[   56.697460] audit: type=1800 audit(1538740340.734:27): pid=6060 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   58.317296] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.
[   59.611490] random: sshd: uninitialized urandom read (32 bytes read)
[   59.983567] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   62.245548] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts.
[   67.984377] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/05 11:52:34 fuzzer started
[   72.658409] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/05 11:52:39 dialing manager at 10.128.0.26:36867
2018/10/05 11:52:39 syscalls: 1
2018/10/05 11:52:39 code coverage: enabled
2018/10/05 11:52:39 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/05 11:52:39 setuid sandbox: enabled
2018/10/05 11:52:39 namespace sandbox: enabled
2018/10/05 11:52:39 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/05 11:52:39 fault injection: enabled
2018/10/05 11:52:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/05 11:52:39 net packed injection: enabled
2018/10/05 11:52:39 net device setup: enabled
[   77.776259] random: crng init done
11:54:45 executing program 0:

[  202.526222] IPVS: ftp: loaded support on port[0] = 21
[  204.925844] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.932474] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.940939] device bridge_slave_0 entered promiscuous mode
[  205.081718] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.088563] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.097164] device bridge_slave_1 entered promiscuous mode
[  205.239257] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  205.380621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  205.811398] bond0: Enslaving bond_slave_0 as an active interface with an up link
11:54:49 executing program 1:

[  205.956036] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  206.388330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  206.395608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  206.667986] IPVS: ftp: loaded support on port[0] = 21
[  207.129409] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  207.137746] team0: Port device team_slave_0 added
[  207.376438] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  207.384708] team0: Port device team_slave_1 added
[  207.576206] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  207.583419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  207.592483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.873268] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  207.880306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.889653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  208.071861] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  208.079532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  208.088919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  208.273346] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  208.280962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  208.290063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  209.884792] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.891258] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.900246] device bridge_slave_0 entered promiscuous mode
[  210.120339] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.127024] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.135603] device bridge_slave_1 entered promiscuous mode
[  210.349829] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  210.563755] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  211.115728] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.122317] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.129248] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.135847] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.145111] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  211.269927] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  211.353746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  211.540254] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  211.835565] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  211.842768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  212.051959] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  212.059083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
11:54:56 executing program 2:

[  212.838237] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  212.846404] team0: Port device team_slave_0 added
[  213.155819] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  213.164060] team0: Port device team_slave_1 added
[  213.263029] IPVS: ftp: loaded support on port[0] = 21
[  213.494820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  213.502007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  213.510960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  213.682889] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  213.689943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  213.699057] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  213.926836] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  213.934514] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  213.943696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  214.257619] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  214.265331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  214.274497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  217.550501] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.557071] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.564100] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.570658] bridge0: port 1(bridge_slave_0) entered forwarding state
[  217.579650] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  217.722016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  218.060841] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.067481] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.076242] device bridge_slave_0 entered promiscuous mode
[  218.335256] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.341886] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.350254] device bridge_slave_1 entered promiscuous mode
[  218.702176] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  218.974480] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  219.802597] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  220.140762] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  220.428107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  220.436094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  220.745021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  220.752241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
11:55:05 executing program 3:

[  221.666116] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  221.674317] team0: Port device team_slave_0 added
[  222.021068] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  222.029308] team0: Port device team_slave_1 added
[  222.218375] IPVS: ftp: loaded support on port[0] = 21
[  222.385713] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  222.392984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  222.402077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  222.600930] 8021q: adding VLAN 0 to HW filter on device bond0
[  222.724307] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  222.781803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  222.790901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  223.090238] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  223.097947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  223.107147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  223.493851] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  223.501447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  223.510676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  224.061172] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  225.267859] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  225.274396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  225.282465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  226.643144] 8021q: adding VLAN 0 to HW filter on device team0
[  227.433005] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.439510] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.446690] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.453226] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.462358] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  228.096457] bridge0: port 1(bridge_slave_0) entered blocking state
[  228.103129] bridge0: port 1(bridge_slave_0) entered disabled state
[  228.111806] device bridge_slave_0 entered promiscuous mode
[  228.347087] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  228.450062] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.456751] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.465371] device bridge_slave_1 entered promiscuous mode
[  228.844752] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  229.199922] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  230.320775] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  230.697100] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  231.095420] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  231.102612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  231.362165] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  231.369223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  231.588970] 8021q: adding VLAN 0 to HW filter on device bond0
11:55:16 executing program 4:

[  232.682573] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  232.690652] team0: Port device team_slave_0 added
[  233.139256] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  233.147383] team0: Port device team_slave_1 added
[  233.174778] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  233.309783] IPVS: ftp: loaded support on port[0] = 21
[  233.606693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  233.614047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  233.623700] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  234.089884] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  234.097524] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  234.106507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  234.570282] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  234.578474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  234.589356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  234.812429] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  234.818806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  234.827216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  235.006504] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  235.015013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  235.024575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
11:55:19 executing program 0:

11:55:20 executing program 0:
clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff)
wait4(0x0, &(0x7f00000001c0), 0x40000000, &(0x7f0000000200))
r0 = gettid()
syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/uts\x00')
r1 = getpid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
rt_sigqueueinfo(r1, 0x21, &(0x7f0000000180))
r3 = creat(&(0x7f0000000040)='./file0\x00', 0x14)
ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000080)={0x1, 0x1, [@local]})

[  236.514618] 8021q: adding VLAN 0 to HW filter on device team0
11:55:20 executing program 0:
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl(r0, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070")
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='/exe\x00\x00\x00\x00\x00\x00')
fcntl$setstatus(r1, 0x4, 0x46000)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil})
ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, &(0x7f00000000c0)={0x0, 0x400100000000})
preadv(r1, &(0x7f0000000040), 0x10000000000000a6, 0x0)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000000), &(0x7f0000000040)=0x4)

11:55:21 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r1=>0x0)
move_pages(r1, 0x1, &(0x7f0000000140)=[&(0x7f0000ffc000/0x2000)=nil], &(0x7f0000000180)=[0xfffffffffffff000, 0x7ff, 0x6, 0x6, 0x1, 0x100000000, 0x2], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r2=>0x0]}, &(0x7f000095dffc)=0x8)
r3 = socket$inet6(0xa, 0x80003, 0x800000000000006)
ioctl(r3, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r4 = socket(0xa, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7b, &(0x7f0000000040)={<r5=>r2}, &(0x7f0000000100)=0x8)
close(r4)
getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x7a, &(0x7f00000000c0)={r5}, &(0x7f00000001c0)=0x10)
sendmsg$inet_sctp(r4, &(0x7f0000000380)={&(0x7f0000000080)=@in={0x2, 0x0, @local}, 0x10, &(0x7f0000000200)=[{&(0x7f00000002c0)="90", 0x1}], 0x1, &(0x7f0000000440)=[@sndinfo={0x20}], 0x20}, 0x0)

11:55:22 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000de2ff4), 0xc, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000001041b01ffff000000000000000000000000080015000000000008000000fbcf4ae9bc73677cdc6b40f15de58eb587a479d21f2f821223b6bfc2c3a1410acbfc278b42e1dae618b2b29e0f26dfec94de4acff6ed9f615a5bf08304c3de7ed5c59ed3b0b87e3ca13ad00f1425f79b2b8b3a41cf63e12e9ef317b11672ecd587ebf8f01a3ac466f4f73c76c619ce964e92bc6c5e5bfc14c8502dce5b4af5cb3366ecc17141015b6b371eed115475a994d240979e8b10d74834bdcf02381940", @ANYRES32=0x0], 0x24}}, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000280), 0x0)

[  238.588104] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'.
[  238.630163] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'.
11:55:23 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000080)=""/18)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_adjtime(0x7, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xd795, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3})

11:55:23 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000340))
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000000)=0x5)
read(r1, &(0x7f0000000540)=""/11, 0xb)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x80, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000080)={0x0, 0x0, [0x3, 0x80, 0x5, 0x1]})
r3 = syz_open_pts(r1, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x7)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x231, 0xffffffffffffffff, 0x0)
dup3(r3, r1, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x0)

[  239.773529] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.780007] bridge0: port 2(bridge_slave_1) entered forwarding state
[  239.787061] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.793581] bridge0: port 1(bridge_slave_0) entered forwarding state
[  239.802448] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
11:55:24 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/hwrng\x00', 0x10000, 0x0)
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000400)=0x8)
sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=@newlink={0x40, 0x10, 0x3eb80125379cfe6d, 0x0, 0x0, {}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x7000000}, @IFLA_LINKINFO={0x18, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0x4}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x5}, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000180)={{{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000280)=0xe8)
sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001500000027bd7000fedbdf250ac822ff", @ANYRES32=r2, @ANYBLOB="14000200ff020000020010000000000000000001481322eb4c9c7678d34fd54c6eb4b3af8a750c24ccfdea99c707ac50fe5bd8256418cec9c4a8d44bba4eabfa12892c332d786e36d8e9cbef"], 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x40)
fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:hostname_exec_t:s0\x00', 0x25, 0x0)

[  240.181962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  240.384327] syz-executor0: vmalloc: allocation failure: 22548578304 bytes, mode:0x6084c0(GFP_KERNEL|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null)
[  240.398316] syz-executor0 cpuset=syz0 mems_allowed=0
[  240.403836] CPU: 1 PID: 7040 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63
[  240.411075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  240.420925] Call Trace:
[  240.423605]  dump_stack+0x306/0x460
[  240.427324]  warn_alloc+0x4c1/0x6f0
[  240.431026]  ? kmsan_set_origin_inline+0x6b/0x120
[  240.436020]  __vmalloc_node_range+0x203/0x1140
[  240.440712]  __vmalloc_node_flags_caller+0x12b/0x140
[  240.445879]  ? alloc_netdev_mqs+0x114d/0x1660
[  240.450432]  ? alloc_netdev_mqs+0x114d/0x1660
[  240.455000]  kvmalloc_node+0x3a1/0x3e0
[  240.458959]  alloc_netdev_mqs+0x114d/0x1660
[  240.463358]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  240.468885]  ? prepare_ip6gre_xmit_ipv6+0x8f0/0x8f0
[  240.473967]  rtnl_create_link+0x3e6/0xf50
[  240.478210]  rtnl_newlink+0x250d/0x39a0
[  240.482252]  ? rtnl_newlink+0x1751/0x39a0
[  240.486596]  ? kmsan_set_origin+0x83/0x140
[  240.490944]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[  240.496414]  ? __msan_get_context_state+0x9/0x30
[  240.501276]  ? INIT_INT+0xc/0x30
[  240.504790]  ? rtnl_setlink+0x6f0/0x6f0
[  240.508820]  rtnetlink_rcv_msg+0xa53/0x1590
[  240.513271]  ? __msan_poison_alloca+0x17a/0x210
[  240.518385]  ? kmsan_set_origin_inline+0x6b/0x120
[  240.523465]  ? kmsan_set_origin_inline+0x6b/0x120
[  240.528411]  ? kmsan_set_origin+0x83/0x140
[  240.532732]  netlink_rcv_skb+0x394/0x640
[  240.536861]  ? rtnetlink_bind+0x120/0x120
[  240.541091]  rtnetlink_rcv+0x50/0x60
[  240.544879]  netlink_unicast+0x166d/0x1720
[  240.549205]  ? rtnetlink_net_exit+0x90/0x90
[  240.553629]  netlink_sendmsg+0x1391/0x1420
[  240.558009]  ___sys_sendmsg+0xe47/0x1200
[  240.562161]  ? netlink_getsockopt+0x1560/0x1560
[  240.566945]  ? __fget+0x8f7/0x940
[  240.570531]  ? __fdget+0x318/0x430
[  240.574194]  __se_sys_sendmsg+0x307/0x460
[  240.578476]  __x64_sys_sendmsg+0x4a/0x70
[  240.582603]  do_syscall_64+0xbe/0x100
[  240.586485]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  240.591734] RIP: 0033:0x457579
[  240.594993] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  240.613954] RSP: 002b:00007fbec1b1dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  240.622350] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  240.630191] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  240.637529] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  240.644852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbec1b1e6d4
[  240.652188] R13: 00000000004c38b9 R14: 00000000004d5700 R15: 00000000ffffffff
[  240.659843] Mem-Info:
[  240.662521] active_anon:68067 inactive_anon:113 isolated_anon:0
[  240.662521]  active_file:7393 inactive_file:34413 isolated_file:0
[  240.662521]  unevictable:0 dirty:12 writeback:0 unstable:0
[  240.662521]  slab_reclaimable:3723 slab_unreclaimable:7513
[  240.662521]  mapped:46706 shmem:119 pagetables:737 bounce:0
[  240.662521]  free:1018289 free_pcp:768 free_cma:0
[  240.696255] Node 0 active_anon:272268kB inactive_anon:452kB active_file:29572kB inactive_file:137768kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:186824kB dirty:48kB writeback:0kB shmem:476kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 147456kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[  240.725070] Node 0 DMA free:15904kB min:144kB low:180kB high:216kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  240.751966] lowmem_reserve[]: 0 2803 7229 7229
[  240.756687] Node 0 DMA32 free:2873792kB min:26148kB low:32684kB high:39220kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2875232kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1440kB local_pcp:0kB free_cma:0kB
[  240.784658] lowmem_reserve[]: 0 0 4425 4425
[  240.789108] Node 0 Normal free:1183124kB min:41284kB low:51604kB high:61924kB active_anon:272268kB inactive_anon:452kB active_file:29572kB inactive_file:138000kB unevictable:0kB writepending:48kB present:4718592kB managed:4532152kB mlocked:0kB kernel_stack:11072kB pagetables:2948kB bounce:0kB free_pcp:1596kB local_pcp:1068kB free_cma:0kB
[  240.819507] lowmem_reserve[]: 0 0 0 0
[  240.823551] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB
[  240.837523] Node 0 DMA32: 4*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 3*256kB (M) 2*512kB (M) 2*1024kB (M) 3*2048kB (M) 699*4096kB (M) = 2873792kB
[  240.853574] Node 0 Normal: 2*4kB (ME) 2*8kB (UE) 1*16kB (M) 5*32kB (UME) 7*64kB (UE) 6*128kB (UME) 2*256kB (UM) 2*512kB (UE) 4*1024kB (UME) 2*2048kB (ME) 286*4096kB (UM) = 1182600kB
[  240.870641] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  240.879667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  240.888457] 42108 total pagecache pages
[  240.893373] 0 pages in swap cache
[  240.897062] Swap cache stats: add 0, delete 0, find 0/0
[  240.902669] Free swap  = 0kB
[  240.905733] Total swap = 0kB
[  240.908793] 1965979 pages RAM
[  240.912279] 0 pages HighMem/MovableOnly
[  240.916292] 110157 pages reserved
[  240.919778] 0 pages cma reserved
[  240.936614] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.943425] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.951969] device bridge_slave_0 entered promiscuous mode
[  241.091321] syz-executor0: vmalloc: allocation failure: 22548578304 bytes, mode:0x6084c0(GFP_KERNEL|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null)
[  241.105029] syz-executor0 cpuset=syz0 mems_allowed=0
[  241.110245] CPU: 0 PID: 7043 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63
[  241.117503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  241.126895] Call Trace:
[  241.129557]  dump_stack+0x306/0x460
[  241.133256]  warn_alloc+0x4c1/0x6f0
[  241.136948]  ? kmsan_set_origin_inline+0x6b/0x120
[  241.141924]  __vmalloc_node_range+0x203/0x1140
[  241.146601]  __vmalloc_node_flags_caller+0x12b/0x140
[  241.151779]  ? alloc_netdev_mqs+0x114d/0x1660
[  241.156324]  ? alloc_netdev_mqs+0x114d/0x1660
[  241.160898]  kvmalloc_node+0x3a1/0x3e0
[  241.164850]  alloc_netdev_mqs+0x114d/0x1660
[  241.169248]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  241.174770]  ? prepare_ip6gre_xmit_ipv6+0x8f0/0x8f0
[  241.179842]  rtnl_create_link+0x3e6/0xf50
[  241.184070]  rtnl_newlink+0x250d/0x39a0
[  241.188130]  ? rtnl_newlink+0x1751/0x39a0
[  241.192476]  ? kmsan_set_origin+0x83/0x140
[  241.196810]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[  241.202282]  ? __msan_get_context_state+0x9/0x30
[  241.207127]  ? INIT_BOOL+0x17/0x30
[  241.210769]  ? refcount_sub_and_test_checked+0x5ba/0x6c0
[  241.216352]  ? rtnl_setlink+0x6f0/0x6f0
[  241.220380]  rtnetlink_rcv_msg+0xa53/0x1590
[  241.224829]  ? __msan_poison_alloca+0x17a/0x210
[  241.229584]  ? kmsan_set_origin_inline+0x6b/0x120
[  241.234550]  ? kmsan_set_origin_inline+0x6b/0x120
[  241.239699]  ? kmsan_set_origin+0x83/0x140
[  241.244012]  netlink_rcv_skb+0x394/0x640
[  241.248133]  ? rtnetlink_bind+0x120/0x120
[  241.252358]  rtnetlink_rcv+0x50/0x60
[  241.256133]  netlink_unicast+0x166d/0x1720
[  241.260448]  ? rtnetlink_net_exit+0x90/0x90
[  241.264854]  netlink_sendmsg+0x1391/0x1420
[  241.269225]  ___sys_sendmsg+0xe47/0x1200
[  241.273360]  ? netlink_getsockopt+0x1560/0x1560
[  241.278124]  ? __fget+0x8f7/0x940
[  241.281735]  ? __fdget+0x318/0x430
[  241.285359]  __se_sys_sendmsg+0x307/0x460
[  241.289641]  __x64_sys_sendmsg+0x4a/0x70
[  241.293768]  do_syscall_64+0xbe/0x100
[  241.297648]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  241.302893] RIP: 0033:0x457579
[  241.306140] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  241.325155] RSP: 002b:00007fbec1afcc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  241.333130] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  241.340448] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004
[  241.347763] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  241.355080] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbec1afd6d4
[  241.362412] R13: 00000000004c38b9 R14: 00000000004d5700 R15: 00000000ffffffff
[  241.381825] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.388272] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.396879] device bridge_slave_1 entered promiscuous mode
[  241.832771] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  242.090139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  243.302159] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  243.646292] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  243.839048] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.965743] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  243.972955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  244.254999] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  244.262117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  245.062945] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  245.233250] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  245.241337] team0: Port device team_slave_0 added
[  245.480263] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  245.488715] team0: Port device team_slave_1 added
[  245.746958] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  245.754141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  245.762972] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
11:55:30 executing program 1:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000840))
r1 = syz_open_dev$sndpcmp(&(0x7f0000000880)='/dev/snd/pcmC#D#p\x00', 0x24, 0x10000)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000013c0)={{{@in=@local, @in6=@mcast2}}, {{@in6=@local}, 0x0, @in=@multicast1}}, &(0x7f00000008c0)=0xe8)
r2 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000000c0), &(0x7f0000000340)="46ac5128da090e4899c38028efeb85968ead969e21e33725a7edc030260cdb3ca79964a6e93ce51185f005b7dac052cb797af438c32c29b736fb12c63dd0e504445044a1ae9c10fd8171232ed7dcb08e9acaf4c569c4c16c5c47994118fc35ff7f03407dc7093fa7d3132d276a10768b2711cd1c6ecd3545692431856b6e0651412ff7b73711097f061a1b67f6c3d7605eab3b675b6c061e6ef32b7ea8847b6f84da1334d35322b94447bfaca74b152eb64cfa54cb63126c2cc662e7898e6459ed40c4566403f303d341c9c34c6049d9f8e1c2a9483f003c20e66886d0e1629f498668c202f183de294d03da07c9f5feb65bc196554a79a2f255828c1f1cf9a09654f9df849443e8d290debcc78efbdca391a348b33f18ef618011273faa1f095298dd71db08a90e177a1e9a0c771deca3b51670a26850b89d4439574328c19d9e91766dd52169e0ad5011e4acc005861b3b3146d67445e6f6c75ce4af9d8db6963887d79113613267c5bc42fb0aca828590fb291ce8836d3cd391d364efdbb7015d8ec643d83b623380c21c6ebbf774498c94e60838a45d4692bfe73aaea2bbcecb6dcec20e5aa48a950428e2372009212f2f6be608cdec5ff84108f3f3d2e42c99a6d4cd4577ec9f39a51533efe71d494ccadb66eddd4cc0e56b33eefb0ada68ae36c905a977d9042a63299d2130f4e85357b0078c31bc45b00f5ccd879a6735d85882bfddbc6f2cff4a2b976b29e5a8adc74893c748b297a660ba0f64ad8a6ac6fcf180b6a4357ad6733cb75035cd58631142bd720cf52bcd1438647cbe1058e32d33c38f1327bef3f6b1c815ab4f2d47366473ae37c65a2d1df88823dd4c326d640c50e5bddfa976f04cd034331b632cd7a8bbc838081f28f6e24ed646721cea36e56501f9085e428a6c94b7ba5431f59651f36c8f715e4547ffed53c03cc58d2d4382193625cf69c197c4eb3c3c86c291d693837ab7eb23d61d2518379f0c61acf67425afa1ff8d1fac196a7ef9f6f9b514a2028ae010d1bf10833940294c400401ec706ce366dc4c62f6c55c6985a31592360cc7e6cc30a90cae18", 0x2fe, 0xfffffffffffffffd)
r3 = fcntl$getown(0xffffffffffffffff, 0x9)
kcmp$KCMP_EPOLL_TFD(r3, r3, 0x7, r0, &(0x7f0000000640)={0xffffffffffffffff, r0, 0x3})
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f0000000700)={{0x8, 0x6, 0x5, 0xed22, 'syz1\x00'}, 0x1, 0x8, 0x81, r3, 0x2, 0x9, 'syz0\x00', &(0x7f0000000300)=['\x00', '(.%md5sum-@eth0systembdev\x00'], 0x1b, [], [0xe1, 0x3, 0x5, 0xf225]})
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000000)=0x6)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000009c0)=@req={0x1, 0x4, 0x0, 0xd6}, 0x10)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x5)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000001c0)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000140), r4}}, 0x18)
getgroups(0x0, &(0x7f0000001a80))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000003c0), 0xffffffffffffffff)
mknod(&(0x7f0000000a00)='./file0\x00', 0x461, 0x9)
keyctl$assume_authority(0x10, r2)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000900)='./file0\x00', &(0x7f0000000940)='trusted.overlay.opaque\x00', &(0x7f0000000980)='y\x00', 0x2, 0x2)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000680)=ANY=[@ANYBLOB="f6e100005c458da2e82bf85446d757b5c93ee25e2584a6a3ff90", @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000a80)=0x3)
execve(&(0x7f0000000100)='./file0\x00', &(0x7f00000006c0)=[&(0x7f00000005c0)='\x00'], &(0x7f00000002c0)=[&(0x7f0000000180)="03", &(0x7f0000000240)=']\x00'])

[  246.152153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  246.159220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  246.168022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  246.272445] hrtimer: interrupt took 63055 ns
[  246.283131] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  246.289440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  246.297355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  246.568610] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  246.576392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  246.585700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  246.896448] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  246.904687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  246.913785] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  247.485425] 8021q: adding VLAN 0 to HW filter on device team0
[  249.487272] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.493854] bridge0: port 2(bridge_slave_1) entered forwarding state
[  249.500781] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.507403] bridge0: port 1(bridge_slave_0) entered forwarding state
[  249.516046] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  249.522882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  252.004894] 8021q: adding VLAN 0 to HW filter on device bond0
11:55:36 executing program 2:
r0 = socket$kcm(0xa, 0x802, 0x88)
sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @mcast2, 0x9}, 0x80, &(0x7f00000014c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="3800000000000000290000000400000078040401000000c0073510501f0de282f2fa9ffbff0000b4fe2cd0b0fa510000000000f878002000"], 0x38}, 0x8000)
sendmsg(r0, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000025c0)}, 0x0)

[  252.917958] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  253.457381] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  253.463847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  253.471849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  254.021245] 8021q: adding VLAN 0 to HW filter on device team0
[  256.464668] 8021q: adding VLAN 0 to HW filter on device bond0
[  257.007259] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
11:55:41 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=ANY=[], &(0x7f0000000080)='syzkalleP\x00', 0x0, 0xf1, &(0x7f0000000180)=""/206}, 0x31)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a7849d2f591000000004e"}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c)
perf_event_open(&(0x7f0000000680)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18)
socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000300))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r0, 0x50, &(0x7f0000000280)}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10)

[  257.562906] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  257.569456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  257.577659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  257.943125] 8021q: adding VLAN 0 to HW filter on device team0
11:55:44 executing program 4:
socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(0xffffffffffffffff)
r1 = getpid()
perf_event_open(&(0x7f0000000480)={0x0, 0x70, 0x0, 0x1, 0x8000, 0x0, 0x0, 0x0, 0x10000, 0x6, 0x5, 0x1, 0x5, 0x3, 0x7fffffff, 0x5, 0x1, 0x6, 0x0, 0x9, 0x0, 0x7, 0x9, 0x7fff, 0x10000, 0x3e000000, 0x5, 0x80, 0x0, 0x0, 0x2, 0x4, 0x0, 0xc740, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000440), 0x9}, 0x800, 0x0, 0x1, 0x4, 0x147660000, 0x6, 0x985}, r1, 0x0, 0xffffffffffffffff, 0xb)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair(0x0, 0x7, 0x8000, &(0x7f0000000140)={<r2=>0xffffffffffffffff})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000300)="6c6f00966fd651b959a9c84a2c00d297c00edc0d")
ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f0000000940)=0x2)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280), 0x12)
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000680)="6c6f00966f380f64a1e3d75d627d1fa159ad34909d60d298000000202759175d1563ca52dd984f43891be784e2058077d27c448d4b144278cb7548c2ee63bf3c3e591afc1f394f4281891836c571406eb4b673b00000fc0000080000daefec45ecd549b29bfe8d903f00e9e47e673ac1b2616a96bba7e2c0dcf95108eb167f5411d30d37e62266cf8eab640f747082aed2158e2b63f6bfe1343ea62da563ded7abea1ff873329c5646d518fe0e8f20010000792efc2a82a5a17035c87bf7efabe899eb77238a741c80fcb095a2a7d72c595d45388358f546dc882df5b0b55edb1ab6aa14e2b90d685e4a2dd1ba556e04276c1be06fdbc891251cb5bfb690b4c27f5d2fb3e7c92794cf496fdf0495b506841f483edac504209488eb27d43b367fd9992d1b7c478dd4b925aa51a04b100393e1cce76d8027f0a5ed280da80f26b1f3ff300c82255f928b44b9d9e7f2e4c16923dc8741b9c70d92fa1111b51f039ddd1b6adfac67e3a053d38ae16e97eaf5a0270be9a0f12066aa6ecfb569b664bc920bd5381608b35f3aa4210a79c4260a574d4da8c40b9f016ff4ab26b6170250c3214ea18622d704f1c021edffee24c8398c4230d16444e0495088a2f2599a662424f18196f750acca803a21b49423cb5e9f2703e393b982bfcfc4e3f7034f68f272ca8f66bb2f9f2aaf1a20a5a03f254da58698fa342731c70c3ccc40e88aac2edee4c7f59c6ba43021e91424b3056db56ded0c7493d8a3802759b905bb747cbebc7a0af3f570f89f7e1bd00b1c51")
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r4, 0x4008240b, &(0x7f0000000380)={0x5, 0x70, 0x1, 0x8001, 0x0, 0x20, 0x0, 0x0, 0x200, 0x0, 0x9, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x797, 0x0, 0x0, 0x5, 0x0, 0x3, 0xdba4, 0x7fff, 0x0, 0x0, 0xffffffff80000000, 0x9, 0x40, 0x1000, 0x0, 0x0, 0x0, 0xc6b6, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000340), 0x2}, 0x8, 0x0, 0x2, 0x0, 0x0, 0x36})
ioctl$TUNSETVNETBE(r2, 0x400454de, &(0x7f0000000600)=0x1)
gettid()
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000040)}, 0x20)
perf_event_open(&(0x7f0000000540)={0x0, 0x271, 0xa21, 0x0, 0x0, 0x5, 0x0, 0x5, 0x8100, 0xf, 0x10001, 0x5, 0x1, 0x20, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x9fcb, 0x2, 0x0, 0x2, 0xe27f, 0x800, 0x0, 0x0, 0xffff, 0x1ff, 0x6, 0xff, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000500), 0x1}, 0x40, 0x401, 0x0, 0x0, 0x800001f, 0x0, 0x981}, 0x0, 0x0, r3, 0x8)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000009c0)={&(0x7f0000000980)='./file0\x00', r0}, 0x10)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000900)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r5 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000640)='tasks\x00', 0x2, 0x0)
mkdirat$cgroup(r3, &(0x7f0000000240)='syz1\x00', 0x1ff)
write$cgroup_type(r3, &(0x7f0000000040)='threaded\x00', 0xfffffffffffffeda)
socketpair(0x10, 0x0, 0x0, &(0x7f0000000400)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0xa22c94a142a72dd9, 0x0)
openat$cgroup_ro(r5, &(0x7f00000008c0)="637075616373742e7573616761df70657263707500", 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1)
socketpair(0x4, 0x800, 0xffff, &(0x7f0000000100))
bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0xe, 0x100000001, 0x6, 0x8, 0x20, r6, 0x3}, 0x2c)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='memory.current\x00', 0x0, 0x0)

11:55:44 executing program 5:
r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x80000001, 0x240800)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='vboxnet0posix_acl_accessuser.@md5sum:-vmnet1)^nodevvmnet0.\x00')
ioctl$NBD_CLEAR_QUE(r0, 0xab05)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000080)=r0)
ppoll(&(0x7f00000000c0)=[{r0, 0x10}], 0x1, &(0x7f0000000100), &(0x7f0000000140)={0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000180)=@int=0x80, 0x4)
ioctl$FIBMAP(r0, 0x1, &(0x7f00000001c0)=0x5)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
pivot_root(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='./file0\x00')
setxattr$trusted_overlay_nlink(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.nlink\x00', &(0x7f0000000300)={'L+', 0x100000000}, 0x28, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000340)={<r1=>0x0}, &(0x7f0000000380)=0x8)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000003c0)={r1}, &(0x7f0000000400)=0x8)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000440)={0x100000000, 0x0, 0x100000000, 0x7})
ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r0, 0xc0305302, &(0x7f0000000480)={0x401, 0x0, 0xffffffffd5dcfd28, 0x0, 0x2, 0x1})
geteuid()
sync_file_range(r0, 0x10001, 0x42, 0x3)
io_setup(0x8, &(0x7f00000004c0)=<r2=>0x0)
io_pgetevents(r2, 0x7f, 0x9, &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000640)={0x0, 0x1c9c380}, &(0x7f00000006c0)={&(0x7f0000000680)={0x51d7}, 0x8})
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000700)={0xb9, 0x1ff, 0x0, 0x90, 0x2}, 0x14)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000780)={0x0, 0x0, 0x2fa, &(0x7f0000000740)=0x9})
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000007c0)={{{@in=@multicast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@ipv4}, 0x0, @in6=@mcast1}}, &(0x7f00000008c0)=0xe8)
ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000900)={0x7, 0x9, 0x1000})
pause()
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000940)={0xc, @time={0x77359400}, 0x3, {0xfffffffffffffff7, 0xfff}, 0x5, 0x2, 0x80})
setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r0, 0x111, 0x5, 0x6, 0x4)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000009c0), &(0x7f0000000a00)=0x4)
ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f0000000a40))
bind$can_raw(r0, &(0x7f0000000e40)={0x1d, r3}, 0x10)
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f0000000e80))
ioctl$KVM_SMI(r0, 0xaeb7)

11:55:44 executing program 1:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0)
close(r0)

11:55:44 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/hwrng\x00', 0x10000, 0x0)
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000400)=0x8)
sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=@newlink={0x40, 0x10, 0x3eb80125379cfe6d, 0x0, 0x0, {}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x7000000}, @IFLA_LINKINFO={0x18, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0x4}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x5}, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000180)={{{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000280)=0xe8)
sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001500000027bd7000fedbdf250ac822ff", @ANYRES32=r2, @ANYBLOB="14000200ff020000020010000000000000000001481322eb4c9c7678d34fd54c6eb4b3af8a750c24ccfdea99c707ac50fe5bd8256418cec9c4a8d44bba4eabfa12892c332d786e36d8e9cbef"], 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x40)
fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:hostname_exec_t:s0\x00', 0x25, 0x0)

11:55:44 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0)
close(r1)

11:55:44 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=ANY=[], &(0x7f0000000080)='syzkalleP\x00', 0x0, 0xf1, &(0x7f0000000180)=""/206}, 0x31)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392dc50ff1fb635a7849d2f591000000004e"}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c)
perf_event_open(&(0x7f0000000680)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18)
socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000300))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r0, 0x50, &(0x7f0000000280)}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10)

[  260.107127] syz-executor0: vmalloc: allocation failure: 22548578304 bytes, mode:0x6084c0(GFP_KERNEL|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null)
[  260.120913] syz-executor0 cpuset=syz0 mems_allowed=0
[  260.126387] CPU: 1 PID: 7572 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63
[  260.133644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  260.143044] Call Trace:
[  260.145713]  dump_stack+0x306/0x460
[  260.149404]  warn_alloc+0x4c1/0x6f0
[  260.153096]  ? kmsan_set_origin_inline+0x6b/0x120
[  260.158076]  __vmalloc_node_range+0x203/0x1140
[  260.162747]  __vmalloc_node_flags_caller+0x12b/0x140
[  260.167894]  ? alloc_netdev_mqs+0x114d/0x1660
[  260.172434]  ? alloc_netdev_mqs+0x114d/0x1660
[  260.176990]  kvmalloc_node+0x3a1/0x3e0
[  260.180932]  alloc_netdev_mqs+0x114d/0x1660
[  260.185315]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  260.190838]  ? prepare_ip6gre_xmit_ipv6+0x8f0/0x8f0
[  260.195912]  rtnl_create_link+0x3e6/0xf50
[  260.200139]  rtnl_newlink+0x250d/0x39a0
[  260.204179]  ? rtnl_newlink+0x1751/0x39a0
[  260.208498]  ? kmsan_set_origin+0x83/0x140
[  260.212828]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[  260.218281]  ? __msan_get_context_state+0x9/0x30
[  260.223105]  ? INIT_BOOL+0x17/0x30
[  260.226751]  ? refcount_sub_and_test_checked+0x5ba/0x6c0
[  260.232324]  ? rtnl_setlink+0x6f0/0x6f0
[  260.236363]  rtnetlink_rcv_msg+0xa53/0x1590
[  260.240788]  ? __msan_poison_alloca+0x17a/0x210
[  260.245528]  ? kmsan_set_origin_inline+0x6b/0x120
[  260.250473]  ? kmsan_set_origin_inline+0x6b/0x120
[  260.255417]  ? kmsan_set_origin+0x83/0x140
[  260.259727]  netlink_rcv_skb+0x394/0x640
[  260.263843]  ? rtnetlink_bind+0x120/0x120
[  260.268059]  rtnetlink_rcv+0x50/0x60
[  260.271823]  netlink_unicast+0x166d/0x1720
[  260.276120]  ? rtnetlink_net_exit+0x90/0x90
[  260.280519]  netlink_sendmsg+0x1391/0x1420
[  260.284869]  ___sys_sendmsg+0xe47/0x1200
[  260.288987]  ? netlink_getsockopt+0x1560/0x1560
[  260.293743]  ? __fget+0x8f7/0x940
[  260.297311]  ? __fdget+0x318/0x430
[  260.300945]  __se_sys_sendmsg+0x307/0x460
[  260.305213]  __x64_sys_sendmsg+0x4a/0x70
[  260.309322]  do_syscall_64+0xbe/0x100
[  260.313187]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  260.318416] RIP: 0033:0x457579
[  260.321692] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  260.340649] RSP: 002b:00007fbec1b1dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  260.348433] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  260.355744] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  260.363066] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  260.370394] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbec1b1e6d4
[  260.377717] R13: 00000000004c38b9 R14: 00000000004d5700 R15: 00000000ffffffff
[  260.387280] warn_alloc_show_mem: 1 callbacks suppressed
[  260.387294] Mem-Info:
[  260.395315] active_anon:71182 inactive_anon:111 isolated_anon:0
[  260.395315]  active_file:7480 inactive_file:35779 isolated_file:0
[  260.395315]  unevictable:0 dirty:58 writeback:0 unstable:0
[  260.395315]  slab_reclaimable:3788 slab_unreclaimable:8280
[  260.395315]  mapped:46744 shmem:119 pagetables:767 bounce:0
[  260.395315]  free:991103 free_pcp:660 free_cma:0
[  260.428927] Node 0 active_anon:284728kB inactive_anon:444kB active_file:29920kB inactive_file:143116kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:186976kB dirty:232kB writeback:0kB shmem:476kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 178176kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[  260.457330] Node 0 DMA free:15904kB min:144kB low:180kB high:216kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  260.483820] lowmem_reserve[]: 0 2803 7229 7229
[  260.488548] Node 0 DMA32 free:2873792kB min:26148kB low:32684kB high:39220kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2875232kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1440kB local_pcp:0kB free_cma:0kB
[  260.516451] lowmem_reserve[]: 0 0 4425 4425
[  260.520922] Node 0 Normal free:1077136kB min:41284kB low:51604kB high:61924kB active_anon:282708kB inactive_anon:444kB active_file:29920kB inactive_file:143116kB unevictable:0kB writepending:232kB present:4718592kB managed:4532152kB mlocked:0kB kernel_stack:11456kB pagetables:3068kB bounce:0kB free_pcp:1152kB local_pcp:436kB free_cma:0kB
[  260.551255] lowmem_reserve[]: 0 0 0 0
[  260.555275] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB
[  260.569027] Node 0 DMA32: 4*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 3*256kB (M) 2*512kB (M) 2*1024kB (M) 3*2048kB (M) 699*4096kB (M) = 2873792kB
[  260.585136] Node 0 Normal: 757*4kB (UME) 561*8kB (M) 421*16kB (UM) 278*32kB (UME) 172*64kB (UM) 42*128kB (UME) 3*256kB (UM) 3*512kB (UME) 3*1024kB (UE) 5*2048kB (UME) 248*4096kB (M) = 1070956kB
11:55:44 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
semop(0x0, &(0x7f0000000080)=[{0x2, 0xffff}, {}], 0x2)
semtimedop(0x0, &(0x7f0000000240)=[{0x0, 0x55b}, {0x2, 0x2}], 0x2, &(0x7f0000000180))
semctl$IPC_RMID(0x0, 0x0, 0x10)

[  260.603115] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  260.612200] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  260.620813] 43377 total pagecache pages
[  260.624906] 0 pages in swap cache
[  260.628422] Swap cache stats: add 0, delete 0, find 0/0
[  260.633926] Free swap  = 0kB
[  260.636977] Total swap = 0kB
[  260.640024] 1965979 pages RAM
[  260.643267] 0 pages HighMem/MovableOnly
[  260.647270] 110157 pages reserved
[  260.650753] 0 pages cma reserved
[  260.763776] device lo entered promiscuous mode
11:55:44 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x0, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x11, &(0x7f0000000040)="8f", 0x1)

11:55:45 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_emit_ethernet(0x17a, &(0x7f0000000980)={@broadcast, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "e3a389", 0x144, 0x0, 0x0, @dev, @ipv4={[], [], @remote}, {[], @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x0, 0x1, 0x880b, 0x9a, 0x0, [], "798a17eb1d4de90dfef819123b682ef6fee851cbcb977ea726a32ed4e4ec30b3d943a33d839c8950cee9a04bce3d4e4d70b72b5088cfd66ab856df81eb6a6a8522c91f07f92c2bde3dd97a0e4936a1d952010d0ff38b4b850eaca1683efdf5e9d0dd3ad65f4035572528d9c2017ae35538427ef187dbf2293e2252f3f8ab0296bcc2d0a6a70d53e085712b935f17fd4703e0188a1da0a9c47cf7"}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [], "94"}, {0x8001, 0x0, 0x3, 0x0, 0x0, 0x0, 0x86dd, [], "e7b77bb45d90ab880d8498df72fc504e035def43868b07f61523943ed01926b2486ac1e10e4a8a5f76d7eaf6eeff5817ab11a30753a1905295b591cff4fb0201d4396f1b6cef31e3098448241c3ff43d497937b47582"}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x6b, 0x0, 0x0, 0xdead, 0x0, 0xffffffff80000001}}}, {0x8, 0x22eb, 0x1, {{0x0, 0x2, 0x0, 0x7fffffff, 0x5, 0x100000001}, 0x2, 0x4, 0x0, 0x6, 0x0, 0x4, 0x1b69, 0x9c}}, {0x8, 0x6558, 0x0, "49e5b7cd5e23904f8c785c14137438"}}}}}}}, &(0x7f0000000100)={0x0, 0x0, [0xbcc, 0x1d]})

11:55:45 executing program 1:
r0 = open(&(0x7f0000000000)='./file0\x00', 0x40c2, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x4008)
write(r0, &(0x7f0000000440)="93", 0x1)
sendfile(r0, r1, 0x0, 0x10000)
ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0))

11:55:45 executing program 4:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000001fc1)='#vmnet1nodevem1\x00', 0x0)
write(r0, &(0x7f0000002000)='/', 0x1)
sendfile(r0, r0, &(0x7f0000000040), 0x7f)
sendfile(r0, r0, &(0x7f0000001000), 0xfec)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0)
mount(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)='romfs\x00', 0x1000, &(0x7f00000001c0))

11:55:45 executing program 2:
perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000001fc1)='#vmnet1nodevem1\x00', 0x0)
write(r0, &(0x7f0000002000)='/', 0x1)
sendfile(r0, r0, &(0x7f0000000040), 0x7f)
sendfile(r0, r0, &(0x7f0000001000), 0xfec)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0)
mount(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)='romfs\x00', 0x1000, &(0x7f00000001c0))

11:55:45 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/hwrng\x00', 0x10000, 0x0)
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000400)=0x8)
sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=@newlink={0x40, 0x10, 0x3eb80125379cfe6d, 0x0, 0x0, {}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x7000000}, @IFLA_LINKINFO={0x18, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0x4}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x5}, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000180)={{{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000280)=0xe8)
sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001500000027bd7000fedbdf250ac822ff", @ANYRES32=r2, @ANYBLOB="14000200ff020000020010000000000000000001481322eb4c9c7678d34fd54c6eb4b3af8a750c24ccfdea99c707ac50fe5bd8256418cec9c4a8d44bba4eabfa12892c332d786e36d8e9cbef"], 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x40)
fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:hostname_exec_t:s0\x00', 0x25, 0x0)

[  261.665154] syz-executor0: vmalloc: allocation failure: 22548578304 bytes, mode:0x6084c0(GFP_KERNEL|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null)
[  261.678885] syz-executor0 cpuset=syz0 mems_allowed=0
[  261.684308] CPU: 0 PID: 7622 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63
[  261.691551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.700944] Call Trace:
[  261.703613]  dump_stack+0x306/0x460
[  261.707321]  warn_alloc+0x4c1/0x6f0
[  261.711015]  ? kmsan_set_origin_inline+0x6b/0x120
[  261.715997]  __vmalloc_node_range+0x203/0x1140
[  261.720686]  __vmalloc_node_flags_caller+0x12b/0x140
[  261.725844]  ? alloc_netdev_mqs+0x114d/0x1660
[  261.730389]  ? alloc_netdev_mqs+0x114d/0x1660
[  261.734967]  kvmalloc_node+0x3a1/0x3e0
[  261.738917]  alloc_netdev_mqs+0x114d/0x1660
[  261.743301]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  261.748831]  ? prepare_ip6gre_xmit_ipv6+0x8f0/0x8f0
[  261.753910]  rtnl_create_link+0x3e6/0xf50
[  261.758144]  rtnl_newlink+0x250d/0x39a0
[  261.762192]  ? rtnl_newlink+0x1751/0x39a0
[  261.766575]  ? kmsan_set_origin+0x83/0x140
[  261.770908]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[  261.776366]  ? __msan_get_context_state+0x9/0x30
[  261.781197]  ? INIT_BOOL+0x17/0x30
[  261.784855]  ? refcount_sub_and_test_checked+0x5ba/0x6c0
[  261.790462]  ? rtnl_setlink+0x6f0/0x6f0
[  261.794529]  rtnetlink_rcv_msg+0xa53/0x1590
[  261.798977]  ? __msan_poison_alloca+0x17a/0x210
[  261.803742]  ? kmsan_set_origin_inline+0x6b/0x120
[  261.808728]  ? kmsan_set_origin_inline+0x6b/0x120
[  261.813680]  ? kmsan_set_origin+0x83/0x140
[  261.818000]  netlink_rcv_skb+0x394/0x640
[  261.822130]  ? rtnetlink_bind+0x120/0x120
[  261.826369]  rtnetlink_rcv+0x50/0x60
[  261.830140]  netlink_unicast+0x166d/0x1720
[  261.834451]  ? rtnetlink_net_exit+0x90/0x90
[  261.838864]  netlink_sendmsg+0x1391/0x1420
[  261.843229]  ___sys_sendmsg+0xe47/0x1200
[  261.847364]  ? netlink_getsockopt+0x1560/0x1560
[  261.852137]  ? __fget+0x8f7/0x940
[  261.855716]  ? __fdget+0x318/0x430
[  261.859360]  __se_sys_sendmsg+0x307/0x460
[  261.863623]  __x64_sys_sendmsg+0x4a/0x70
[  261.867754]  do_syscall_64+0xbe/0x100
[  261.871623]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  261.876874] RIP: 0033:0x457579
[  261.880128] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  261.899075] RSP: 002b:00007fbec1b1dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  261.906024] IPVS: ftp: loaded support on port[0] = 21
[  261.906859] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  261.919342] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  261.926665] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  261.933980] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbec1b1e6d4
[  261.941291] R13: 00000000004c38b9 R14: 00000000004d5700 R15: 00000000ffffffff
[  261.949072] Mem-Info:
[  261.951745] active_anon:68114 inactive_anon:110 isolated_anon:0
[  261.951745]  active_file:7516 inactive_file:35751 isolated_file:0
[  261.951745]  unevictable:0 dirty:66 writeback:0 unstable:0
[  261.951745]  slab_reclaimable:3798 slab_unreclaimable:8504
[  261.951745]  mapped:54915 shmem:119 pagetables:751 bounce:0
[  261.951745]  free:975417 free_pcp:721 free_cma:0
[  261.985368] Node 0 active_anon:272340kB inactive_anon:440kB active_file:30064kB inactive_file:143004kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:219660kB dirty:264kB writeback:0kB shmem:476kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 182272kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[  262.013799] Node 0 DMA free:15904kB min:144kB low:180kB high:216kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  262.040319] lowmem_reserve[]: 0 2803 7229 7229
[  262.045131] Node 0 DMA32 free:2873792kB min:26148kB low:32684kB high:39220kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2875232kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1440kB local_pcp:1440kB free_cma:0kB
[  262.073328] lowmem_reserve[]: 0 0 4425 4425
[  262.077763] Node 0 Normal free:1012164kB min:41284kB low:51604kB high:61924kB active_anon:272264kB inactive_anon:452kB active_file:30064kB inactive_file:143024kB unevictable:0kB writepending:284kB present:4718592kB managed:4532152kB mlocked:0kB kernel_stack:11008kB pagetables:2936kB bounce:0kB free_pcp:1936kB local_pcp:1172kB free_cma:0kB
[  262.108103] lowmem_reserve[]: 0 0 0 0
[  262.112067] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB
[  262.125609] Node 0 DMA32: 4*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 3*256kB (M) 2*512kB (M) 2*1024kB (M) 3*2048kB (M) 699*4096kB (M) = 2873792kB
[  262.141335] Node 0 Normal: 727*4kB (UME) 559*8kB (ME) 419*16kB (ME) 256*32kB (ME) 108*64kB (UME) 16*128kB (UME) 2*256kB (UM) 3*512kB (UME) 2*1024kB (E) 1*2048kB (E) 238*4096kB (M) = 1012228kB
[  262.159312] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  262.168262] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  262.177011] 43391 total pagecache pages
[  262.181030] 0 pages in swap cache
[  262.185875] Swap cache stats: add 0, delete 0, find 0/0
[  262.191249] Free swap  = 0kB
[  262.194379] Total swap = 0kB
[  262.197440] 1965979 pages RAM
[  262.200556] 0 pages HighMem/MovableOnly
[  262.204677] 110157 pages reserved
[  262.208180] 0 pages cma reserved
[  263.288441] ip (7657) used greatest stack depth: 53056 bytes left
[  263.507351] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.513950] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.521406] device bridge_slave_0 entered promiscuous mode
[  263.598215] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.604765] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.612848] device bridge_slave_1 entered promiscuous mode
[  263.688009] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  263.764044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  263.991776] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  264.073677] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  264.222594] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  264.229536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  264.458767] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  264.466331] team0: Port device team_slave_0 added
[  264.544048] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  264.551664] team0: Port device team_slave_1 added
[  264.626836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  264.706677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  264.786017] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  264.793398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  264.802344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  264.879502] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  264.886984] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  264.896207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  265.776106] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.782567] bridge0: port 2(bridge_slave_1) entered forwarding state
[  265.789310] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.795853] bridge0: port 1(bridge_slave_0) entered forwarding state
[  265.804708] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  266.181890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  268.920987] 8021q: adding VLAN 0 to HW filter on device bond0
[  269.210176] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  269.627410] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  269.633688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  269.641377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  269.928378] 8021q: adding VLAN 0 to HW filter on device team0
11:55:56 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x8d4, 0x20}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0xe, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x48, 0x1, 0x2c}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfffffffffffffff3, &(0x7f00001a7f05)=""/251}, 0x14)

11:55:56 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000040)={<r1=>0x0, 0x2, 0x10}, &(0x7f0000000080)=0xc)
socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f0000000200))
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000180)={r1, 0x10001}, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_create(0x0, &(0x7f00000005c0)={0x0, 0x12}, &(0x7f0000000580))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f00000000c0))
getrandom(&(0x7f0000000100)=""/73, 0x49, 0x2)

11:55:56 executing program 1:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4)
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
sendto$inet6(r1, &(0x7f0000000300), 0xfdb8, 0x4092000000000000, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c)

11:55:56 executing program 4:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
msgsnd(0x0, &(0x7f0000000000)={0x2}, 0x2000, 0x0)
msgrcv(0x0, &(0x7f0000000040)={0x0, ""/142}, 0x96, 0x0, 0x1000)
msgctl$IPC_RMID(0x0, 0x0)

11:55:56 executing program 2:
perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000001fc1)='#vmnet1nodevem1\x00', 0x0)
write(r0, &(0x7f0000002000)='/', 0x1)
sendfile(r0, r0, &(0x7f0000000040), 0x7f)
sendfile(r0, r0, &(0x7f0000001000), 0xfec)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0)
mount(&(0x7f0000000080), &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)='romfs\x00', 0x1000, &(0x7f00000001c0))

11:55:56 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/hwrng\x00', 0x10000, 0x0)
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000400)=0x8)
sendmsg$nl_route(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=@newlink={0x40, 0x10, 0x3eb80125379cfe6d, 0x0, 0x0, {}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x7000000}, @IFLA_LINKINFO={0x18, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0x4}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x5}, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000180)={{{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000280)=0xe8)
sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001500000027bd7000fedbdf250ac822ff", @ANYRES32=r2, @ANYBLOB="14000200ff020000020010000000000000000001481322eb4c9c7678d34fd54c6eb4b3af8a750c24ccfdea99c707ac50fe5bd8256418cec9c4a8d44bba4eabfa12892c332d786e36d8e9cbef"], 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x40)
fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:hostname_exec_t:s0\x00', 0x25, 0x0)

[  272.885383] syz-executor0: vmalloc: allocation failure: 22548578304 bytes, mode:0x6084c0(GFP_KERNEL|__GFP_RETRY_MAYFAIL|__GFP_ZERO), nodemask=(null)
[  272.899099] syz-executor0 cpuset=syz0 mems_allowed=0
[  272.904479] CPU: 0 PID: 7896 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63
[  272.911714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  272.921116] Call Trace:
[  272.923837]  dump_stack+0x306/0x460
[  272.927552]  warn_alloc+0x4c1/0x6f0
[  272.931264]  ? kmsan_set_origin_inline+0x6b/0x120
[  272.936760]  __vmalloc_node_range+0x203/0x1140
[  272.941544]  __vmalloc_node_flags_caller+0x12b/0x140
[  272.946717]  ? alloc_netdev_mqs+0x114d/0x1660
[  272.951275]  ? alloc_netdev_mqs+0x114d/0x1660
[  272.955843]  kvmalloc_node+0x3a1/0x3e0
[  272.959803]  alloc_netdev_mqs+0x114d/0x1660
[  272.964197]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  272.969729]  ? prepare_ip6gre_xmit_ipv6+0x8f0/0x8f0
[  272.974819]  rtnl_create_link+0x3e6/0xf50
[  272.979056]  rtnl_newlink+0x250d/0x39a0
[  272.983097]  ? rtnl_newlink+0x1751/0x39a0
[  272.987439]  ? kmsan_set_origin+0x83/0x140
[  272.991777]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[  272.997243]  ? __msan_get_context_state+0x9/0x30
[  273.002085]  ? INIT_BOOL+0x17/0x30
[  273.005747]  ? refcount_sub_and_test_checked+0x5ba/0x6c0
[  273.011342]  ? rtnl_setlink+0x6f0/0x6f0
[  273.015376]  rtnetlink_rcv_msg+0xa53/0x1590
[  273.019837]  ? __msan_poison_alloca+0x17a/0x210
[  273.024599]  ? kmsan_set_origin_inline+0x6b/0x120
[  273.029578]  ? kmsan_set_origin_inline+0x6b/0x120
[  273.034541]  ? kmsan_set_origin+0x83/0x140
[  273.038860]  netlink_rcv_skb+0x394/0x640
[  273.043253]  ? rtnetlink_bind+0x120/0x120
[  273.047486]  rtnetlink_rcv+0x50/0x60
[  273.051261]  netlink_unicast+0x166d/0x1720
[  273.055576]  ? rtnetlink_net_exit+0x90/0x90
[  273.059993]  netlink_sendmsg+0x1391/0x1420
[  273.064378]  ___sys_sendmsg+0xe47/0x1200
[  273.068519]  ? netlink_getsockopt+0x1560/0x1560
[  273.073296]  ? __fget+0x8f7/0x940
[  273.076883]  ? __fdget+0x318/0x430
[  273.080539]  __se_sys_sendmsg+0x307/0x460
[  273.084814]  __x64_sys_sendmsg+0x4a/0x70
[  273.088942]  do_syscall_64+0xbe/0x100
[  273.092817]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  273.098057] RIP: 0033:0x457579
[  273.101304] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  273.120257] RSP: 002b:00007fbec1b1dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  273.128037] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
11:55:57 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000002000)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x48, 0x0, &(0x7f0000000040)="5e28a928b7b064604e0e282c5e59178e911afbbf407f5d60c0018fc63978a8215812c8a9dd1f30dd744e464f514cbb5ddacf40c59a28a69893bd1d1d2ce267e600c0adadbea88e26"})
r2 = mmap$binder(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0xc, 0x0, &(0x7f00000001c0)=[@free_buffer={0x40086303, r2}], 0x0, 0x0, &(0x7f0000000240)})

[  273.135358] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  273.142685] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  273.150007] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbec1b1e6d4
[  273.157329] R13: 00000000004c38b9 R14: 00000000004d5700 R15: 00000000ffffffff
[  273.165723] Mem-Info:
[  273.168287] active_anon:70736 inactive_anon:113 isolated_anon:0
[  273.168287]  active_file:7522 inactive_file:35759 isolated_file:0
[  273.168287]  unevictable:0 dirty:47 writeback:0 unstable:0
[  273.168287]  slab_reclaimable:3821 slab_unreclaimable:9055
[  273.168287]  mapped:54951 shmem:119 pagetables:834 bounce:0
[  273.168287]  free:958520 free_pcp:756 free_cma:0
[  273.201875] Node 0 active_anon:282944kB inactive_anon:452kB active_file:30088kB inactive_file:143036kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:219804kB dirty:188kB writeback:0kB shmem:476kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 196608kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[  273.230214] Node 0 DMA free:15904kB min:144kB low:180kB high:216kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  273.256603] lowmem_reserve[]: 0 2803 7229 7229
11:55:57 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$kcm(0x10, 0x800000000002, 0x0)
sendmsg$kcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000780)="c10e000076fef316616826e49d06790eb2cfdb1bb40415bf3227a6a0bfe4e28c0deff19456cc6a4b722429d802279c6ecdc623fc27af817ba3e801764a52fa62a42ba196c28186a3490d4e01a5e9938e49d794f7b1c970578dc30ca8544e56dd4eba5462838cd58bc00e9b4ceb0e1ad958f94f87e2d8d36283820e96aec97177f12381a6f1d1ef7b7fa58807e8588fabdbf384078b5dee83759952fc2b034111847cd39ec98e713911e8aadfa888242bc2b2cd66b8d7089418d848ce3762c4dc60328232ba5f16c6dcf3addab2a64a59b8c6361815f607dbffac49e8846912900a03f41e827bfb8de6a5d35cee6a536c7131134fa0b8083dffbe03103f9e40d0920d117caffe7140af879ede1ac4c6a96a176067bbfd9e70518c49efda3d2eb40e6b19f2ba09abeda6036fb83099e09668c9dec8bf48d880105ed076b5fb52ea27b366b385cb37028b12b63d9c56086da66650f4de6341ae0251fac5269adbfd8be4015b1120e22bd5ecca51656f3253ac163364848ad6cd72212027e9d49d95a8941cadc7d94ff44cc06e0d94292f52db38d263410803e6305eae0adf6c57d7312bd37171f3ea256d4712ac2b68ee75ca4a5c3974a27cef895984e9e65ca77a947e3fd7a4672eccd9b6b3c2eb4d3eeb9847bd7ae3265221fb62a361c4227665bb41cb88ab335d6294db4a98e6787605547eac2eff9040795022421fe798320224e3ae6c0e883b1b08c33525ca71f06f55eef59f04a2fdc7cdbf3d0edc33e743826bdfd40c73b3c2c33145f53c695237c4241b449bb87807cbf1936b7f9ce87602367b0f66454ce6cb0aaeb39ffb21cb6cd18de6d4f3d51a483051710329deb1d0f179c7f3d27aa217293698cba0a98dcd6700b56027e015537c8d893548fb3f429eab8a30eed649f19bf9224f86426a5ccb91445c4855f2dd4e37b8608f8cd47e7cce95e4c7ac4df47e5f54f372fba1afc522853be24b78e87aef67fb82463c2f1eace0c5492e3dfe24a570f701360074e40622af78cab14ee74d618c5cc5300e1aeeae4bd3a2d1c683698cba53ce51583f4856e69ab6d2fbe6d7769b288afa81271c76bc70c95262fb01eba70bc3f5b5f14a6644171c54f451916d888f4d50a1d721affe1a68d9bb7b9aefb5278da00ab983f4cb144fb36e0d19c95e4ffa5c3bb9439dc097455eac9e4d82d5d3085aa716851bc76e834ca4cf1aed52e0cbb3d97e4d3ce4453484a1e60e6b35c9d348c8305834c59143cb2f601810d6f955b7f9e65ababe0c158618c334bd2216de630921666ad3096fe6a8c112af1da270691dc27f160f944be005948cd30e69fc323ace71adf82676af9fef4386efcf708786b02134a51e0d2065b3cb55d62dd5f3536383316b9b17a05e1e4c8e449596df949091cdfbfe6d1772bcf5e28bbcafa068e17d2fb64fb9d22f758d48f9112bff7d2cb1ba4ad0c024190e9303df899d5545de619018395f52abe7e4e8474f865773f5c9efce72e4f50ba7147dbbc67be5975e5205d6503c643c5fdd5e122c8c48e1d6422f272876e48eb9a50042d4544edbe7e8422d00109681efbd351a08d62d3e558294a3038a8c0fdaf5e55f424f20a2ce1d52dfe20d0244def5eb9f1c0d56b3a80465a8795307fd7455547928311adc142bf5723713e077ac2eb4590b8ce1998431ccb01ff03bf05675b2ab3f6ddd3baba9540ae4ae931056058ffdec1acd23b396647f73c98ed8d5870f27985c3dee8666825c8533609cf23c019ed16d1891ffeeb42041e5093c58409b1486fff2ab25d5ee1650f14b65a974557117902d1d367662f7629cae508fca81bbf4b3dac5a0b2ec9c9549a99f08758e8525c6cd74f1bf26da47775d775157dce97e4ffa3c7a177868992333dd5809a1da80f68900850c9dd8782202e7a5ec97b2e07ee587292d28c9defa71cb662f4028cdcfd676f75da5b3f753739183da6541ddfd8b1f88bcc6acbf587edda1477d74ac92f0f8c47e1b6d48bcc97ddfceab122cbc1710379ccf79f72cc214173eb4a373856cd320b2eb8cb896c07ec52e0387626534f81fa0f83b336c940b0b43c79276f3465b89e78d993e6950791fc23a58d135e3fd7ce75cf5c33ff8eef0e65e097c5056244940258f710b4c23d0b05f187c357739f76ac1bd8f278dcb4e085e3d85f01db52b3ce5826131f6dff27d83be6e4acafc8ee46f886e113c9d9416b9502b7b398be6d5570ba9b6ae5c6a5e4cbb5b181a30f7232ac2f2e8d67bc4e09b72805ee38bce471277d6b095f0d33b955d89215e6b7db5c2ed924b527875eee5a8dde0fb1239e477f98903137f5e690ecac62214b4d78876de124aff5a766c22b5c8357180e8788b3990b56326f11e0244ef922a4e4ac9546ca9acf8285a3de0d79f749dee5266c4f7f0dcba7bb9178188f7c26053bb62e0ec9d4f18b03cfa490c5e8fa3897ab443fcc5c07b6f00f0a309e197951479dbc670a740ae2e6f0a61576528e88b02e28fd549ca3c6d444460863a972c6b503fb25ca25183f952840a6aa45ecefb6ac41ae1adca18e34001b39dab632bc85e7f47ca31f5424de4817a6fd93b6e7d92f364e352fce91125a33d51ad696abff16831dd3f0a52a0986cfc1d2973aa191fab436ba7fb242ebc5ff4217272090961bc5d636921163f6428acadedb63f95e2e0ac2589409be242f6aada5bb8a59cc426800d4233a21cf5ecee349193960673fd62bd5670c250b25356a104c371eb9861e1245cc393bc3093f8833b7992af5be8a2cc8eac939d14f2efc15584fcc71b7b30a3f261a720abfa404e58cd3858b06015d74011e19c8ba23c2609eaae2c4541600354449d1cb67e654f9cd290599394480f2c70be8dfd1a1d8e137d382028d25c87010bde53abf8e7d30ca66a4d1d3bcc6bf363d04828560c6cd0d856ee9c63004e4d42d5232707932990f2bfb4b0ec198533826e610f1eda4ca4bd39eb65eee827224aead9f783acbaa1038db4ff16f7a3e98b2e2351f7847953a0ada283e069d39334c673371b9d7a128f273446463fbf945f0108bce8e71bf7b7b2ce7951691a37c6dd30f8fb47d55695438b711c312ac3f08f0d7a41a84a4dacc48d299dc054a52cec86304dc5d6ffe84f4033abd8b7d4f2b366f7c5f082a59ae510651dd53417e124088cfa9bcda1519735ab9374baa606e1068abac506706c820fe0263f28213f6c5708ae57045c7a6b97a5d07af0b9b86a8f3bb9c255e2c621da23e701f2bb249819cbddf1bc02b16b8a86ecca4c64bc87986b2c81de966df926b0fe286aba0b130d4371626afc7462d1a2e060c50ec8b1d614ca1175c126073890775cc0c6e2b1de6c707540748d483bcdf5c432f15fb72f1e570ae651ce6fddf3b2739af56c8580a85b6229d7219c18679ec2169dab180774eab949dd3d5886b38d1071b4d6ade68a3758c156663545c1de35bb1620d702d3354df53fc05435f4a3f970351691287a775fd1bef7c5e3396d096850c95ba8e6256f374909f1b0fc910e42d9ea31188fa473dd38e52fc7f012435f74b3c367ff36d4f78546ed5b5b2ca1b6ed4922d7f278ee579a0772f50d43e49598e3901eab5e4f5bc8ce6603f886f5d7b44c749a22343dfecf74767cc3c5b4909e4fc2ad0bbb9e4640ff798705b790bcae0bdd3293ac7bd9accec6aa87c5d5687b9ba79faf7f976b55aaa0a81202e4b409ace568547a1aad4751809acdd9868830846faef889fe89beacad700d297cc63dd0b36327052b178dbb1b8c19bf1d66fec5b5add6b4c832022d10387c67ec0f5973cf3f0e0714493b9df20972cc1244f32338bc046583fd7e90519b34a905570501facf8680efeff9cc75534bec46e3fc6339e31ffff0b2716b9949c4a2409c9d163d92c3849f81c7713d38f73c50a2a1dbf3ed0077bf6a95ebb3a9195a2d7a2552e4bb63470c2a8cc9d25e788c5764a77d579d199bc23c035e959c93cd9889c1846ac16c71354f44170e99aed13ec9c968b36b6013b6e398b485db9a98f9cc71c2574ea7a6884098d834251a7a7137c2901267ec59b3ec452edda6d1c6eef7a8e7f3b04d0784f4e6c04146798df39d6d743c212217d0fc74682ca381cecb41adc99e3b8ce945013b2937345dd775e082c4681f90a8e4c18486e2cb8a4229d87212d2f81e381fc4a664feb218dc2dfbd80b49e309207dd57042d58380ce8cd927a401a42d7aa5f88ac7cb1e90f8dcf7b6bd301926906641bd68aa6806bf873b5081e4e23e8228c7d40d8400e886b9de48b51eb17c7dcd7dbf20f7f0c507ad05794ec17e25593816d1cb3074874e15449afd55b7f1b03c4bebe0fec70272fd8c7b39a5d114786c8033c942ce099c36e8531d2d50e6dca97e5836c80a2abc1318b4fb80420fd3f0eec8c77c76edddf86e80342a57857c9d0e8685349051bc315f80e56704e0dbb04df3b823eaeab55c87db38069e0e9d634cc24dc33acd6e64a8e9e10f5e5560159f71eae4ef68355f6a907077a9f62a308600b4b13debed9423ec60f7fccb0b82908f4a30699160aaa5731ab18278b6a4746f470c11b5fc9136a7be749e5d23cdc427f0dca35c0657bd5e9752fa2d2b0464a53837d8480dbe1ac76a20581e52a7f3fcd9f5c42823268501052fbb9607b42af5e4460068d496125117f52cb991c7091bb22969bdd84ca029b10bc6e4a956b7a62266641e8da51a4595ccdb37e19f361860344ab44855f9f0b51cc5d0042adeeccd1207704939d3ff90aff1d4865e71ef956ebf467a5fb5f3a8e981b9cf3e85d97c7195d01b571ec064f08d9e91a629d759e4ac1da821d8dcd78280a0a317b3ac8955b7b8823f1e0b45f9721043eca764d0e6720b0c382e109d4d70720b44ad54f6c67e886202d02de8bf1f4f7f6bc85f35d9ccb85d2456b3fec7e3557ff7c8bf6df102307f57538c67caff89fcaa8b35b18e869ea89afeabe3df97b52e20412d53945e7228480587fcd2dee3732d3f8ddd6c95b0bdee41de3089b10003132c7adfa4800652fb9898d3fe4df4b6cb5b8ff3965fdd95cf6e1e9bfbff4d3666374bf035aa384ab173452a5538418aa1e17e7141f65dfa845cd876aef26b9e225d9ec2c93a0a3b83a57ad5975a47f9ccffec71cefb8d292782891d422c6ea2041d91e78633c7f480d903b4270edbf2e50f510af0f9e3e55ff21b161be13edbdc9209d620e61e1a359c1181a997f90c234b7cee575e54ee6b923b3995e04eb9c245dd2cdb102f1e24ed2991df5c4362f90d75d06db35c80d08205573f449bec8ef24e93c52b88e9bca53b1b03a8be05cceb80e357dbb78c06328b9306d89ced496dd9f8eb5bf4035184e0ba4234f7cbcd912c1242fc", 0xec1}], 0x1, &(0x7f0000003c40)}, 0x0)

[  273.261333] Node 0 DMA32 free:2873792kB min:26148kB low:32684kB high:39220kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2875232kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:1440kB local_pcp:1440kB free_cma:0kB
[  273.289461] lowmem_reserve[]: 0 0 4425 4425
[  273.294032] Node 0 Normal free:938556kB min:41284kB low:51604kB high:61924kB active_anon:285020kB inactive_anon:452kB active_file:30088kB inactive_file:143036kB unevictable:0kB writepending:188kB present:4718592kB managed:4532152kB mlocked:0kB kernel_stack:11712kB pagetables:3336kB bounce:0kB free_pcp:1444kB local_pcp:572kB free_cma:0kB
[  273.324279] lowmem_reserve[]: 0 0 0 0
[  273.328205] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB
[  273.341975] Node 0 DMA32: 4*4kB (M) 2*8kB (M) 2*16kB (M) 4*32kB (M) 2*64kB (M) 3*128kB (M) 3*256kB (M) 2*512kB (M) 2*1024kB (M) 3*2048kB (M) 699*4096kB (M) = 2873792kB
[  273.357733] Node 0 Normal: 916*4kB (UM) 772*8kB (UME) 588*16kB (ME) 474*32kB (UME) 270*64kB (UM) 80*128kB (UM) 12*256kB (UM) 4*512kB (UME) 3*1024kB (UE) 3*2048kB (UME) 209*4096kB (M) = 932336kB
[  273.375805] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  273.384800] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  273.388878] binder: 7908:7909 ERROR: BC_REGISTER_LOOPER called without request
[  273.393561] 43400 total pagecache pages
[  273.393580] 0 pages in swap cache
[  273.393604] Swap cache stats: add 0, delete 0, find 0/0
[  273.393618] Free swap  = 0kB
[  273.393641] Total swap = 0kB
[  273.393658] 1965979 pages RAM
[  273.393672] 0 pages HighMem/MovableOnly
[  273.393708] 110157 pages reserved
[  273.401179] binder: 7909 RLIMIT_NICE not set
[  273.405145] 0 pages cma reserved
[  273.438988] binder: 7909 RLIMIT_NICE not set
[  273.544242] binder_alloc: binder_alloc_mmap_handler: 7908 20001000-20004000 already mapped failed -16
11:55:57 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="18000000030000dc00000000000000819500000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48)
r3 = socket$kcm(0x29, 0x1000000000002, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f000031aff8)={r1, r2})
ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000040)={r1})

[  273.595616] binder: BINDER_SET_CONTEXT_MGR already set
[  273.601158] binder: 7908:7909 ioctl 40046207 0 returned -16
[  273.604100] binder_alloc: 7908: binder_alloc_buf, no vma
[  273.612745] binder: 7908:7915 transaction failed 29189/-3, size 0-0 line 2970
11:55:57 executing program 4:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{}, 'syz0\x00'})
ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{0x9}, 'syz0\x00'})
syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0)
ioctl$UI_DEV_DESTROY(r0, 0x5502)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000180)=ANY=[], &(0x7f00000001c0))
getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000200)={0xce3b, 0x0, 0x0, 0x1}, &(0x7f0000000240)=0x10)
poll(&(0x7f0000000080)=[{}], 0x1, 0xfffffffffffff001)

11:55:57 executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={<r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8943, &(0x7f0000000080)="766574000000000000000000bd6800")

11:55:57 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000000)={'TPROXY\x00'}, &(0x7f0000000080)=0x1e)

[  273.723728] binder: 7908:7915 ERROR: BC_REGISTER_LOOPER called without request
[  273.731297] binder: 7915 RLIMIT_NICE not set
[  273.812165] binder: release 7908:7909 transaction 2 out, still active
[  273.818926] binder: undelivered TRANSACTION_COMPLETE
[  273.873276] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  273.878897] binder: release 7908:7909 transaction 2 in, still active
[  273.897918] binder: send failed reply for transaction 2, target dead
[  273.918660] input: syz0 as /devices/virtual/input/input5
11:55:58 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000180)={0x2, 0x6d, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmsg(r0, &(0x7f0000000140)={&(0x7f00000000c0)=@can, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000700)=""/4096, 0x1000}, 0x0)
sendmsg(r1, &(0x7f0000000340)={&(0x7f00000001c0)=@un=@abs, 0x80, &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000001000000010000000300000004000000"], 0x18}, 0x0)

11:55:58 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000002000)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x48, 0x0, &(0x7f0000000040)="5e28a928b7b064604e0e282c5e59178e911afbbf407f5d60c0018fc63978a8215812c8a9dd1f30dd744e464f514cbb5ddacf40c59a28a69893bd1d1d2ce267e600c0adadbea88e26"})
r2 = mmap$binder(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0xc, 0x0, &(0x7f00000001c0)=[@free_buffer={0x40086303, r2}], 0x0, 0x0, &(0x7f0000000240)})

11:55:58 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000300)=""/11, 0xb)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200))
r1 = fcntl$dupfd(r0, 0x0, r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151)
connect$inet6(r2, &(0x7f0000000080), 0x1c)
r3 = dup2(r2, r2)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, 0xfffffffffffffffe, 0x0)
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f00000003c0)={0x0, &(0x7f0000000380)})

[  274.228951] binder: undelivered TRANSACTION_ERROR: 29189
11:55:58 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='coredump_filter\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000100)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fe, 0x700)

11:55:58 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x800000000000b)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'nat\x00', 0x19, 0x2, 0x340, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000a68], 0x0, &(0x7f0000000000), &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x3, 0x0, 0x0, 'team_slave_1\x00', 'vlan0\x00', 'veth1_to_team\x00', 'dummy0\x00', @local, [], @empty, [], 0x1d8, 0x1d8, 0x208, [@statistic={'statistic\x00', 0x18}, @comment={'comment\x00', 0x100}]}}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0x11, 0xfffffffffffffffc, 0x0, "030073663000001000", 'dummy0\x00', 'ifb0\x00', 'lo\x00', @broadcast, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev}}}}]}]}, 0x3b8)

11:55:58 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000346fc8)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9c84a2c00d2970403dc0d")
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socket$kcm(0x2, 0x3, 0x2)
recvmsg(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000200)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000000280)=""/251, 0xfb}, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x8955, &(0x7f0000000040)=0x2)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000680), 0x4)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000))

[  274.581174] binder: 7949:7951 ERROR: BC_REGISTER_LOOPER called without request
[  274.588879] binder: 7951 RLIMIT_NICE not set
[  274.593592] binder: 7951 RLIMIT_NICE not set
[  274.715860] binder: release 7949:7951 transaction 5 in, still active
[  274.722779] binder: send failed reply for transaction 5 to 7949:7951
11:55:59 executing program 0:
socket$nl_xfrm(0xa, 0x3, 0x87)
syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB='P\x00\x00'], &(0x7f00000002c0))

[  274.922346] kernel msg: ebtables bug: please report to author: Unknown flag for inv bitmask
11:55:59 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1c}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000100)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x75, 0x0, 0x1b0001}, [@ldst={0x7, 0x1, 0x0, 0x0, 0x7a}]}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0x450, &(0x7f000000cf3d)=""/195}, 0x48)

11:55:59 executing program 4:
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000042c0)='/dev/sequencer2\x00', 0x4082, 0x0)

11:55:59 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000002000)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x48, 0x0, &(0x7f0000000040)="5e28a928b7b064604e0e282c5e59178e911afbbf407f5d60c0018fc63978a8215812c8a9dd1f30dd744e464f514cbb5ddacf40c59a28a69893bd1d1d2ce267e600c0adadbea88e26"})
r2 = mmap$binder(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0xc, 0x0, &(0x7f00000001c0)=[@free_buffer={0x40086303, r2}], 0x0, 0x0, &(0x7f0000000240)})

[  275.032081] binder: undelivered TRANSACTION_COMPLETE
[  275.037381] binder: undelivered TRANSACTION_ERROR: 29189
[  275.045503] kernel msg: ebtables bug: please report to author: Unknown flag for inv bitmask
[  275.310008] binder: 7977:7983 ERROR: BC_REGISTER_LOOPER called without request
[  275.317644] binder: 7983 RLIMIT_NICE not set
[  275.322256] binder: 7983 RLIMIT_NICE not set
11:55:59 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000080)='net/netstat\x00')

[  275.402499] binder: release 7977:7983 transaction 7 in, still active
[  275.409183] binder: send failed reply for transaction 7 to 7977:7983
11:55:59 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$kcm(0xa, 0x2, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x14)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890c, &(0x7f0000000000))

11:55:59 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1c}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000100)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x75, 0x0, 0x1b0001}, [@ldst={0x7, 0x1, 0x0, 0x0, 0x7a}]}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0x450, &(0x7f000000cf3d)=""/195}, 0x48)

11:55:59 executing program 4:
r0 = socket$inet(0x2, 0x3, 0x800000000000b)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'nat\x00', 0x19, 0x2, 0x138, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000a68], 0x0, &(0x7f0000000000), &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, "030073663000001000", 'dummy0\x00', 'ifb0\x00', 'lo\x00', @broadcast, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev}}}}]}]}, 0x1b0)

[  275.702548] binder: undelivered TRANSACTION_COMPLETE
[  275.707999] binder: undelivered TRANSACTION_ERROR: 29189
[  275.792523] kernel msg: ebtables bug: please report to author: Valid hook without chain
[  275.876237] kernel msg: ebtables bug: please report to author: Valid hook without chain
11:56:01 executing program 5:
r0 = socket$inet6(0xa, 0x80003, 0x800000000000006)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000001c0), 0xc, &(0x7f0000000000)={&(0x7f0000000080)=@ipv6_newroute={0x1c, 0x18, 0xa21}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000080)}], 0x492492492492861, 0x0)

11:56:01 executing program 2:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000002000)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x48, 0x0, &(0x7f0000000040)="5e28a928b7b064604e0e282c5e59178e911afbbf407f5d60c0018fc63978a8215812c8a9dd1f30dd744e464f514cbb5ddacf40c59a28a69893bd1d1d2ce267e600c0adadbea88e26"})
r2 = mmap$binder(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0xc, 0x0, &(0x7f00000001c0)=[@free_buffer={0x40086303, r2}], 0x0, 0x0, &(0x7f0000000240)})

11:56:01 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_SREGS(r2, 0x8138ae83, &(0x7f00000003c0))

11:56:01 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1c}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000100)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x75, 0x0, 0x1b0001}, [@ldst={0x7, 0x1, 0x0, 0x0, 0x7a}]}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0x450, &(0x7f000000cf3d)=""/195}, 0x48)

11:56:01 executing program 0:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz1\x00'})
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x8)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x0)

11:56:01 executing program 4:
r0 = socket$inet(0x2, 0x3, 0x800000000000b)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@nat={'nat\x00', 0x19, 0x2, 0x138, [0x20000800, 0x0, 0x0, 0x20000830, 0x20000a68], 0x0, &(0x7f0000000000), &(0x7f0000000800)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0x11, 0x0, 0x0, "030073663000001000", 'dummy0\x00', 'ifb0\x00', 'lo\x00', @broadcast, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev}}}}]}]}, 0x1b0)

[  277.375480] input: syz1 as /devices/virtual/input/input8
[  277.394995] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  277.508554] binder: 8016:8023 ERROR: BC_REGISTER_LOOPER called without request
[  277.516333] binder: 8023 RLIMIT_NICE not set
[  277.520810] binder: 8023 RLIMIT_NICE not set
[  277.526886] ==================================================================
[  277.534291] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590
[  277.540802] CPU: 1 PID: 8012 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63
[  277.547996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  277.557355] Call Trace:
[  277.559944]  <IRQ>
[  277.562122]  dump_stack+0x306/0x460
[  277.565779]  ? loaded_vmcs_init+0x343/0x590
[  277.570143]  kmsan_report+0x1a3/0x2d0
[  277.573973]  __msan_warning+0x7c/0xe0
[  277.577802]  loaded_vmcs_init+0x343/0x590
[  277.581985]  __loaded_vmcs_clear+0x2fb/0x3c0
[  277.586426]  flush_smp_call_function_queue+0x404/0x770
[  277.591725]  ? vmx_get_msr_feature+0x180/0x180
[  277.596344]  generic_smp_call_function_single_interrupt+0x1f/0x30
[  277.602594]  smp_call_function_single_interrupt+0x2f7/0x530
[  277.608329]  call_function_single_interrupt+0xf/0x20
[  277.613437]  </IRQ>
[  277.615698] RIP: 0010:__msan_memset+0xa1/0xf0
[  277.620204] Code: 4c 89 fa e8 f1 c1 ff ff 31 d2 4c 89 e7 44 89 fe e8 54 c9 ff ff ff 8b 7c 09 00 00 75 3e e8 57 d1 36 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 32 4c 89 f0 48 83 c4 18
[  277.639139] RSP: 0018:ffff8801875ff8a8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff04
[  277.646875] RAX: ffff88014a6d74c0 RBX: ffff880143d33c00 RCX: 0000000000000051
[  277.654159] RDX: 0000000000000050 RSI: 00000000000004fe RDI: 00000000000004ff
[  277.661440] RBP: ffff8801875ff8e8 R08: 0000000000000000 R09: ffff88021fd38f50
[  277.668719] R10: 0000000000000000 R11: 0000000000000130 R12: ffffe8ffffc3f4c0
[  277.675999] R13: 0000000000000202 R14: ffffe8ffffc3f4c0 R15: 0000000000000140
[  277.683419]  pcpu_alloc+0x1e6a/0x26a0
[  277.687281]  __alloc_percpu+0x7a/0x90
[  277.691115]  init_srcu_struct_fields+0x40d/0x1a30
[  277.695994]  ? vmalloc_to_page_or_null+0x3b/0xa0
[  277.700787]  init_srcu_struct+0x69/0x80
[  277.704796]  kvm_page_track_init+0x45/0x80
[  277.709053]  kvm_arch_init_vm+0x625/0x9e0
[  277.713234]  kvm_dev_ioctl+0x7e3/0x3220
[  277.717241]  ? __msan_poison_alloca+0x17a/0x210
[  277.721937]  ? do_vfs_ioctl+0x18a/0x2810
[  277.726012]  ? __se_sys_ioctl+0x1da/0x270
[  277.730175]  ? kvm_reboot+0xb0/0xb0
[  277.733821]  ? kvm_reboot+0xb0/0xb0
[  277.737474]  do_vfs_ioctl+0xcf3/0x2810
[  277.741411]  ? security_file_ioctl+0x92/0x200
[  277.745952]  __se_sys_ioctl+0x1da/0x270
[  277.749959]  __x64_sys_ioctl+0x4a/0x70
[  277.753869]  do_syscall_64+0xbe/0x100
[  277.757693]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  277.762897] RIP: 0033:0x457579
[  277.766107] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  277.785375] RSP: 002b:00007f8998f50c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  277.793119] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  277.800418] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000005
[  277.807718] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  277.815005] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8998f516d4
[  277.822286] R13: 00000000004bfc2e R14: 00000000004cfcb8 R15: 00000000ffffffff
[  277.829589] 
[  277.831227] Local variable description: ----error.i@loaded_vmcs_init
[  277.837722] Variable was created at:
[  277.841457]  loaded_vmcs_init+0x8a/0x590
[  277.845539]  __loaded_vmcs_clear+0x2fb/0x3c0
[  277.849949] ==================================================================
[  277.857311] Disabling lock debugging due to kernel taint
[  277.862768] Kernel panic - not syncing: panic_on_warn set ...
[  277.862768] 
[  277.870165] CPU: 1 PID: 8012 Comm: syz-executor3 Tainted: G    B             4.19.0-rc4+ #63
[  277.878749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  277.888113] Call Trace:
[  277.890722]  <IRQ>
[  277.892897]  dump_stack+0x306/0x460
[  277.896562]  panic+0x54c/0xafa
[  277.899815]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  277.905292]  kmsan_report+0x2cd/0x2d0
[  277.909123]  __msan_warning+0x7c/0xe0
[  277.912958]  loaded_vmcs_init+0x343/0x590
[  277.917146]  __loaded_vmcs_clear+0x2fb/0x3c0
[  277.921590]  flush_smp_call_function_queue+0x404/0x770
[  277.926895]  ? vmx_get_msr_feature+0x180/0x180
[  277.931513]  generic_smp_call_function_single_interrupt+0x1f/0x30
[  277.937774]  smp_call_function_single_interrupt+0x2f7/0x530
[  277.943511]  call_function_single_interrupt+0xf/0x20
[  277.948624]  </IRQ>
[  277.950882] RIP: 0010:__msan_memset+0xa1/0xf0
[  277.955391] Code: 4c 89 fa e8 f1 c1 ff ff 31 d2 4c 89 e7 44 89 fe e8 54 c9 ff ff ff 8b 7c 09 00 00 75 3e e8 57 d1 36 ff 4c 89 6d c0 ff 75 c0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 d0 75 32 4c 89 f0 48 83 c4 18
[  277.974304] RSP: 0018:ffff8801875ff8a8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff04
[  277.982034] RAX: ffff88014a6d74c0 RBX: ffff880143d33c00 RCX: 0000000000000051
[  277.989316] RDX: 0000000000000050 RSI: 00000000000004fe RDI: 00000000000004ff
[  277.996596] RBP: ffff8801875ff8e8 R08: 0000000000000000 R09: ffff88021fd38f50
[  278.003883] R10: 0000000000000000 R11: 0000000000000130 R12: ffffe8ffffc3f4c0
[  278.011167] R13: 0000000000000202 R14: ffffe8ffffc3f4c0 R15: 0000000000000140
[  278.018499]  pcpu_alloc+0x1e6a/0x26a0
[  278.022362]  __alloc_percpu+0x7a/0x90
[  278.026193]  init_srcu_struct_fields+0x40d/0x1a30
[  278.031062]  ? vmalloc_to_page_or_null+0x3b/0xa0
[  278.035857]  init_srcu_struct+0x69/0x80
[  278.039856]  kvm_page_track_init+0x45/0x80
[  278.044120]  kvm_arch_init_vm+0x625/0x9e0
[  278.048309]  kvm_dev_ioctl+0x7e3/0x3220
[  278.052316]  ? __msan_poison_alloca+0x17a/0x210
[  278.057018]  ? do_vfs_ioctl+0x18a/0x2810
[  278.061092]  ? __se_sys_ioctl+0x1da/0x270
[  278.065261]  ? kvm_reboot+0xb0/0xb0
[  278.068907]  ? kvm_reboot+0xb0/0xb0
[  278.072553]  do_vfs_ioctl+0xcf3/0x2810
[  278.076477]  ? security_file_ioctl+0x92/0x200
[  278.081019]  __se_sys_ioctl+0x1da/0x270
[  278.085029]  __x64_sys_ioctl+0x4a/0x70
[  278.088935]  do_syscall_64+0xbe/0x100
[  278.092761]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  278.097963] RIP: 0033:0x457579
[  278.101172] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  278.120085] RSP: 002b:00007f8998f50c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  278.127822] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  278.135135] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000005
[  278.142417] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  278.149696] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8998f516d4
[  278.156980] R13: 00000000004bfc2e R14: 00000000004cfcb8 R15: 00000000ffffffff
[  278.165281] Kernel Offset: disabled
[  278.168921] Rebooting in 86400 seconds..