[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 44.002049][ T26] audit: type=1800 audit(1548896738.936:25): pid=7898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 44.038875][ T26] audit: type=1800 audit(1548896738.936:26): pid=7898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 44.075037][ T26] audit: type=1800 audit(1548896738.946:27): pid=7898 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. 2019/01/31 01:05:49 fuzzer started 2019/01/31 01:05:52 dialing manager at 10.128.0.26:43669 2019/01/31 01:05:52 syscalls: 1 2019/01/31 01:05:52 code coverage: enabled 2019/01/31 01:05:52 comparison tracing: enabled 2019/01/31 01:05:52 extra coverage: extra coverage is not supported by the kernel 2019/01/31 01:05:52 setuid sandbox: enabled 2019/01/31 01:05:52 namespace sandbox: enabled 2019/01/31 01:05:52 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/31 01:05:52 fault injection: enabled 2019/01/31 01:05:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/31 01:05:52 net packet injection: enabled 2019/01/31 01:05:52 net device setup: enabled 01:08:51 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={r1}, 0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)={r1, 0x0, 0x10}, &(0x7f0000000040)=0x18) syzkaller login: [ 236.890005][ T8059] IPVS: ftp: loaded support on port[0] = 21 01:08:51 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x10000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000002240)=@ipx={0x4, 0x0, 0x0, "5d6f634e9e66"}, 0x80) r0 = open(&(0x7f0000103ff8)='./file0\x00', 0x141042, 0x0) ftruncate(r0, 0x2) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x802, 0x0) sendfile(r1, r0, 0x0, 0x40800fff) readv(r1, &(0x7f0000000100)=[{&(0x7f0000000080)=""/4, 0x4}], 0x2dc) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') [ 237.014372][ T8059] chnl_net:caif_netlink_parms(): no params data found [ 237.093611][ T8059] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.101659][ T8059] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.120056][ T8059] device bridge_slave_0 entered promiscuous mode [ 237.129353][ T8059] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.136481][ T8059] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.160810][ T8059] device bridge_slave_1 entered promiscuous mode [ 237.198297][ T8059] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 237.207188][ T8062] IPVS: ftp: loaded support on port[0] = 21 [ 237.241363][ T8059] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 237.277299][ T8059] team0: Port device team_slave_0 added [ 237.289500][ T8059] team0: Port device team_slave_1 added 01:08:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000017c0)={0x0, 0xfa, "3d17eddebe5688ac64fdd99fe818071724ff58608ae5daf6270291b2eef412527bd5ad3bf611372293db0d8ee608c414b756bc8585adec28a71e56b7bc7dbb8ad1fb775b6578408ccfb3825aeee83799efef4f77316df1b51263417c30a9787048cfd2ec40940548f3faadd467a346e0d32fa1e2716c9f4173f517c969ccaf816649d432f062ec609857c4f6fce0fc93c00cb900d5ab213fe320beeb7a91834f209f01d3cb437547f3ec89fbb8e2ca8e40e1e050be268a0d318c6da0fbd3a58574e744079cf1377cc2b3ac4da17d9d06e82d903fc5391672fe24393ec741c88d2e86b6d8ffbf22ef4deeec6d0e0e9ffc73a53fb1723943cc0ffd"}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 237.392925][ T8059] device hsr_slave_0 entered promiscuous mode [ 237.469165][ T8059] device hsr_slave_1 entered promiscuous mode 01:08:52 executing program 3: mknod$loop(&(0x7f0000000100)='./file0\x00', 0x400002200006008, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$BLKALIGNOFF(r0, 0x127c, &(0x7f0000000000)) [ 237.598467][ T8064] IPVS: ftp: loaded support on port[0] = 21 [ 237.664602][ T8059] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.671835][ T8059] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.679594][ T8059] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.686663][ T8059] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.747848][ T8062] chnl_net:caif_netlink_parms(): no params data found [ 237.786113][ T8068] IPVS: ftp: loaded support on port[0] = 21 01:08:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000240)="0adc1f123c123f3188b070") r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) unshare(0x8000400) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000000)={r2, 0x0, 0x10}, &(0x7f0000000040)=0x18) [ 237.974179][ T8062] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.990168][ T8062] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.998457][ T8062] device bridge_slave_0 entered promiscuous mode [ 238.040809][ T8059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.047987][ T8062] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.060385][ T8062] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.068566][ T8062] device bridge_slave_1 entered promiscuous mode [ 238.092582][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.104350][ T3474] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.124063][ T3474] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.134557][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 238.161814][ T8071] IPVS: ftp: loaded support on port[0] = 21 [ 238.201042][ T8059] 8021q: adding VLAN 0 to HW filter on device team0 01:08:53 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x800000008, 0x7fff, 0x400000000000003b, 0x1}, 0x17c) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x400000, 0x0, 0x820000, 0x0}, 0x2c) [ 238.265417][ T8062] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 238.275953][ T8062] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 238.333829][ T8068] chnl_net:caif_netlink_parms(): no params data found [ 238.348154][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.359514][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.367929][ T2979] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.375059][ T2979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.390371][ T8064] chnl_net:caif_netlink_parms(): no params data found [ 238.415517][ T8062] team0: Port device team_slave_0 added [ 238.427430][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.437614][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.446048][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.453105][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.461152][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.492642][ T8062] team0: Port device team_slave_1 added [ 238.527720][ T8076] IPVS: ftp: loaded support on port[0] = 21 [ 238.593365][ T8064] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.600994][ T8064] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.608653][ T8064] device bridge_slave_0 entered promiscuous mode [ 238.618069][ T8064] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.625586][ T8064] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.633487][ T8064] device bridge_slave_1 entered promiscuous mode [ 238.702319][ T8062] device hsr_slave_0 entered promiscuous mode [ 238.769514][ T8062] device hsr_slave_1 entered promiscuous mode [ 238.830389][ T8068] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.837476][ T8068] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.845401][ T8068] device bridge_slave_0 entered promiscuous mode [ 238.853739][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.884040][ T8068] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.891218][ T8068] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.901770][ T8068] device bridge_slave_1 entered promiscuous mode [ 238.909397][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.918047][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.926620][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.935029][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.943403][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 238.951822][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 238.960069][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 238.972954][ T8064] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 239.002561][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 239.013014][ T8070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 239.028178][ T8059] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 239.037476][ T8064] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 239.088749][ T8068] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 239.100364][ T8068] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 239.118077][ T8064] team0: Port device team_slave_0 added [ 239.126394][ T8064] team0: Port device team_slave_1 added [ 239.194525][ T8068] team0: Port device team_slave_0 added [ 239.201568][ T8068] team0: Port device team_slave_1 added [ 239.219738][ T8059] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.227882][ T8071] chnl_net:caif_netlink_parms(): no params data found [ 239.282101][ T8068] device hsr_slave_0 entered promiscuous mode [ 239.339205][ T8068] device hsr_slave_1 entered promiscuous mode [ 239.432217][ T8064] device hsr_slave_0 entered promiscuous mode [ 239.489471][ T8064] device hsr_slave_1 entered promiscuous mode [ 239.586758][ T8076] chnl_net:caif_netlink_parms(): no params data found [ 239.686956][ T8062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.744452][ T8071] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.753083][ T8071] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.762246][ T8071] device bridge_slave_0 entered promiscuous mode [ 239.770021][ T8071] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.777079][ T8071] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.785294][ T8071] device bridge_slave_1 entered promiscuous mode [ 239.808693][ T8062] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.827168][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.835185][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.851244][ T8076] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.858496][ T8076] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.867046][ T8076] device bridge_slave_0 entered promiscuous mode [ 239.876061][ T8076] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.883371][ T8076] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.892241][ T8076] device bridge_slave_1 entered promiscuous mode [ 239.938233][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.946988][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.955939][ T3474] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.963028][ T3474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.971892][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.981340][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.989788][ T3474] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.996824][ T3474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.004448][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 240.014232][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.032107][ T8071] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 240.061525][ T8076] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 240.071824][ T8071] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 240.090706][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.102711][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.111528][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.120301][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 240.128651][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.147754][ T8062] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 240.161247][ T8062] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 240.176121][ T8076] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 240.195405][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 240.203530][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 240.212310][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 240.221367][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 240.229912][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 240.238029][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 240.260943][ T8071] team0: Port device team_slave_0 added [ 240.270713][ T8071] team0: Port device team_slave_1 added [ 240.292622][ T8076] team0: Port device team_slave_0 added [ 240.315679][ T8068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.325968][ T8076] team0: Port device team_slave_1 added [ 240.392178][ T8071] device hsr_slave_0 entered promiscuous mode [ 240.449419][ T8071] device hsr_slave_1 entered promiscuous mode 01:08:55 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={r1}, 0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)={r1, 0x0, 0x10}, &(0x7f0000000040)=0x18) [ 240.531148][ T8062] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.543723][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.553672][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.564639][ T8068] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.622252][ T8076] device hsr_slave_0 entered promiscuous mode [ 240.659278][ T8076] device hsr_slave_1 entered promiscuous mode [ 240.719515][ T8064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.759448][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.774992][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.792832][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.802015][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.810738][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.817775][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.820152][ C1] hrtimer: interrupt took 81451 ns [ 240.825652][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 240.838919][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.847296][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.854409][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.862787][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 240.871613][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.880477][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.889185][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.897716][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.917367][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 240.928650][ T8064] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.965443][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 01:08:55 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$netlink(r0, 0x10e, 0x0, 0x0, 0xffffffffffffffff) [ 240.974624][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 01:08:55 executing program 1: [ 241.002062][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 241.014082][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 241.029849][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 241.038511][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 01:08:56 executing program 1: 01:08:56 executing program 1: [ 241.070374][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.084583][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.095939][ T8067] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.103033][ T8067] bridge0: port 1(bridge_slave_0) entered forwarding state 01:08:56 executing program 1: [ 241.161790][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.195619][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 01:08:56 executing program 1: 01:08:56 executing program 1: [ 241.205358][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.229523][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.236601][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.246389][ T8068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 241.300818][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 241.316517][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 241.352988][ T8071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.366117][ T8068] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.385062][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.398396][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 241.407089][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 241.416767][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 241.425472][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 241.434044][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 241.443267][ T2979] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 241.484843][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 241.495240][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 241.523252][ T8076] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.540591][ T8064] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 241.556319][ T8071] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.565483][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.605757][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.616020][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.632391][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.643419][ T8076] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.666752][ T8064] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.699671][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.708235][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.722286][ T8067] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.729402][ T8067] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.737552][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.746305][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.754807][ T8067] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.761919][ T8067] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.769636][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 241.778055][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.786861][ T8067] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.793956][ T8067] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.802050][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 241.811098][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 241.819789][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.828038][ T8067] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.835119][ T8067] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.842772][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 241.851467][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 241.862870][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.870941][ T8067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.900886][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 241.923611][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.932294][ T8118] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 241.936335][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 241.956923][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.966326][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 241.981636][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 241.991594][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.000594][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 242.009482][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 242.017874][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 242.033030][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 242.046290][ T8071] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 242.065891][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 242.073984][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 242.082930][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.091929][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 01:08:57 executing program 2: 01:08:57 executing program 1: [ 242.127967][ T8071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.153829][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 242.163302][ T3474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 242.215780][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 242.229365][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 242.255057][ T8076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 242.343979][ T8076] 8021q: adding VLAN 0 to HW filter on device batadv0 01:08:58 executing program 4: 01:08:58 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={r1}, 0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)={r1, 0x0, 0x10}, &(0x7f0000000040)=0x18) 01:08:58 executing program 3: 01:08:58 executing program 1: 01:08:58 executing program 2: 01:08:58 executing program 5: 01:08:58 executing program 1: 01:08:58 executing program 2: 01:08:58 executing program 4: 01:08:58 executing program 3: 01:08:58 executing program 5: 01:08:58 executing program 3: 01:08:58 executing program 2: 01:08:59 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={r1}, 0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)={r1, 0x0, 0x10}, &(0x7f0000000040)=0x18) 01:08:59 executing program 1: 01:08:59 executing program 3: 01:08:59 executing program 4: 01:08:59 executing program 5: 01:08:59 executing program 2: 01:08:59 executing program 4: 01:08:59 executing program 2: 01:08:59 executing program 1: 01:08:59 executing program 3: 01:08:59 executing program 5: 01:08:59 executing program 2: 01:08:59 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)={r1, 0x0, 0x10}, &(0x7f0000000040)=0x18) 01:08:59 executing program 4: 01:08:59 executing program 5: 01:08:59 executing program 1: 01:08:59 executing program 3: 01:08:59 executing program 2: 01:08:59 executing program 4: 01:09:00 executing program 2: 01:09:00 executing program 5: 01:09:00 executing program 3: 01:09:00 executing program 1: 01:09:00 executing program 3: 01:09:00 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)={r1, 0x0, 0x10}, &(0x7f0000000040)=0x18) 01:09:00 executing program 1: 01:09:00 executing program 5: 01:09:00 executing program 4: 01:09:00 executing program 2: 01:09:00 executing program 3: 01:09:00 executing program 3: 01:09:00 executing program 4: 01:09:00 executing program 5: 01:09:00 executing program 1: 01:09:00 executing program 2: 01:09:01 executing program 4: 01:09:01 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)={r1, 0x0, 0x10}, &(0x7f0000000040)=0x18) 01:09:01 executing program 3: 01:09:01 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) ppoll(&(0x7f0000000180)=[{r0, 0x41a}], 0x1, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1a) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 01:09:01 executing program 5: timer_create(0x3, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x1c9c380}}, 0x0) timer_gettime(0x0, &(0x7f0000500ff0)) 01:09:01 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000100)={@dev={[], 0x15}, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "1ab7d8", 0x8, 0x3f, 0x0, @dev, @mcast1, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0) 01:09:01 executing program 4: ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, 0x0) openat$vhci(0xffffffffffffff9c, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000400)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) gettid() write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000640)=ANY=[], 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='stat\x00') preadv(r0, &(0x7f00000017c0), 0x1a1, 0x0) 01:09:01 executing program 3: 01:09:01 executing program 1: 01:09:01 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) socketpair(0x0, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/\x00~WMzU\xed\xbb\xc8\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb\xe9\x9cm\xb2\xb1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\x19sT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6d\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\"\x89\xbc\xe0b\xd1\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\xf7\xff\xff\xff\xff\xff\xff\xff\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xecv:\x1ba=\xd7G\xd5)\xeap\xef\x02\x98\xff\xf5f\x160\xb9\x9ay\xec\x82i\xaf\x9b\xe1x\xae\xca\x17\xfe\xfb\x14\xfd=\x00\x97Z\x99\x9dy\xba\x89M\xba\xe4\xc1\xa6\x06\x00\x00\x00\x00\x00\x00\x00x\"m\a\xe6:?E\x96~\x0e\xe8Y\xbbn\x0f0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000001440)={0xa, 0x4e22}, 0x1c) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) rt_sigsuspend(0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) open(0x0, 0x0, 0x0) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0) sendto$inet6(r2, 0x0, 0x11a, 0x20000005, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0) ioprio_get$uid(0x3, 0x0) clock_gettime(0x0, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) clock_settime(0x0, 0x0) shutdown(r2, 0x1) recvfrom$inet6(r2, &(0x7f0000000040)=""/31, 0x1f, 0x0, 0x0, 0x0) r3 = accept4(r1, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000000c0)='A', 0x1, 0x0, 0x0, 0x0) dup2(r3, r2) [ 247.272989][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 01:09:02 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0), 0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)={0x0, 0x0, 0x10}, &(0x7f0000000040)=0x18) 01:09:02 executing program 5: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(0x0, 0x7) memfd_create(&(0x7f0000000100)='ppp1/^/&vmnet1selfwlan1\x00', 0x4) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44803) fallocate(r0, 0x3, 0x0, 0x100000001) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @empty}, 0x10) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rfkill\x00', 0x80000, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x10001, 0x40) syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x7968e71e, 0x800) getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, &(0x7f0000000240), &(0x7f00000001c0)=0x68) r3 = syz_open_dev$usbmon(0x0, 0x40, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) r4 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x7704, 0x0) r5 = syz_open_pts(r1, 0x200) flock(r5, 0x4) ioctl$KDGKBTYPE(r3, 0x4b33, &(0x7f0000000200)) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x77a0100]}, @rand_addr="58c4c4a733d993a894f49491cb15d13e", @loopback, 0x0, 0x0, 0x0, 0x500}) getpeername$packet(0xffffffffffffff9c, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) 01:09:02 executing program 2: 01:09:02 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000b00)={0x0, 0x0, 0x8}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000a380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080), 0x297ef) socketpair$nbd(0x1, 0x1, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000100)='memory.high\x00', 0x2, 0x0) write$cgroup_int(r2, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) 01:09:02 executing program 4: 01:09:02 executing program 2: 01:09:02 executing program 4: 01:09:02 executing program 4: 01:09:02 executing program 2: 01:09:02 executing program 4: 01:09:03 executing program 1: 01:09:03 executing program 4: 01:09:03 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0), 0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)={0x0, 0x0, 0x10}, &(0x7f0000000040)=0x18) 01:09:03 executing program 2: 01:09:03 executing program 3: 01:09:03 executing program 5: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(0x0, 0x7) memfd_create(&(0x7f0000000100)='ppp1/^/&vmnet1selfwlan1\x00', 0x4) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x44803) fallocate(r0, 0x3, 0x0, 0x100000001) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @empty}, 0x10) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rfkill\x00', 0x80000, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x10001, 0x40) syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x7968e71e, 0x800) getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, &(0x7f0000000240), &(0x7f00000001c0)=0x68) r3 = syz_open_dev$usbmon(0x0, 0x40, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) r4 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x7704, 0x0) r5 = syz_open_pts(r1, 0x200) flock(r5, 0x4) ioctl$KDGKBTYPE(r3, 0x4b33, &(0x7f0000000200)) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x77a0100]}, @rand_addr="58c4c4a733d993a894f49491cb15d13e", @loopback, 0x0, 0x0, 0x0, 0x500}) getpeername$packet(0xffffffffffffff9c, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) 01:09:03 executing program 1: 01:09:03 executing program 4: [ 248.551208][ T8322] ================================================================== [ 248.559559][ T8322] BUG: KASAN: null-ptr-deref in reclaim_high.constprop.0+0xa6/0x1e0 [ 248.567607][ T8322] Read of size 8 at addr 0000000000000138 by task syz-executor3/8322 [ 248.575672][ T8322] [ 248.578002][ T8322] CPU: 1 PID: 8322 Comm: syz-executor3 Not tainted 5.0.0-rc4-next-20190130 #22 [ 248.578013][ T8322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.578019][ T8322] Call Trace: [ 248.578084][ T8322] dump_stack+0x1db/0x2d0 [ 248.578106][ T8322] ? dump_stack_print_info.cold+0x20/0x20 [ 248.578123][ T8322] ? reclaim_high.constprop.0+0xa6/0x1e0 [ 248.578187][ T8322] ? vprintk_func+0x86/0x189 [ 248.578210][ T8322] ? reclaim_high.constprop.0+0xa6/0x1e0 [ 248.578223][ T8322] ? reclaim_high.constprop.0+0xa6/0x1e0 [ 248.605472][ T8322] kasan_report.cold+0x5/0x40 [ 248.605496][ T8322] ? reclaim_high.constprop.0+0xa6/0x1e0 [ 248.616861][ T8322] check_memory_region+0x123/0x190 01:09:03 executing program 1: [ 248.616880][ T8322] kasan_check_read+0x11/0x20 [ 248.616895][ T8322] reclaim_high.constprop.0+0xa6/0x1e0 [ 248.616952][ T8322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 248.616970][ T8322] ? memcg_oom_wake_function+0x6b0/0x6b0 [ 248.617018][ T8322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 248.627189][ T8322] ? syscall_return_slowpath+0x519/0x5f0 [ 248.627262][ T8322] ? trace_hardirqs_off_caller+0x300/0x300 [ 248.627284][ T8322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 248.637579][ T8322] ? retint_kernel+0x2d/0x2d [ 248.637600][ T8322] mem_cgroup_handle_over_high+0xc1/0x180 [ 248.637620][ T8322] exit_to_usermode_loop+0x299/0x3b0 [ 248.637635][ T8322] ? ret_from_fork+0x15/0x50 [ 248.637651][ T8322] ? syscall_trace_enter+0x12a0/0x12a0 [ 248.637670][ T8322] ? _raw_spin_unlock_irq+0x28/0x90 [ 248.707105][ T8322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 248.707132][ T8322] syscall_return_slowpath+0x519/0x5f0 [ 248.707150][ T8322] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 248.707170][ T8322] ? _raw_spin_unlock_irq+0x5e/0x90 [ 248.707187][ T8322] ret_from_fork+0x15/0x50 01:09:03 executing program 1: [ 248.707199][ T8322] RIP: 0033:0x45665a [ 248.707222][ T8322] Code: Bad RIP value. [ 248.717841][ T8322] RSP: 002b:00007ffec460bf60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 248.717856][ T8322] RAX: 0000000000000000 RBX: 00007ffec460bf60 RCX: 000000000045665a [ 248.717865][ T8322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 248.717874][ T8322] RBP: 00007ffec460bfa0 R08: 0000000000000001 R09: 0000000001c1a940 [ 248.717883][ T8322] R10: 0000000001c1ac10 R11: 0000000000000246 R12: 0000000000000001 01:09:03 executing program 2: 01:09:03 executing program 4: 01:09:03 executing program 1: [ 248.717892][ T8322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 [ 248.717935][ T8322] ================================================================== [ 248.771663][ T3865] kobject: 'loop1' (00000000eaf933a8): kobject_uevent_env [ 248.773395][ T8322] Disabling lock debugging due to kernel taint [ 248.787031][ T3865] kobject: 'loop1' (00000000eaf933a8): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 248.800875][ T8322] Kernel panic - not syncing: panic_on_warn set ... [ 248.842765][ T3865] kobject: 'loop4' (00000000fa42ef6a): kobject_uevent_env 01:09:03 executing program 1: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) clone(0x1001fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0xc0045878, &(0x7f0000000000)=0xfffffffffffffff7) [ 248.843290][ T8322] CPU: 1 PID: 8322 Comm: syz-executor3 Tainted: G B 5.0.0-rc4-next-20190130 #22 [ 248.860683][ T8322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.866716][ T3865] kobject: 'loop4' (00000000fa42ef6a): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 248.870729][ T8322] Call Trace: [ 248.870753][ T8322] dump_stack+0x1db/0x2d0 [ 248.870769][ T8322] ? dump_stack_print_info.cold+0x20/0x20 [ 248.870870][ T8322] panic+0x2cb/0x65c [ 248.892722][ T3865] kobject: 'loop2' (00000000cd225c22): kobject_uevent_env [ 248.894316][ T8322] ? add_taint.cold+0x16/0x16 [ 248.894348][ T8322] ? reclaim_high.constprop.0+0xa6/0x1e0 [ 248.894379][ T8322] ? preempt_schedule+0x4b/0x60 [ 248.894400][ T8322] ? ___preempt_schedule+0x16/0x18 [ 248.905481][ T3865] kobject: 'loop2' (00000000cd225c22): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 248.910028][ T8322] ? trace_hardirqs_on+0xb4/0x310 [ 248.910045][ T8322] ? reclaim_high.constprop.0+0xa6/0x1e0 [ 248.910061][ T8322] end_report+0x47/0x4f [ 248.910080][ T8322] ? reclaim_high.constprop.0+0xa6/0x1e0 [ 248.926106][ T3865] kobject: 'loop1' (00000000eaf933a8): kobject_uevent_env [ 248.935797][ T8322] kasan_report.cold+0xe/0x40 [ 248.935813][ T8322] ? reclaim_high.constprop.0+0xa6/0x1e0 [ 248.935827][ T8322] check_memory_region+0x123/0x190 [ 248.935847][ T8322] kasan_check_read+0x11/0x20 [ 248.968254][ T3865] kobject: 'loop1' (00000000eaf933a8): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 248.973587][ T8322] reclaim_high.constprop.0+0xa6/0x1e0 [ 248.973603][ T8322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 248.973617][ T8322] ? memcg_oom_wake_function+0x6b0/0x6b0 [ 248.973642][ T8322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 248.983240][ T3865] kobject: 'loop1' (00000000eaf933a8): kobject_uevent_env [ 248.983437][ T8322] ? syscall_return_slowpath+0x519/0x5f0 [ 249.005618][ T3865] kobject: 'loop1' (00000000eaf933a8): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 249.009900][ T8322] ? trace_hardirqs_off_caller+0x300/0x300 [ 249.009924][ T8322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 249.009938][ T8322] ? retint_kernel+0x2d/0x2d [ 249.009957][ T8322] mem_cgroup_handle_over_high+0xc1/0x180 [ 249.009978][ T8322] exit_to_usermode_loop+0x299/0x3b0 [ 249.064882][ T8322] ? ret_from_fork+0x15/0x50 [ 249.069486][ T8322] ? syscall_trace_enter+0x12a0/0x12a0 [ 249.073392][ T3865] kobject: 'loop2' (00000000cd225c22): kobject_uevent_env [ 249.074957][ T8322] ? _raw_spin_unlock_irq+0x28/0x90 [ 249.074973][ T8322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 249.074998][ T8322] syscall_return_slowpath+0x519/0x5f0 [ 249.088217][ T3865] kobject: 'loop2' (00000000cd225c22): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 249.092545][ T8322] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 249.092562][ T8322] ? _raw_spin_unlock_irq+0x5e/0x90 [ 249.092578][ T8322] ret_from_fork+0x15/0x50 [ 249.092595][ T8322] RIP: 0033:0x45665a [ 249.110545][ T3865] kobject: 'loop4' (00000000fa42ef6a): kobject_uevent_env [ 249.113880][ T8322] Code: Bad RIP value. [ 249.113889][ T8322] RSP: 002b:00007ffec460bf60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 249.113917][ T8322] RAX: 0000000000000000 RBX: 00007ffec460bf60 RCX: 000000000045665a [ 249.130371][ T3865] kobject: 'loop4' (00000000fa42ef6a): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 249.134469][ T8322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 249.134478][ T8322] RBP: 00007ffec460bfa0 R08: 0000000000000001 R09: 0000000001c1a940 [ 249.134487][ T8322] R10: 0000000001c1ac10 R11: 0000000000000246 R12: 0000000000000001 [ 249.134494][ T8322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003 [ 249.139671][ T8322] Kernel Offset: disabled [ 249.202194][ T8322] Rebooting in 86400 seconds..