700729] device bridge_slave_1 entered promiscuous mode [ 214.745047] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.751549] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.758624] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.765339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.774509] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 214.949961] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 22:21:53 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x101, 0x35c) sendto$inet6(r0, &(0x7f00000000c0)="040400000700000000000000fff55b4202938207d9fb3780398d5375000000007929301ee616d5c01843e06590880053c0e385472da7222a2bb42f2db494c3b50035060f118d0000f55d992600009b0000085f17be53bb8180046afd77fc7ae664f65bfc378c0a185e25ae620f4938b4b677081cc9058e57", 0x78, 0x0, &(0x7f0000000080)={0xa, 0x200800800, 0x6, @mcast1}, 0x1c) [ 215.195783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 215.383455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.105837] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.180462] IPVS: ftp: loaded support on port[0] = 21 [ 216.387525] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.665788] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 216.673019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 216.978706] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 216.986003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 217.775147] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 217.783555] team0: Port device team_slave_0 added [ 218.049883] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.058179] team0: Port device team_slave_1 added [ 218.305707] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.318931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.327757] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.645841] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 218.653184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.662394] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.969284] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 218.977050] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.986774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.308398] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.316140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.325160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.733008] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.739511] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.748360] device bridge_slave_0 entered promiscuous mode [ 220.966494] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.973328] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.982064] device bridge_slave_1 entered promiscuous mode [ 221.235545] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 221.542640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 222.229069] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.538262] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.609929] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.616526] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.623571] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.630730] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.639696] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 222.785380] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.792616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.065651] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 223.072979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.597035] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 22:22:01 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x0, 0x0) dup3(r1, r0, 0x0) [ 224.080946] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.089100] team0: Port device team_slave_0 added [ 224.437480] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.445754] team0: Port device team_slave_1 added [ 224.777647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.785229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.794335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.979024] IPVS: ftp: loaded support on port[0] = 21 [ 225.135893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.144082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.153243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.463256] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.471162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.480153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.774541] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.782642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.791902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 228.092982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.424649] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 229.646860] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.653443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.660366] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.666971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.675894] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 230.349946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.703409] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 230.709746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 230.717757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 231.122712] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.129188] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.137746] device bridge_slave_0 entered promiscuous mode [ 231.544589] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.551052] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.559720] device bridge_slave_1 entered promiscuous mode [ 231.926814] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.940389] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 232.277016] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 233.250091] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 233.562758] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 233.909107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 233.916333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 22:22:12 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x2, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000440)) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x3f8) openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x0, 0x0) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000280)={@loopback, @local}, &(0x7f00000002c0)=0x8) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) [ 234.343214] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 234.350251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 235.688236] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.696412] team0: Port device team_slave_0 added [ 235.788869] IPVS: ftp: loaded support on port[0] = 21 [ 236.011920] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.019972] team0: Port device team_slave_1 added [ 236.465054] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 236.472246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 236.481173] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.859738] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 236.867066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.876017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.264342] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.272423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.281500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.699970] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 237.707806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.717080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.299473] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.162345] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.690400] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.696910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.704823] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:22:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x3f8) openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}) [ 242.763289] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.769786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.776870] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.783426] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.791879] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 242.902145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.977563] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.985202] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.993835] device bridge_slave_0 entered promiscuous mode 22:22:21 executing program 0: unshare(0x20400) r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x800000008912, &(0x7f00000000c0)="153f6234418dd25d766070") r1 = socket(0x5, 0x80806, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x2}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000140)={r2, 0x1f}, &(0x7f0000000180)=0x8) flock(r0, 0x8) [ 243.470710] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.477451] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.485883] device bridge_slave_1 entered promiscuous mode [ 243.516863] 8021q: adding VLAN 0 to HW filter on device team0 22:22:21 executing program 0: perf_event_open(&(0x7f0000000040)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) keyctl$set_reqkey_keyring(0xe, 0x1) add_key(&(0x7f0000000880)="6b657972696e670036f9126c12054f5c0e18c6522573dd79f1a0a3a60957d6c729ad856cd8f0df9c04d18e57904b1c05209dee12f5ccc12d98a70037673436610faac88bcf9681918789c2ad473665984b17868d9c5e90813e9ec1f73fdebf5638f9c01f8821f1f78ebac984e3852ee10000000000000000000000", &(0x7f0000000840)={'syz'}, &(0x7f00000002c0), 0x1d3, 0xfffffffffffffffd) request_key(&(0x7f0000000180)="7a949a626c61636b6c6b7374000ba76b3fafb6f5a9d0967be2867a99894de011a5fcb004fb6012e3572fc7957809a4095146db35ad5bd2c1c0132b4d70ef88486ce2d47f6bc4beb87bfac61221eb9ff24019c7d76080d0320eddc273056a5b8c4bef0408602bc200756e3c11ccb29fb4ab39e1dcd9bc0deb27ede614072134a4fc3020c4e3ac4cd468b5d55ed99dde50c1df7459ac9a8902cc13ebded18e9558c2534eedf0de16f438f83a5c3989", &(0x7f0000000240)={'syz'}, &(0x7f0000000280)="6b657972696e670036f9126c12054f5c0e18c6522573dd79f1a0a3a60957d6c729ad856cd8f0df9c04d18e57904b1c05209dee12f5ccc12d98a70037673436610faac88bcf9681918789c2ad473665984b17868d9c5e90813e9ec1f73fdebf5638f9c01f8821f1f78ebac984e3852ee100", 0x0) 22:22:22 executing program 0: unshare(0x4000000) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) timerfd_create(0x0, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000000)='security.selinux\x00', &(0x7f0000000040)='system_u:object_r:lvm_control_t:s0\x00', 0x23, 0x2) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000080)) [ 243.994592] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 244.452664] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 22:22:22 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x1, 0x1, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000100), &(0x7f0000000240)}, 0x20) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x80, 0x0) shutdown(r1, 0x1) ioctl$RTC_EPOCH_READ(r1, 0x8008700d, &(0x7f0000000080)) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000040), &(0x7f0000000400)}, 0x20) 22:22:23 executing program 0: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000000)=@mpls_delroute={0x1c, 0x19, 0x503, 0x0, 0x0, {0x1c, 0x14}}, 0x1c}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x4) ioctl(r1, 0x8912, &(0x7f0000000000)="c4adf57a73dc6f19766070") [ 245.836133] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 246.196912] bond0: Enslaving bond_slave_1 as an active interface with an up link 22:22:24 executing program 0: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000200)="2400000052001f0014f9f407000904000a00071008400100feffffff0800000000e750c8", 0x24) r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x9, 0x40000) ioctl$EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f0000000040)=0x9) [ 246.415830] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 246.445749] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 246.596736] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 246.603972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 22:22:24 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000100)={0x0, 0x9, "fe58e925ee1f0dab03"}, &(0x7f0000000240)=0x11) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={r0, 0x3d8, &(0x7f00000000c0)}, 0xb) [ 246.804632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.060522] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 247.067830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 248.219054] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.227206] team0: Port device team_slave_0 added [ 248.238077] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 248.551041] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 248.559323] team0: Port device team_slave_1 added [ 248.820446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 248.827943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 248.836920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.067396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.074615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.083625] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.357261] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 249.363730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 249.371527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 249.410061] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.417770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.426710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.776656] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.784398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.793337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.380739] 8021q: adding VLAN 0 to HW filter on device team0 22:22:30 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)="2f70726f632ff379732f6e65742f697076342f76732f73796e635f76657273696f6e00", 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000040)={0xfe, @local, 0x4e21, 0x2, 'nq\x00', 0x28, 0x401, 0x3b}, 0x2c) write$binfmt_aout(r1, &(0x7f00000001c0)={{0x1cc, 0x4, 0xfca4, 0x11, 0x195, 0x6d79, 0x30f, 0x1}, "505c7c263eca05054df12042d44bfbc583355af36ae9b20e0ecd2be1d82e09eba21bb12113d87741fc392ba2a90327db4d6c9429f8fd05a709f2fa8b90d115cf32f64c927023b6c43ebf473847bdceb474288804942a46078d523facef48df92f2727ca745fd6b417b234d59a4da8f3f7cb6bb382183fdd07789fe78acd67fe363f433b3f523d2481162884c7db4802dc6e140feea587b6ae1baaa85efb41e6404faee4a918f4a626f607f8aa9eadc76b488fadedd01fe5c3ed5ac915eaffc169957ed505a4d479102ac577f15993ab99cb695c3dd8cb56d7156a2568d6493ee11ba11073a2c3786fb", [[], [], [], [], [], [], [], []]}, 0x909) getdents64(r1, &(0x7f00000000c0)=""/11, 0xeb) [ 253.064228] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.070720] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.077757] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.084278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.092656] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 253.099240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 255.208774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.964011] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 22:22:34 executing program 2: r0 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x1ff, 0x2) ioctl$KVM_SET_CPUID(r0, 0x802c550a, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000000000000010000002000150808000072"]) [ 256.778104] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 256.784588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 256.792529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 257.366130] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.472377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.923009] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 22:22:39 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000200)='/dev/snd/seq\x00', 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x0, 0x0) dup3(r1, r0, 0x0) [ 261.333134] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 261.339499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 261.347567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 261.667957] 8021q: adding VLAN 0 to HW filter on device team0 22:22:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xc) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x0, 0x300) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="1f00000002031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000380)="1f0000000203193b000007000000068100023b05090002000b004008f5ffff", 0x1f}], 0x1) 22:22:41 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000180)=""/246) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") ppoll(&(0x7f00000002c0)=[{r0}], 0x1, &(0x7f0000000140)={0x77359400}, &(0x7f0000000340)={0x2}, 0x8) 22:22:41 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f0000000040)={0x0, 0x62, "47b07f4890977e452fdba3d643d06a8e55f3d4347977db8c2a7b54b00c84ff3401e99836c2df6634de5d1bf59e2309c6a0cfe1f2b70c90d45d6ce867a6e57471ab6891659470a9b608e8225d75907e013f91e57cbea6c9113d8c126eb2b905b6cfc7"}, &(0x7f00000000c0)=0x6a) setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={r1, 0x5, 0x8, 0x7b89a2a5, 0x8, 0x8}, 0x14) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={r1, 0x9, 0x0, 0xf26, 0x5}, &(0x7f0000000180)=0x18) fchdir(r0) r3 = syz_open_dev$sndmidi(&(0x7f00000001c0)='/dev/snd/midiC#D#\x00', 0x2, 0x80000) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000200)={'bcsh0\x00', 0x8}) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000240), &(0x7f0000000280)=0x4) ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e) ioctl$SG_GET_TIMEOUT(r0, 0x2202, 0x0) ioctl$EXT4_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000002c0)=0x400000) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000300)={0x5878cf2b, 0x2}) r4 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x5, 0x20000) r5 = syz_open_dev$dspn(&(0x7f0000000380)='/dev/dsp#\x00', 0x3, 0x0) ioctl$KVM_GET_NR_MMU_PAGES(r4, 0xae45, 0x2) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f00000003c0)={0x800, 0x6, 0x3, 0x1ff, r2}, &(0x7f0000000400)=0x10) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000440)={r2, 0x7, 0x0, 0x1000, 0x8, 0x1}, &(0x7f0000000480)=0x14) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x2400, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f00000004c0)=0x7fffffff) write$UHID_DESTROY(r0, &(0x7f0000000500), 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000540)={r2, 0x7}, 0x8) ioctl$TIOCLINUX4(r0, 0x541c, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000005c0), &(0x7f0000000600)=0x4) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000680)={0x1, &(0x7f0000000640)=[{0x0}]}) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x40086424, &(0x7f00000006c0)={r6, 0x3}) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000700)) write$P9_RREADLINK(r3, &(0x7f0000000740)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) syz_open_dev$rtc(&(0x7f0000000780)='/dev/rtc#\x00', 0x9, 0x109000) ioctl$DRM_IOCTL_IRQ_BUSID(r5, 0xc0106403, &(0x7f00000007c0)={0x81, 0x5, 0x35f, 0x7}) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000840)={r0, 0x7, 0x1, 0x2, &(0x7f0000000800)=[0x0, 0x0], 0x2}, 0x20) 22:22:41 executing program 2: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) pwrite64(r0, &(0x7f0000000300)="bf", 0x1, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) 22:22:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0xf601}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000002800010f10000000000000000e000000"], 0x1}}, 0x0) 22:22:41 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) 22:22:41 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000030707031dfffd946fa2830020200a0003000100001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 22:22:42 executing program 3: 22:22:42 executing program 4: [ 264.074826] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 264.083781] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 22:22:42 executing program 2: 22:22:42 executing program 0: 22:22:42 executing program 3: 22:22:42 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000080)=@req={0x3fc}, 0x10) recvmsg(r2, &(0x7f0000002a00)={&(0x7f00000003c0)=@xdp, 0x80, &(0x7f00000028c0)=[{&(0x7f0000002840)=""/109, 0x6d}], 0x1, &(0x7f0000002900)=""/213, 0xd5, 0x3f000000}, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r1, &(0x7f0000000a40), 0x8000000000000b0, 0x0) getgroups(0x4, &(0x7f0000001100)=[0xee01, 0xee00, 0x0, 0x0]) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000011c0)={{{@in=@remote, @in=@local}}, {{@in=@multicast2}, 0x0, @in=@remote}}, &(0x7f00000012c0)=0xe8) getpgid(0x0) stat(&(0x7f0000001c80)='./file0\x00', &(0x7f0000001cc0)) stat(&(0x7f0000002100)='./file0\x00', &(0x7f0000002140)) getsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000440)=""/253, &(0x7f00000000c0)=0xfd) write$binfmt_script(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000a8f4dd5a1f083f897727e1ab1ea975ef6005d582f18e9f4ae4ae0a3b68b173c75c56c4f7d7512b88040ca87e6cf52a687e"], 0x33) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000004c0), 0xc, &(0x7f0000000900)={&(0x7f0000000580)=ANY=[]}}, 0x0) r4 = openat$cgroup_type(r0, &(0x7f0000000280)='cgroup.type\x00', 0x2, 0x0) readv(r4, &(0x7f0000000540), 0x10000000000002f4) msgget$private(0x0, 0x100) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000040)={{{@in, @in6}}, {{@in=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@dev, @in=@rand_addr}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000000380)=0xe8) getgroups(0x7, &(0x7f00000003c0)=[0x0, 0xee01, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={0x0, r3, 0x0, 0xc, &(0x7f0000000400)='cgroup.type\x00', 0xffffffffffffffff}, 0x30) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000480), &(0x7f0000000500)=0xc) openat$md(0xffffffffffffff9c, &(0x7f0000000300)='/dev/md0\x00', 0x0, 0x0) [ 264.693814] hrtimer: interrupt took 100188 ns 22:22:42 executing program 1: [ 265.311337] IPVS: ftp: loaded support on port[0] = 21 [ 266.588493] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.595104] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.603377] device bridge_slave_0 entered promiscuous mode [ 266.680502] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.687052] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.695177] device bridge_slave_1 entered promiscuous mode [ 266.770674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 266.846129] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 267.074495] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 267.154962] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 267.234701] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 267.241867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 267.319990] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 267.327051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 267.561314] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 267.569399] team0: Port device team_slave_0 added [ 267.646592] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 267.654389] team0: Port device team_slave_1 added [ 267.732557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 267.814151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 267.893822] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 267.901112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 267.910270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 267.983116] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 267.990416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 267.999592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 268.856749] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.863217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.870027] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.876601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.884535] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 269.252095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 272.147021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 272.436202] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 272.721449] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 272.727776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 272.735976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 273.016457] 8021q: adding VLAN 0 to HW filter on device team0 22:22:52 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000080)=@req={0x3fc}, 0x10) recvmsg(r2, &(0x7f0000002a00)={&(0x7f00000003c0)=@xdp, 0x80, &(0x7f00000028c0)=[{&(0x7f0000002840)=""/109, 0x6d}], 0x1, &(0x7f0000002900)=""/213, 0xd5, 0x3f000000}, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r1, &(0x7f0000000a40), 0x8000000000000b0, 0x0) getgroups(0x4, &(0x7f0000001100)=[0xee01, 0xee00, 0x0, 0x0]) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000011c0)={{{@in=@remote, @in=@local}}, {{@in=@multicast2}, 0x0, @in=@remote}}, &(0x7f00000012c0)=0xe8) getpgid(0x0) stat(&(0x7f0000001c80)='./file0\x00', &(0x7f0000001cc0)) stat(&(0x7f0000002100)='./file0\x00', &(0x7f0000002140)) getsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000440)=""/253, &(0x7f00000000c0)=0xfd) write$binfmt_script(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000a8f4dd5a1f083f897727e1ab1ea975ef6005d582f18e9f4ae4ae0a3b68b173c75c56c4f7d7512b88040ca87e6cf52a687e"], 0x33) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000004c0), 0xc, &(0x7f0000000900)={&(0x7f0000000580)=ANY=[]}}, 0x0) r4 = openat$cgroup_type(r0, &(0x7f0000000280)='cgroup.type\x00', 0x2, 0x0) readv(r4, &(0x7f0000000540), 0x10000000000002f4) msgget$private(0x0, 0x100) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000040)={{{@in, @in6}}, {{@in=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@dev, @in=@rand_addr}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000000380)=0xe8) getgroups(0x7, &(0x7f00000003c0)=[0x0, 0xee01, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={0x0, r3, 0x0, 0xc, &(0x7f0000000400)='cgroup.type\x00', 0xffffffffffffffff}, 0x30) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000480), &(0x7f0000000500)=0xc) openat$md(0xffffffffffffff9c, &(0x7f0000000300)='/dev/md0\x00', 0x0, 0x0) 22:22:52 executing program 0: 22:22:52 executing program 2: 22:22:52 executing program 3: 22:22:52 executing program 1: 22:22:52 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000080)=@req={0x3fc}, 0x10) recvmsg(r2, &(0x7f0000002a00)={&(0x7f00000003c0)=@xdp, 0x80, &(0x7f00000028c0)=[{&(0x7f0000002840)=""/109, 0x6d}], 0x1, &(0x7f0000002900)=""/213, 0xd5, 0x3f000000}, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r1, &(0x7f0000000a40), 0x8000000000000b0, 0x0) getgroups(0x4, &(0x7f0000001100)=[0xee01, 0xee00, 0x0, 0x0]) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000011c0)={{{@in=@remote, @in=@local}}, {{@in=@multicast2}, 0x0, @in=@remote}}, &(0x7f00000012c0)=0xe8) getpgid(0x0) stat(&(0x7f0000001c80)='./file0\x00', &(0x7f0000001cc0)) stat(&(0x7f0000002100)='./file0\x00', &(0x7f0000002140)) getsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000440)=""/253, &(0x7f00000000c0)=0xfd) write$binfmt_script(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000a8f4dd5a1f083f897727e1ab1ea975ef6005d582f18e9f4ae4ae0a3b68b173c75c56c4f7d7512b88040ca87e6cf52a687e"], 0x33) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000004c0), 0xc, &(0x7f0000000900)={&(0x7f0000000580)=ANY=[]}}, 0x0) r4 = openat$cgroup_type(r0, &(0x7f0000000280)='cgroup.type\x00', 0x2, 0x0) readv(r4, &(0x7f0000000540), 0x10000000000002f4) msgget$private(0x0, 0x100) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000040)={{{@in, @in6}}, {{@in=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@dev, @in=@rand_addr}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000000380)=0xe8) getgroups(0x7, &(0x7f00000003c0)=[0x0, 0xee01, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={0x0, r3, 0x0, 0xc, &(0x7f0000000400)='cgroup.type\x00', 0xffffffffffffffff}, 0x30) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000480), &(0x7f0000000500)=0xc) openat$md(0xffffffffffffff9c, &(0x7f0000000300)='/dev/md0\x00', 0x0, 0x0) 22:22:53 executing program 0: 22:22:53 executing program 1: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) pwrite64(r0, &(0x7f0000000040)="bf", 0x1, 0x2000001) 22:22:53 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", r1, &(0x7f00000000c0)='./file0\x00') 22:22:53 executing program 3: listxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/51, 0x33) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0xc, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) socketpair$unix(0x1, 0x40000000005, 0x0, &(0x7f0000000140)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240)='/dev/rtc\x00', 0x0, 0x0) read(r1, &(0x7f0000000000)=""/4, 0x4) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x7003, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000200)={0x0, 0x3ff}, &(0x7f0000000280)=0x8) sendmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000000200)}, 0x8000) sendmsg(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001480)="d09a0e63c9476288b671afdbd53a5994e137381f62021d1951b627b8dda57a5d17d744648c81c5703ed8146ab1b0171f89091b1dd3238d03dbb686df460963245dedf2973ee555af99499e44ad420dbf65fd46fbc99a1274429e2d5783751815828ec8cb3553110cca66460215353d19f6d8bbd8fb264eddea60b18e16c31aa5e200000491634ac2fd10e2cd30bcd7fede24263a7fff16e53ea293f3551b7147c33a44ea437fb1515c3e8d4f162fdebf8ebe11ae6fcd9372c8d8f19556ae091fe94215ae9434da412f6fa4cb6561e5f78ff9707844ee5d573fb294437722d9a06dfa61748c32c73d759933a8dd344c947d3efdbe90d0eb049df5fbb0c19f6785264b619c530d97395d44b04f7e2a280d658c7871ad373b792678c49227999651ef3b2ee1bc2b8f3035db376e8e09aa3837233c8713065a8ad131d24f6c42a3220d0e07c3d3e95d59a5dd10c09716b5f874ecf53aadfa5050ff40f2c3c4a629b6445e5836100afff5a8977583653b40ca316f8f11416e5c1bd5499636ddae25fc4970b37209cf5c0bf8e432160c258d14223baa52798e09858645773dd97e68a95310da713cff077b06000000d4f145e9199c126a7f235e5674a3c7f5c7129ac7c1a3319590249b6d34ef6c3d8b94c6fc7cdcbddb053243053f7bc1f230d3bc7dfc4359e33992d0a3946b914a093287a76ac4a249b5b86cc75476466e409553355fefab75e9268a8751ffc9481fcff1f49c", 0x211}], 0x1, &(0x7f0000000040)}, 0x0) 22:22:53 executing program 0: fcntl$setown(0xffffffffffffffff, 0x8, 0x0) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) sysinfo(&(0x7f00000007c0)=""/154) syz_genetlink_get_family_id$nbd(&(0x7f0000000000)='nbd\x00') futex(&(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000080), 0x0) timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz'}, 0x0, 0x0, 0x0) tkill(0x0, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f00000006c0)={0x2, 0x0, 0x0, &(0x7f0000000800)}) 22:22:53 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40106308}], 0x0, 0x0, &(0x7f00000001c0)}) [ 276.038678] ================================================================== [ 276.046119] BUG: KMSAN: uninit-value in _decode_session6+0x635/0x1630 [ 276.052760] CPU: 0 PID: 7918 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63 [ 276.059966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 276.069345] Call Trace: [ 276.071972] dump_stack+0x306/0x460 [ 276.075637] ? _decode_session6+0x635/0x1630 [ 276.080097] kmsan_report+0x1a3/0x2d0 [ 276.083952] __msan_warning+0x7c/0xe0 [ 276.087790] _decode_session6+0x635/0x1630 [ 276.092113] __xfrm_decode_session+0x156/0x200 [ 276.096737] ? xfrm6_get_saddr+0x520/0x520 [ 276.101038] icmp6_send+0x3037/0x3c50 [ 276.104965] ? icmpv6_param_prob+0xc0/0xc0 [ 276.109234] icmpv6_send+0xe5/0x110 [ 276.112930] ip6_link_failure+0x5c/0x310 [ 276.117029] ? ip6_negative_advice+0x3b0/0x3b0 [ 276.121665] ? ip6_negative_advice+0x3b0/0x3b0 [ 276.126288] ip6_tnl_xmit+0xea7/0x44b0 [ 276.130277] ? __msan_metadata_ptr_for_store_n+0xe/0x10 [ 276.135686] ? iptunnel_handle_offloads+0x722/0x810 [ 276.140759] ip6_tnl_start_xmit+0x1da2/0x2110 [ 276.145327] ? ip6_tnl_dev_uninit+0x740/0x740 [ 276.149863] dev_hard_start_xmit+0x6b8/0xdb0 [ 276.154355] __dev_queue_xmit+0x2e62/0x3d90 [ 276.158728] ? _raw_write_unlock_bh+0x4b/0x57 [ 276.163749] dev_queue_xmit+0x4b/0x60 [ 276.167588] neigh_direct_output+0x42/0x50 [ 276.171865] ? neigh_connected_output+0x6f0/0x6f0 [ 276.176755] ip6_finish_output2+0x2090/0x21f0 [ 276.181319] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 276.186723] ? ip6_mtu+0x289/0x330 [ 276.190310] ip6_finish_output+0xbaa/0xc80 [ 276.194615] ip6_output+0x5a0/0x6e0 [ 276.198294] ? ip6_output+0x6e0/0x6e0 [ 276.202130] ? ac6_seq_show+0x200/0x200 [ 276.206142] ip6_local_out+0x164/0x1d0 [ 276.210083] ip6_push_pending_frames+0x218/0x4d0 [ 276.214906] rawv6_sendmsg+0x4266/0x53e0 [ 276.219002] ? aa_label_sk_perm+0x8da/0x950 [ 276.223404] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 276.228810] ? kmsan_set_origin_inline+0x6b/0x120 [ 276.233717] ? compat_rawv6_ioctl+0x100/0x100 [ 276.238257] inet_sendmsg+0x4d8/0x7f0 [ 276.242092] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 276.247489] ? security_socket_sendmsg+0x1bd/0x200 [ 276.252465] ___sys_sendmsg+0xe47/0x1200 [ 276.256568] ? inet_getname+0x490/0x490 [ 276.260582] ? __fget+0x8f7/0x940 [ 276.264101] ? __fdget+0x318/0x430 [ 276.267690] __se_sys_sendmsg+0x307/0x460 [ 276.271914] __x64_sys_sendmsg+0x4a/0x70 [ 276.276007] do_syscall_64+0xbe/0x100 [ 276.279854] entry_SYSCALL_64_after_hwframe+0x63/0xe7 22:22:54 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@ipx={0x4, 0x80000001, 0x0, "0950fe4adba7"}, 0x16, &(0x7f0000000000), 0x0, &(0x7f0000000240)}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x6}, 0x2c) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x2b5) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000003840)=[{&(0x7f00000004c0)=""/158, 0x9e}, {&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000002740)=""/98, 0x62}, {&(0x7f00000027c0)=""/4096, 0x1000}, {&(0x7f00000037c0)=""/115, 0x73}], 0x5}, 0x0) sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000000c0)=@in6={0x31100, 0x0, 0x5, @dev={0xfe, 0x80, [0x140000007fffeaa3, 0x64efff7f00000000, 0x0, 0x329, 0x7fffc930]}}, 0x80, &(0x7f0000000340), 0x3c1, &(0x7f0000000380)}, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080)) 22:22:54 executing program 2: r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)) 22:22:54 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000080)=@req={0x3fc}, 0x10) recvmsg(r2, &(0x7f0000002a00)={&(0x7f00000003c0)=@xdp, 0x80, &(0x7f00000028c0)=[{&(0x7f0000002840)=""/109, 0x6d}], 0x1, &(0x7f0000002900)=""/213, 0xd5, 0x3f000000}, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r1, &(0x7f0000000a40), 0x8000000000000b0, 0x0) getgroups(0x4, &(0x7f0000001100)=[0xee01, 0xee00, 0x0, 0x0]) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000011c0)={{{@in=@remote, @in=@local}}, {{@in=@multicast2}, 0x0, @in=@remote}}, &(0x7f00000012c0)=0xe8) getpgid(0x0) stat(&(0x7f0000001c80)='./file0\x00', &(0x7f0000001cc0)) stat(&(0x7f0000002100)='./file0\x00', &(0x7f0000002140)) getsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000440)=""/253, &(0x7f00000000c0)=0xfd) write$binfmt_script(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000a8f4dd5a1f083f897727e1ab1ea975ef6005d582f18e9f4ae4ae0a3b68b173c75c56c4f7d7512b88040ca87e6cf52a687e"], 0x33) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000004c0), 0xc, &(0x7f0000000900)={&(0x7f0000000580)=ANY=[]}}, 0x0) r4 = openat$cgroup_type(r0, &(0x7f0000000280)='cgroup.type\x00', 0x2, 0x0) readv(r4, &(0x7f0000000540), 0x10000000000002f4) msgget$private(0x0, 0x100) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000040)={{{@in, @in6}}, {{@in=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@dev, @in=@rand_addr}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000000380)=0xe8) getgroups(0x7, &(0x7f00000003c0)=[0x0, 0xee01, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={0x0, r3, 0x0, 0xc, &(0x7f0000000400)='cgroup.type\x00', 0xffffffffffffffff}, 0x30) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000480), &(0x7f0000000500)=0xc) openat$md(0xffffffffffffff9c, &(0x7f0000000300)='/dev/md0\x00', 0x0, 0x0) [ 276.283290] binder: 7920:7921 BC_INCREFS_DONE u0000000000000000 no match [ 276.285089] RIP: 0033:0x457579 [ 276.285116] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 276.285132] RSP: 002b:00007fb510c69c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 276.285159] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 276.285190] RDX: 0000000000000000 RSI: 0000000020000a40 RDI: 0000000000000004 [ 276.336398] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 276.343695] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb510c6a6d4 [ 276.350990] R13: 00000000004c3536 R14: 00000000004d5328 R15: 00000000ffffffff [ 276.358297] [ 276.359951] Uninit was created at: [ 276.363523] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 276.368652] kmsan_kmalloc+0xa4/0x120 [ 276.372485] kmsan_slab_alloc+0x10/0x20 [ 276.376492] __kmalloc_node_track_caller+0xb43/0x1400 [ 276.381714] pskb_expand_head+0x319/0x1d00 [ 276.385991] __pskb_pull_tail+0x1db/0x21c0 [ 276.390263] ip6_tnl_parse_tlv_enc_lim+0x7f4/0xa90 [ 276.395223] ip6_tnl_start_xmit+0x87b/0x2110 [ 276.399677] dev_hard_start_xmit+0x6b8/0xdb0 [ 276.404116] __dev_queue_xmit+0x2e62/0x3d90 [ 276.408457] dev_queue_xmit+0x4b/0x60 [ 276.412295] neigh_direct_output+0x42/0x50 [ 276.416554] ip6_finish_output2+0x2090/0x21f0 [ 276.421079] ip6_finish_output+0xbaa/0xc80 [ 276.425357] ip6_output+0x5a0/0x6e0 [ 276.429009] ip6_local_out+0x164/0x1d0 [ 276.432935] ip6_push_pending_frames+0x218/0x4d0 [ 276.437719] rawv6_sendmsg+0x4266/0x53e0 [ 276.441809] inet_sendmsg+0x4d8/0x7f0 [ 276.445640] ___sys_sendmsg+0xe47/0x1200 [ 276.449745] __se_sys_sendmsg+0x307/0x460 [ 276.453939] __x64_sys_sendmsg+0x4a/0x70 [ 276.458023] do_syscall_64+0xbe/0x100 [ 276.461847] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 276.467065] ================================================================== [ 276.474445] Disabling lock debugging due to kernel taint [ 276.479932] Kernel panic - not syncing: panic_on_warn set ... [ 276.479932] [ 276.487335] CPU: 0 PID: 7918 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #63 [ 276.495932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 276.505305] Call Trace: [ 276.507945] dump_stack+0x306/0x460 [ 276.511641] panic+0x54c/0xafa [ 276.514970] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 276.520465] kmsan_report+0x2cd/0x2d0 [ 276.524312] __msan_warning+0x7c/0xe0 [ 276.528157] _decode_session6+0x635/0x1630 [ 276.532462] __xfrm_decode_session+0x156/0x200 [ 276.537085] ? xfrm6_get_saddr+0x520/0x520 [ 276.541362] icmp6_send+0x3037/0x3c50 [ 276.545271] ? icmpv6_param_prob+0xc0/0xc0 [ 276.549541] icmpv6_send+0xe5/0x110 [ 276.553216] ip6_link_failure+0x5c/0x310 [ 276.557310] ? ip6_negative_advice+0x3b0/0x3b0 [ 276.561941] ? ip6_negative_advice+0x3b0/0x3b0 [ 276.566562] ip6_tnl_xmit+0xea7/0x44b0 [ 276.570534] ? __msan_metadata_ptr_for_store_n+0xe/0x10 [ 276.575949] ? iptunnel_handle_offloads+0x722/0x810 [ 276.581024] ip6_tnl_start_xmit+0x1da2/0x2110 [ 276.585589] ? ip6_tnl_dev_uninit+0x740/0x740 [ 276.590143] dev_hard_start_xmit+0x6b8/0xdb0 [ 276.594614] __dev_queue_xmit+0x2e62/0x3d90 [ 276.598976] ? _raw_write_unlock_bh+0x4b/0x57 [ 276.603544] dev_queue_xmit+0x4b/0x60 [ 276.607383] neigh_direct_output+0x42/0x50 [ 276.611651] ? neigh_connected_output+0x6f0/0x6f0 [ 276.616528] ip6_finish_output2+0x2090/0x21f0 [ 276.621095] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 276.626491] ? ip6_mtu+0x289/0x330 [ 276.630074] ip6_finish_output+0xbaa/0xc80 [ 276.634365] ip6_output+0x5a0/0x6e0 [ 276.638072] ? ip6_output+0x6e0/0x6e0 [ 276.641927] ? ac6_seq_show+0x200/0x200 [ 276.645947] ip6_local_out+0x164/0x1d0 [ 276.650053] ip6_push_pending_frames+0x218/0x4d0 [ 276.654857] rawv6_sendmsg+0x4266/0x53e0 [ 276.658969] ? aa_label_sk_perm+0x8da/0x950 [ 276.663370] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 276.668777] ? kmsan_set_origin_inline+0x6b/0x120 [ 276.673679] ? compat_rawv6_ioctl+0x100/0x100 [ 276.678210] inet_sendmsg+0x4d8/0x7f0 [ 276.682056] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 276.687477] ? security_socket_sendmsg+0x1bd/0x200 [ 276.692477] ___sys_sendmsg+0xe47/0x1200 [ 276.696584] ? inet_getname+0x490/0x490 [ 276.700601] ? __fget+0x8f7/0x940 [ 276.704126] ? __fdget+0x318/0x430 [ 276.707720] __se_sys_sendmsg+0x307/0x460 [ 276.711955] __x64_sys_sendmsg+0x4a/0x70 [ 276.716058] do_syscall_64+0xbe/0x100 [ 276.719919] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 276.725136] RIP: 0033:0x457579 [ 276.728350] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 276.747277] RSP: 002b:00007fb510c69c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 276.755022] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 276.762321] RDX: 0000000000000000 RSI: 0000000020000a40 RDI: 0000000000000004 [ 276.769614] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 276.776925] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb510c6a6d4 [ 276.784227] R13: 00000000004c3536 R14: 00000000004d5328 R15: 00000000ffffffff [ 276.792504] Kernel Offset: disabled [ 276.796146] Rebooting in 86400 seconds..