[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 41.755291] random: sshd: uninitialized urandom read (32 bytes read)
[ 42.115337] kauditd_printk_skb: 10 callbacks suppressed
[ 42.115345] audit: type=1400 audit(1568886415.266:35): avc: denied { map } for pid=6871 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 42.162223] random: sshd: uninitialized urandom read (32 bytes read)
[ 42.764987] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts.
[ 48.436644] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/19 09:47:01 fuzzer started
[ 48.631333] audit: type=1400 audit(1568886421.786:36): avc: denied { map } for pid=6880 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 49.337739] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/19 09:47:03 dialing manager at 10.128.0.105:36039
2019/09/19 09:47:03 syscalls: 2471
2019/09/19 09:47:03 code coverage: enabled
2019/09/19 09:47:03 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/09/19 09:47:03 extra coverage: extra coverage is not supported by the kernel
2019/09/19 09:47:03 setuid sandbox: enabled
2019/09/19 09:47:03 namespace sandbox: enabled
2019/09/19 09:47:03 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/19 09:47:03 fault injection: enabled
2019/09/19 09:47:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/19 09:47:03 net packet injection: enabled
2019/09/19 09:47:03 net device setup: enabled
[ 51.197455] random: crng init done
09:48:19 executing program 0:
mount(0x0, 0x0, 0x0, 0x100, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)
tkill(0x0, 0x9)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x6, 0x209e1e, 0x3, 0x1}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={r0, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f0000000240), &(0x7f0000000040)=""/89}, 0x18)
09:48:19 executing program 5:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfffffffffffffff7, 0x84, 0x0, 0x0, 0x0, 0x7, 0x100, 0x0, 0xfe, 0x0, 0xb24c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1807, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x100000001, 0x1, 0x401, 0x0, 0x3, 0x0, 0x3, 0x4, 0x0, 0x7, 0x0, @perf_bp, 0x8000, 0x2, 0x3}, 0x0, 0x3, r0, 0x3)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT')
preadv(r1, &(0x7f00000017c0), 0x1b4, 0x500000000000000)
09:48:19 executing program 1:
r0 = socket$inet6(0x10, 0x80003, 0x0)
sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5500000018007fafb72d1cb2a4a280930206430200a843090626274d004016001500154004004c00007aa3c728f1c46b7b31afdc1338d54400009b84136ef75afb6cde448daa7227c43ab8620000bf0cec6bab91d4", 0x55}], 0x1}, 0x0)
09:48:19 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
09:48:19 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/99, 0x23}, {&(0x7f00000000c0)=""/223, 0xdf}], 0x2)
09:48:19 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x201000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f0000000400)="fc0000004a000700ab092500090007000aab805c010000000000369321000100000000000000000000ff000000000000008656a64ab113cd70ebae071b0171038c6453aaa79bb94b46fe00000007ec020800008c0100036c6c256f1a272f2e117c22ebc205214000000080008934d07302ade01720d7d5bbc91a3e2e80772c74fb2cc56ce1f0f156272f5b00000005defd5a32e2082038f4f8b29d3ef3d92c8334b3863032000048b6e4170e5bbab2ccd2436d6b9408e0ad91bd0734babc7c3f2eeb57d43d3f0000000000106b4f9ed3142627c4623b880f411f46a6b567b4d5715587e650a1d9565187dc48deac270e33429fd30001040000b8d38a", 0xfc)
getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, 0x0, 0x0)
[ 126.162787] audit: type=1400 audit(1568886499.316:37): avc: denied { map } for pid=6880 comm="syz-fuzzer" path="/root/syzkaller-shm165633998" dev="sda1" ino=16491 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[ 126.202443] audit: type=1400 audit(1568886499.346:38): avc: denied { map } for pid=6898 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=22 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[ 126.550918] IPVS: ftp: loaded support on port[0] = 21
[ 127.289310] IPVS: ftp: loaded support on port[0] = 21
[ 127.325487] chnl_net:caif_netlink_parms(): no params data found
[ 127.381521] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.387915] bridge0: port 1(bridge_slave_0) entered disabled state
[ 127.395025] device bridge_slave_0 entered promiscuous mode
[ 127.402042] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.408381] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.415405] device bridge_slave_1 entered promiscuous mode
[ 127.433190] IPVS: ftp: loaded support on port[0] = 21
[ 127.443485] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 127.459029] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 127.508724] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 127.516245] team0: Port device team_slave_0 added
[ 127.526333] chnl_net:caif_netlink_parms(): no params data found
[ 127.535009] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 127.542134] team0: Port device team_slave_1 added
[ 127.549043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 127.566126] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 127.622502] IPVS: ftp: loaded support on port[0] = 21
[ 127.651941] device hsr_slave_0 entered promiscuous mode
[ 127.700388] device hsr_slave_1 entered promiscuous mode
[ 127.806755] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 127.814312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.821109] bridge0: port 1(bridge_slave_0) entered disabled state
[ 127.828056] device bridge_slave_0 entered promiscuous mode
[ 127.837772] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.844247] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.851208] device bridge_slave_1 entered promiscuous mode
[ 127.862409] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 127.875514] chnl_net:caif_netlink_parms(): no params data found
[ 127.905568] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 127.916068] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 127.945081] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 127.952453] team0: Port device team_slave_0 added
[ 127.959854] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 127.966933] team0: Port device team_slave_1 added
[ 127.981954] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.988384] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 127.995323] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.001701] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 128.009526] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 128.017872] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 128.025675] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.026443] IPVS: ftp: loaded support on port[0] = 21
[ 128.033170] bridge0: port 1(bridge_slave_0) entered disabled state
[ 128.045014] device bridge_slave_0 entered promiscuous mode
[ 128.052286] bridge0: port 2(bridge_slave_1) entered blocking state
[ 128.058680] bridge0: port 2(bridge_slave_1) entered disabled state
[ 128.065895] device bridge_slave_1 entered promiscuous mode
[ 128.098915] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 128.109886] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 128.161916] device hsr_slave_0 entered promiscuous mode
[ 128.200406] device hsr_slave_1 entered promiscuous mode
[ 128.280751] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 128.287683] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 128.308417] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 128.317185] team0: Port device team_slave_0 added
[ 128.324667] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 128.331866] team0: Port device team_slave_1 added
[ 128.337084] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 128.345649] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 128.422974] device hsr_slave_0 entered promiscuous mode
[ 128.460413] device hsr_slave_1 entered promiscuous mode
[ 128.502559] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 128.511384] bridge0: port 2(bridge_slave_1) entered blocking state
[ 128.517748] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 128.524387] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.530732] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 128.549591] bridge0: port 1(bridge_slave_0) entered disabled state
[ 128.556398] bridge0: port 2(bridge_slave_1) entered disabled state
[ 128.563723] bridge0: port 1(bridge_slave_0) entered disabled state
[ 128.570639] bridge0: port 2(bridge_slave_1) entered disabled state
[ 128.579285] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 128.623488] chnl_net:caif_netlink_parms(): no params data found
[ 128.636815] IPVS: ftp: loaded support on port[0] = 21
[ 128.667200] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 128.681285] 8021q: adding VLAN 0 to HW filter on device bond0
[ 128.714701] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 128.726653] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.734012] bridge0: port 1(bridge_slave_0) entered disabled state
[ 128.741825] device bridge_slave_0 entered promiscuous mode
[ 128.782057] chnl_net:caif_netlink_parms(): no params data found
[ 128.794966] bridge0: port 2(bridge_slave_1) entered blocking state
[ 128.801700] bridge0: port 2(bridge_slave_1) entered disabled state
[ 128.808552] device bridge_slave_1 entered promiscuous mode
[ 128.822214] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 128.844817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 128.852397] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 128.861861] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 128.867921] 8021q: adding VLAN 0 to HW filter on device team0
[ 128.879170] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 128.890528] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 128.918510] 8021q: adding VLAN 0 to HW filter on device bond0
[ 128.926184] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 128.938915] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 128.946488] team0: Port device team_slave_0 added
[ 128.957435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 128.965759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 128.973375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 128.979698] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 128.993556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 129.004306] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 129.013782] team0: Port device team_slave_1 added
[ 129.019205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 129.027696] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 129.035739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 129.043857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 129.051929] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.058275] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 129.073272] bridge0: port 1(bridge_slave_0) entered blocking state
[ 129.079722] bridge0: port 1(bridge_slave_0) entered disabled state
[ 129.086869] device bridge_slave_0 entered promiscuous mode
[ 129.094487] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.101046] bridge0: port 2(bridge_slave_1) entered disabled state
[ 129.107882] device bridge_slave_1 entered promiscuous mode
[ 129.119266] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 129.128509] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 129.138711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 129.153694] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 129.163140] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 129.172873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 129.179907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 129.189486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 129.204138] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 129.210624] 8021q: adding VLAN 0 to HW filter on device team0
[ 129.220627] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 129.282118] device hsr_slave_0 entered promiscuous mode
[ 129.320493] device hsr_slave_1 entered promiscuous mode
[ 129.370772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 129.379047] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 129.398643] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 129.408687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 129.416504] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 129.423633] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 129.431485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 129.439169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 129.449420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 129.455788] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 129.463237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 129.471840] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 129.479285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 129.486915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 129.494657] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 129.504900] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 129.512025] team0: Port device team_slave_0 added
[ 129.518710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 129.527098] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 129.538611] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 129.548213] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 129.555544] team0: Port device team_slave_1 added
[ 129.561177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 129.568555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 129.576787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 129.584884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 129.592735] bridge0: port 2(bridge_slave_1) entered blocking state
[ 129.599282] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 129.606167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 129.615882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 129.629409] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 129.638530] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 129.646595] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 129.653709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 129.663086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 129.670835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 129.679751] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 129.688169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 129.704810] 8021q: adding VLAN 0 to HW filter on device bond0
[ 129.720907] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 129.731279] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 129.747672] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 129.755448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 129.765601] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 129.792569] device hsr_slave_0 entered promiscuous mode
[ 129.830622] device hsr_slave_1 entered promiscuous mode
[ 129.871090] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 129.913781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 129.921904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 129.929596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 129.937306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 129.944961] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 129.953938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 129.964660] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 129.971716] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 129.981033] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 129.991967] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 129.998041] 8021q: adding VLAN 0 to HW filter on device team0
[ 130.007188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 130.014912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 130.022644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 130.031476] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 130.038789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 130.045792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 130.055853] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 130.062009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 130.072435] chnl_net:caif_netlink_parms(): no params data found
[ 130.082531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 130.098041] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 130.123254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 130.132699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 130.140545] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.146966] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 130.155642] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 130.167716] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 130.176522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 130.184019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 130.194048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 130.201872] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.208193] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 130.219208] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 130.253069] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 130.264068] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 130.288595] 8021q: adding VLAN 0 to HW filter on device bond0
[ 130.295706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 130.307895] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 130.320240] bridge0: port 1(bridge_slave_0) entered blocking state
[ 130.326590] bridge0: port 1(bridge_slave_0) entered disabled state
[ 130.339516] device bridge_slave_0 entered promiscuous mode
[ 130.346743] bridge0: port 2(bridge_slave_1) entered blocking state
[ 130.353333] bridge0: port 2(bridge_slave_1) entered disabled state
[ 130.360313] device bridge_slave_1 entered promiscuous mode
[ 130.366677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 130.386278] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 130.399318] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
09:48:23 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
syz_read_part_table(0x0, 0x2, &(0x7f00000000c0)=[{0x0, 0x0, 0x5d028}, {&(0x7f00000033c0)="a87deb8ac33cc703df55f86396b189ed394c7e318c3eab31c18845619aec7f0925893038d371fe0c3ea0196d6ab28930055d51c988f8823a086c4d36d09ed48869164ab63f5943a6e7a0936033ffc58d4140406e2a0c16643321f71bb28a69a6160093c318da3e12ef3085498f564782e0b58f16d0bdfdbd5c41189f0917673131d15c1335d031f2cd4aeff1e349d6d813e7ea6dd9fa4d6777ce5d20831d0425d2ce6e69475c07c503fb673c28b8874ab6596ff1bfd5763eb487c36a6309d679bc89fa016f7736d197c3133b0dfc0af23c26ceed683dfc6cea3f64e96603ae9e3e1db432f77fd2bef2ee50064247a8e1799ea6f79dfa5cd5369f9cc9d7e50d94deb965c391114f2d702244e41e8dc3dcaf3e91919729c7cd3e61876c9ae34f2f8d3e5bfee2a5624e1063b450dc39e27a96f1a8f04f0c835e787f70373ff899eb3492a14386f50dbbf7d6bdf4c8708d21d10ee84ee79fd2c4a8ef16ca1a8b9ef2a658a57993ad3ae67856411243852f53b9d59c30e7543729138c1465229bb8a62f95ec31e57038dd54505b541f4ab3b88432d35314e2f2dd64ede2e91336fc15aaa9759b64989c63e38fed210ac22e63adfc1a5b92198d4ed8c3ed02d267b51544fbd7627421394050b48f6dcd39f2", 0x1cf, 0x8}])
[ 130.413092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 130.420808] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 130.429272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 130.439267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 130.456539] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 130.465068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 130.473854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 130.486798] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 130.495793] 8021q: adding VLAN 0 to HW filter on device bond0
[ 130.504609] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 130.514798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 130.522515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 130.531925] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 130.538004] 8021q: adding VLAN 0 to HW filter on device team0
[ 130.546404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 130.582672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 130.604447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 130.613766] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 130.623125] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
09:48:23 executing program 1:
[ 130.630673] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 130.637689] team0: Port device team_slave_0 added
[ 130.645276] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 130.673071] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
09:48:23 executing program 1:
09:48:23 executing program 1:
[ 130.696514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 130.704971] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 130.713247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 130.725878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 130.738660] bridge0: port 1(bridge_slave_0) entered blocking state
09:48:23 executing program 1:
[ 130.745055] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 130.752788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 130.768296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 130.784690] bridge0: port 2(bridge_slave_1) entered blocking state
09:48:23 executing program 0:
mount(0x0, 0x0, 0x0, 0x100, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)
tkill(0x0, 0x9)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x6, 0x209e1e, 0x3, 0x1}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={r0, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f0000000240), &(0x7f0000000040)=""/89}, 0x18)
09:48:23 executing program 1:
[ 130.791077] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 130.818516] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 130.826704] team0: Port device team_slave_1 added
[ 130.840254] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 130.850804] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 130.856875] 8021q: adding VLAN 0 to HW filter on device team0
[ 130.864113] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 130.871324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 130.879280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 130.890849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 130.901200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 130.908076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 130.915265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 130.923488] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 130.932707] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 130.942627] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 130.960421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 130.969852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 130.978701] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 130.991039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 131.014113] device hsr_slave_0 entered promiscuous mode
[ 131.051933] device hsr_slave_1 entered promiscuous mode
[ 131.090528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 131.098230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 131.105795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 131.114369] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 131.121952] bridge0: port 1(bridge_slave_0) entered blocking state
[ 131.128461] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 131.135586] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 131.142633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 131.151753] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 131.161078] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 131.168286] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 131.175769] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 131.183448] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 131.196211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 131.205273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 131.213158] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 131.220982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 131.228344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 131.236175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 131.244196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 131.251814] bridge0: port 2(bridge_slave_1) entered blocking state
[ 131.258141] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 131.276127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 131.286904] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 131.298286] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 131.306556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 131.316721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 131.324491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 131.333580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 131.347043] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 131.359553] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 131.366134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 131.375037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 131.389532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 131.397242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 131.405410] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 131.414928] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 131.424438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 131.437092] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 131.447935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 131.463317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 131.471465] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 131.481621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 131.489270] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
09:48:24 executing program 5:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfffffffffffffff7, 0x84, 0x0, 0x0, 0x0, 0x7, 0x100, 0x0, 0xfe, 0x0, 0xb24c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1807, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x100000001, 0x1, 0x401, 0x0, 0x3, 0x0, 0x3, 0x4, 0x0, 0x7, 0x0, @perf_bp, 0x8000, 0x2, 0x3}, 0x0, 0x3, r0, 0x3)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT')
preadv(r1, &(0x7f00000017c0), 0x1b4, 0x500000000000000)
09:48:24 executing program 1:
[ 131.507851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 131.521152] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 131.529755] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 131.539952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 131.566321] 8021q: adding VLAN 0 to HW filter on device bond0
[ 131.585343] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 131.603656] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 131.627612] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 131.645919] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 131.656135] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 131.663252] 8021q: adding VLAN 0 to HW filter on device team0
[ 131.670893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 131.677717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 131.690451] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 131.699275] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 131.711731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 131.724084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 131.732200] bridge0: port 1(bridge_slave_0) entered blocking state
[ 131.738561] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 131.746129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 131.754771] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 131.765263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 131.774960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 131.782999] bridge0: port 2(bridge_slave_1) entered blocking state
[ 131.789333] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 131.798488] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 131.809548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 131.819526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 131.829768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 131.846197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 131.867867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 131.875702] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 131.884024] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 131.893650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 131.900741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 131.908424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 131.918960] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 131.926859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 131.934760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 131.944325] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 131.951570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 131.958974] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 131.968127] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 131.974678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 131.985826] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 131.995664] 8021q: adding VLAN 0 to HW filter on device batadv0
09:48:25 executing program 2:
09:48:25 executing program 0:
09:48:26 executing program 4:
09:48:26 executing program 1:
09:48:26 executing program 5:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfffffffffffffff7, 0x84, 0x0, 0x0, 0x0, 0x7, 0x100, 0x0, 0xfe, 0x0, 0xb24c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1807, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x100000001, 0x1, 0x401, 0x0, 0x3, 0x0, 0x3, 0x4, 0x0, 0x7, 0x0, @perf_bp, 0x8000, 0x2, 0x3}, 0x0, 0x3, r0, 0x3)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00\xcc\xf8V\xfe~\xdc\x94\x8e\xf06Ff\x00\xab\xa5\xd6\xeaY\xc8\xb5F\xfa\xa1\xd2\xc4*,ZT')
preadv(r1, &(0x7f00000017c0), 0x1b4, 0x500000000000000)
09:48:26 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/99, 0x23}, {&(0x7f00000000c0)=""/223, 0xdf}], 0x2)
09:48:26 executing program 0:
09:48:26 executing program 2:
[ 133.264710] netlink: 188 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 133.276096] netlink: 188 bytes leftover after parsing attributes in process `syz-executor.4'.
09:48:26 executing program 2:
clone(0x80210a001ff1, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
09:48:26 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={[], [], @local}}, 0x1c)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0xbb8)
09:48:26 executing program 0:
r0 = perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, 0x0)
r1 = socket$kcm(0x29, 0x5, 0x0)
socketpair(0x0, 0x6, 0x7, &(0x7f0000002c00))
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002c40)='cpuset.effective_mems\x00', 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000002c80)={0xffffffffffffffff, r2})
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000740)={0xffffffffffffffff, r2, 0x15}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000640)='./cgroup\x00', 0x200002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0x13, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x4c, 0x7}}, &(0x7f0000014ff5)='syzka\x00\x00\x00\x05\x00\xf3', 0x2, 0x1000, &(0x7f0000014000)=""/4096}, 0x48)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000540)='/dev/net/tun\x00', 0x10000, 0x0)
ioctl$TUNGETFILTER(r4, 0x801054db, &(0x7f0000000680)=""/104)
r5 = socket$kcm(0x11, 0x6, 0x0)
openat$cgroup_int(r3, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
r6 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r6}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc)
gettid()
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x67}}, &(0x7f0000000340)='syzkaller\x00', 0x5, 0x338, &(0x7f000000cf3d)=""/195}, 0x48)
socket$kcm(0xa, 0x1, 0x0)
r7 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0)
recvmsg$kcm(r5, 0x0, 0x100)
socketpair(0x1a, 0x803, 0x8, &(0x7f0000000700))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x1ff)
close(r7)
09:48:26 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/99, 0x23}, {&(0x7f00000000c0)=""/223, 0xdf}], 0x2)
09:48:26 executing program 2:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$vfio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x511, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
connect$llc(r0, &(0x7f0000000380)={0x1a, 0x1, 0x0, 0x5, 0x0, 0x0, @local}, 0x10)
09:48:26 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0xbb8)
09:48:26 executing program 5:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x2da8020000100000, 0x500001c)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="ab3757b6c23389f63a1afbd3f03dc5ec9bacdc54887242b6cd9aed49a59529113f0b4b0bcfebaef28e65e64d3ad9f56fb6395a0051f1b1799eed12c2b5130bf8c738f15968c8f6529592062d1914"], 0x200600)
09:48:26 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/99, 0x23}, {&(0x7f00000000c0)=""/223, 0xdf}], 0x2)
[ 133.440029] hrtimer: interrupt took 27154 ns
09:48:26 executing program 2:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$vfio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x511, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
connect$llc(r0, &(0x7f0000000380)={0x1a, 0x1, 0x0, 0x5, 0x0, 0x0, @local}, 0x10)
09:48:26 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, 0x0, 0x0)
listen(0xffffffffffffffff, 0x80)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, 0x0, 0x0)
fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
write(r1, 0x0, 0x0)
recvfrom$inet6(r1, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x100, &(0x7f0000001880), 0x3c8)
shutdown(r0, 0x1)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000000)={'lo\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000140)={'lo\x00\x00\x00$\x00\x00\x00\x00\x00\x00\b\x00\x00\x11', 0xff})
r6 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet6(r6, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0)
09:48:26 executing program 0:
wait4(0x0, 0x0, 0x0, 0x0)
tkill(0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x6, 0x209e1e, 0x3, 0x1}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={r0, &(0x7f0000000300), &(0x7f0000000340)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r0, &(0x7f0000000240), &(0x7f0000000040)=""/89}, 0x18)
09:48:26 executing program 4:
r0 = socket$kcm(0x2b, 0x4000000000000001, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="2b201000", @ANYRES32], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
[ 133.548018] audit: type=1804 audit(1568886506.696:39): pid=7052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir348755741/syzkaller.NYZrzS/3/memory.events" dev="sda1" ino=16528 res=1
09:48:26 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a)
09:48:26 executing program 4:
r0 = socket$kcm(0x2b, 0x4000000000000001, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="2b201000", @ANYRES32], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
[ 133.650165] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
09:48:26 executing program 2:
syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='dmode=0x0000000000000001,sbsector=0x0000000000000008,mode=0'])
09:48:26 executing program 3:
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a)
09:48:26 executing program 4:
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, &(0x7f0000000140)={0x0, "196b4bc124573d8a213546169623a2fb2cea22d4c89e774947813071a356f1620820b417814c558899d01d65beed414c33ab6183b3a5a5ee858cd7563d0f0665bee111d431299ee012b1b5d1d4792062af774bdec71d04892c8450683b04ce5a8a5625e9397fe3b8d4d8b7a3ba80a034a240df3a718873dd31b7c3754fa2d377"})
09:48:26 executing program 0:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
unshare(0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ifreq(r0, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x06\x02\xff', @ifru_names='bond_slave_1\x00t\x00'})
ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\f\x00!!\x00\x01\x00\x01', @ifru_names='bond_slave_1\x00\x00\x00\b'})
[ 133.779014] audit: type=1804 audit(1568886506.926:40): pid=7088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir348755741/syzkaller.NYZrzS/3/memory.events" dev="sda1" ino=16528 res=1
09:48:27 executing program 5:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x200600)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x2da8020000100000, 0x500001c)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="ab3757b6c23389f63a1afbd3f03dc5ec9bacdc54887242b6cd9aed49a59529113f0b4b0bcfebaef28e65e64d3ad9f56fb6395a0051f1b1799eed12c2b5130bf8c738f15968c8f6529592062d1914"], 0x200600)
09:48:27 executing program 4:
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0x10, 0x80003, 0x0)
sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5500000018007fafb72d1cb2a4a280930206430200a843090626274d040016001500154004004c00007aa3c728f1c46b7b31afdc1338d54400009b84136ef75afb6cde448daa7227c43ab8620000bf0cec6bab91d4", 0x55}], 0x1}, 0x0)
[ 133.839841] ISOFS: Unable to identify CD-ROM format.
[ 133.859866] bond0: Releasing backup interface bond_slave_1
09:48:27 executing program 3:
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100002000dcd8384a968b86be9084baa5b5db0700000068000a0100000000"], 0x2a)
[ 133.872344] audit: type=1400 audit(1568886506.976:41): avc: denied { create } for pid=7093 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[ 133.943870] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 133.981578] ISOFS: Unable to identify CD-ROM format.
[ 133.994514] bond0: Releasing backup interface bond_slave_1
[ 134.014747] audit: type=1400 audit(1568886506.986:42): avc: denied { ioctl } for pid=7093 comm="syz-executor.0" path="socket:[27716]" dev="sockfs" ino=27716 ioctlcmd=0x8991 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[ 134.045437] audit: type=1804 audit(1568886507.106:43): pid=7105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir348755741/syzkaller.NYZrzS/4/memory.events" dev="sda1" ino=16532 res=1
[ 134.083090] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 134.420147] ==================================================================
[ 134.427730] BUG: KASAN: use-after-free in tcp_ack+0x414f/0x4760
[ 134.433779] Read of size 4 at addr ffff8880a0b917ec by task syz-executor.1/7064
[ 134.441227]
[ 134.442839] CPU: 0 PID: 7064 Comm: syz-executor.1 Not tainted 4.14.145 #0
[ 134.449757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 134.459090] Call Trace:
[ 134.461693]
[ 134.463829] dump_stack+0x138/0x197
[ 134.467458] ? tcp_ack+0x414f/0x4760
[ 134.471155] print_address_description.cold+0x7c/0x1dc
[ 134.476424] ? tcp_ack+0x414f/0x4760
[ 134.480119] kasan_report.cold+0xa9/0x2af
[ 134.484249] __asan_report_load4_noabort+0x14/0x20
[ 134.489157] tcp_ack+0x414f/0x4760
[ 134.492676] ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 134.497760] ? trace_hardirqs_on+0x10/0x10
[ 134.501977] ? tcp_fastretrans_alert+0x2620/0x2620
[ 134.506893] ? lock_downgrade+0x6e0/0x6e0
[ 134.511034] tcp_rcv_established+0x3e9/0x1650
[ 134.515519] ? trace_hardirqs_on+0xd/0x10
[ 134.519652] ? save_trace+0x290/0x290
[ 134.523432] ? tcp_data_queue+0x3730/0x3730
[ 134.527737] tcp_v6_do_rcv+0x417/0x1190
[ 134.531706] tcp_v6_rcv+0x2446/0x2ed0
[ 134.535483] ? save_trace+0x290/0x290
[ 134.539273] ip6_input_finish+0x300/0x15a0
[ 134.543492] ip6_input+0xd5/0x340
[ 134.546924] ? ip6_input_finish+0x15a0/0x15a0
[ 134.551410] ? ipv6_rcv+0x16aa/0x1d20
[ 134.555239] ? ip6_rcv_finish+0x7a0/0x7a0
[ 134.559369] ip6_rcv_finish+0x23f/0x7a0
[ 134.563323] ipv6_rcv+0xe4d/0x1d20
[ 134.566840] ? put_prev_task_stop+0x348/0x400
[ 134.571315] ? ip6_input+0x340/0x340
[ 134.575008] ? __lock_is_held+0xb6/0x140
[ 134.579138] ? check_preemption_disabled+0x3c/0x250
[ 134.584139] ? ip6_make_skb+0x410/0x410
[ 134.588280] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 134.593706] ? ip6_input+0x340/0x340
[ 134.598097] __netif_receive_skb_core+0x1eae/0x2ca0
[ 134.603090] ? trace_hardirqs_on+0x10/0x10
[ 134.607317] ? enqueue_to_backlog+0xcc0/0xcc0
[ 134.611804] ? process_backlog+0x43e/0x730
[ 134.616021] ? lock_acquire+0x16f/0x430
[ 134.619991] __netif_receive_skb+0x2c/0x1b0
[ 134.624292] ? __netif_receive_skb+0x2c/0x1b0
[ 134.628766] process_backlog+0x21f/0x730
[ 134.632806] ? mark_held_locks+0xb1/0x100
[ 134.636933] net_rx_action+0x490/0xf80
[ 134.640889] ? napi_complete_done+0x4f0/0x4f0
[ 134.645363] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 134.650808] __do_softirq+0x244/0x9a0
[ 134.654591] ? ip6_finish_output2+0x9c0/0x21b0
[ 134.659152] do_softirq_own_stack+0x2a/0x40
[ 134.663460]
[ 134.665678] do_softirq.part.0+0x10e/0x160
[ 134.669902] __local_bh_enable_ip+0x154/0x1a0
[ 134.674401] ip6_finish_output2+0x9f3/0x21b0
[ 134.678792] ? ip6_forward_finish+0x480/0x480
[ 134.683270] ? __lock_is_held+0xb6/0x140
[ 134.687343] ? check_preemption_disabled+0x3c/0x250
[ 134.692340] ip6_finish_output+0x4f4/0xb50
[ 134.696637] ? ip6_finish_output+0x4f4/0xb50
[ 134.701032] ip6_output+0x20f/0x6d0
[ 134.704637] ? ip6_finish_output+0xb50/0xb50
[ 134.709043] ? __lock_is_held+0xb6/0x140
[ 134.713085] ? check_preemption_disabled+0x3c/0x250
[ 134.718183] ? ip6_fragment+0x32c0/0x32c0
[ 134.722311] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 134.727739] ip6_xmit+0xd53/0x1eb0
[ 134.731265] ? ip6_finish_output2+0x21b0/0x21b0
[ 134.735911] ? ip6_dst_check+0x86/0x2c0
[ 134.739958] ? save_trace+0x290/0x290
[ 134.743769] ? ip6_append_data+0x2f0/0x2f0
[ 134.747987] ? __lock_is_held+0xb6/0x140
[ 134.752037] ? check_preemption_disabled+0x3c/0x250
[ 134.757034] inet6_csk_xmit+0x286/0x4d0
[ 134.761004] ? inet6_csk_update_pmtu+0x140/0x140
[ 134.765739] ? tcp_md5_do_lookup+0x1d3/0x530
[ 134.770132] __tcp_transmit_skb+0x172c/0x2fe0
[ 134.774629] ? __tcp_select_window+0x6e0/0x6e0
[ 134.779191] ? kvm_clock_read+0x23/0x40
[ 134.783159] ? sched_clock_cpu+0x1b/0x1c0
[ 134.787303] ? tcp_small_queue_check+0x184/0x1e0
[ 134.792039] tcp_write_xmit+0x523/0x4960
[ 134.796081] ? tcp_v6_md5_lookup+0x23/0x30
[ 134.800293] ? tcp_established_options+0x2c5/0x420
[ 134.805214] ? tcp_current_mss+0x101/0x2f0
[ 134.809432] __tcp_push_pending_frames+0xa6/0x260
[ 134.814254] tcp_send_fin+0x17e/0xc40
[ 134.818035] tcp_close+0xcc8/0xfb0
[ 134.821569] ? lock_acquire+0x16f/0x430
[ 134.825523] ? ip_mc_drop_socket+0x1d6/0x230
[ 134.829911] inet_release+0xec/0x1c0
[ 134.833612] inet6_release+0x53/0x80
[ 134.837320] __sock_release+0xce/0x2b0
[ 134.841192] ? __sock_release+0x2b0/0x2b0
[ 134.845341] sock_close+0x1b/0x30
[ 134.848777] __fput+0x275/0x7a0
[ 134.852038] ____fput+0x16/0x20
[ 134.855298] task_work_run+0x114/0x190
[ 134.859172] exit_to_usermode_loop+0x1da/0x220
[ 134.863731] do_syscall_64+0x4bc/0x640
[ 134.867607] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 134.872447] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 134.877615] RIP: 0033:0x4135d1
[ 134.880796] RSP: 002b:00007ffcdccdf050 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 134.888568] RAX: 0000000000000000 RBX: 000000000000000a RCX: 00000000004135d1
[ 134.895818] RDX: 0000000000000000 RSI: 00000000000009a7 RDI: 0000000000000009
[ 134.903066] RBP: 0000000000000001 R08: 00000000e64469a7 R09: 00000000e64469ab
[ 134.910421] R10: 00007ffcdccdf130 R11: 0000000000000293 R12: 000000000075c9a0
[ 134.917672] R13: 000000000075c9a0 R14: 00000000007610f0 R15: 000000000075c07c
[ 134.924939]
[ 134.926567] Allocated by task 7072:
[ 134.930187] save_stack_trace+0x16/0x20
[ 134.934146] save_stack+0x45/0xd0
[ 134.937586] kasan_kmalloc+0xce/0xf0
[ 134.941277] kasan_slab_alloc+0xf/0x20
[ 134.945255] kmem_cache_alloc_node+0x144/0x780
[ 134.949816] __alloc_skb+0x9c/0x500
[ 134.953423] sk_stream_alloc_skb+0xb3/0x780
[ 134.957732] tcp_sendmsg_locked+0xf61/0x3200
[ 134.962132] tcp_sendmsg+0x30/0x50
[ 134.965658] inet_sendmsg+0x122/0x500
[ 134.969533] sock_sendmsg+0xce/0x110
[ 134.973223] SYSC_sendto+0x206/0x310
[ 134.976917] SyS_sendto+0x40/0x50
[ 134.980441] do_syscall_64+0x1e8/0x640
[ 134.984345] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 134.989510]
[ 134.991113] Freed by task 7072:
[ 134.994373] save_stack_trace+0x16/0x20
[ 134.998325] save_stack+0x45/0xd0
[ 135.001783] kasan_slab_free+0x75/0xc0
[ 135.005655] kmem_cache_free+0x83/0x2b0
[ 135.009604] kfree_skbmem+0x8d/0x120
[ 135.013422] __kfree_skb+0x1e/0x30
[ 135.016951] tcp_remove_empty_skb.part.0+0x231/0x2e0
[ 135.022038] tcp_sendmsg_locked+0x1ced/0x3200
[ 135.026513] tcp_sendmsg+0x30/0x50
[ 135.030038] inet_sendmsg+0x122/0x500
[ 135.033872] sock_sendmsg+0xce/0x110
[ 135.037605] SYSC_sendto+0x206/0x310
[ 135.041296] SyS_sendto+0x40/0x50
[ 135.044753] do_syscall_64+0x1e8/0x640
[ 135.048619] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 135.053794]
[ 135.055401] The buggy address belongs to the object at ffff8880a0b917c0
[ 135.055401] which belongs to the cache skbuff_fclone_cache of size 472
[ 135.068728] The buggy address is located 44 bytes inside of
[ 135.068728] 472-byte region [ffff8880a0b917c0, ffff8880a0b91998)
[ 135.080494] The buggy address belongs to the page:
[ 135.085405] page:ffffea000282e440 count:1 mapcount:0 mapping:ffff8880a0b91040 index:0x0
[ 135.093525] flags: 0x1fffc0000000100(slab)
[ 135.097913] raw: 01fffc0000000100 ffff8880a0b91040 0000000000000000 0000000100000006
[ 135.105771] raw: ffffea00024e0020 ffffea00024ab220 ffff8880a9e10a80 0000000000000000
[ 135.113635] page dumped because: kasan: bad access detected
[ 135.119322]
[ 135.120929] Memory state around the buggy address:
[ 135.125834] ffff8880a0b91680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 135.133180] ffff8880a0b91700: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 135.140527] >ffff8880a0b91780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 135.147874] ^
[ 135.154603] ffff8880a0b91800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 135.161946] ffff8880a0b91880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 135.169391] ==================================================================
[ 135.176753] Disabling lock debugging due to kernel taint
[ 135.182245] Kernel panic - not syncing: panic_on_warn set ...
[ 135.182245]
[ 135.189698] CPU: 0 PID: 7064 Comm: syz-executor.1 Tainted: G B 4.14.145 #0
[ 135.197898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 135.207277] Call Trace:
[ 135.209944]
[ 135.212091] dump_stack+0x138/0x197
[ 135.215703] ? tcp_ack+0x414f/0x4760
[ 135.219459] panic+0x1f2/0x426
[ 135.222634] ? add_taint.cold+0x16/0x16
[ 135.226594] kasan_end_report+0x47/0x4f
[ 135.230547] kasan_report.cold+0x130/0x2af
[ 135.234809] __asan_report_load4_noabort+0x14/0x20
[ 135.239715] tcp_ack+0x414f/0x4760
[ 135.243233] ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 135.248327] ? trace_hardirqs_on+0x10/0x10
[ 135.252543] ? tcp_fastretrans_alert+0x2620/0x2620
[ 135.257480] ? lock_downgrade+0x6e0/0x6e0
[ 135.261607] tcp_rcv_established+0x3e9/0x1650
[ 135.266091] ? trace_hardirqs_on+0xd/0x10
[ 135.270217] ? save_trace+0x290/0x290
[ 135.273995] ? tcp_data_queue+0x3730/0x3730
[ 135.278327] tcp_v6_do_rcv+0x417/0x1190
[ 135.282288] tcp_v6_rcv+0x2446/0x2ed0
[ 135.286066] ? save_trace+0x290/0x290
[ 135.289849] ip6_input_finish+0x300/0x15a0
[ 135.294064] ip6_input+0xd5/0x340
[ 135.297495] ? ip6_input_finish+0x15a0/0x15a0
[ 135.301976] ? ipv6_rcv+0x16aa/0x1d20
[ 135.305753] ? ip6_rcv_finish+0x7a0/0x7a0
[ 135.309887] ip6_rcv_finish+0x23f/0x7a0
[ 135.313841] ipv6_rcv+0xe4d/0x1d20
[ 135.317367] ? put_prev_task_stop+0x348/0x400
[ 135.321845] ? ip6_input+0x340/0x340
[ 135.325537] ? __lock_is_held+0xb6/0x140
[ 135.329580] ? check_preemption_disabled+0x3c/0x250
[ 135.334573] ? ip6_make_skb+0x410/0x410
[ 135.338961] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 135.344395] ? ip6_input+0x340/0x340
[ 135.348109] __netif_receive_skb_core+0x1eae/0x2ca0
[ 135.353103] ? trace_hardirqs_on+0x10/0x10
[ 135.357323] ? enqueue_to_backlog+0xcc0/0xcc0
[ 135.361881] ? process_backlog+0x43e/0x730
[ 135.366095] ? lock_acquire+0x16f/0x430
[ 135.370048] __netif_receive_skb+0x2c/0x1b0
[ 135.374349] ? __netif_receive_skb+0x2c/0x1b0
[ 135.378833] process_backlog+0x21f/0x730
[ 135.382871] ? mark_held_locks+0xb1/0x100
[ 135.386998] net_rx_action+0x490/0xf80
[ 135.390863] ? napi_complete_done+0x4f0/0x4f0
[ 135.395334] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 135.400763] __do_softirq+0x244/0x9a0
[ 135.404545] ? ip6_finish_output2+0x9c0/0x21b0
[ 135.409104] do_softirq_own_stack+0x2a/0x40
[ 135.413425]
[ 135.415657] do_softirq.part.0+0x10e/0x160
[ 135.419882] __local_bh_enable_ip+0x154/0x1a0
[ 135.424372] ip6_finish_output2+0x9f3/0x21b0
[ 135.428762] ? ip6_forward_finish+0x480/0x480
[ 135.433236] ? __lock_is_held+0xb6/0x140
[ 135.437275] ? check_preemption_disabled+0x3c/0x250
[ 135.442280] ip6_finish_output+0x4f4/0xb50
[ 135.446489] ? ip6_finish_output+0x4f4/0xb50
[ 135.450875] ip6_output+0x20f/0x6d0
[ 135.454479] ? ip6_finish_output+0xb50/0xb50
[ 135.458874] ? __lock_is_held+0xb6/0x140
[ 135.462912] ? check_preemption_disabled+0x3c/0x250
[ 135.467949] ? ip6_fragment+0x32c0/0x32c0
[ 135.472094] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 135.477524] ip6_xmit+0xd53/0x1eb0
[ 135.481052] ? ip6_finish_output2+0x21b0/0x21b0
[ 135.485700] ? ip6_dst_check+0x86/0x2c0
[ 135.489654] ? save_trace+0x290/0x290
[ 135.493434] ? ip6_append_data+0x2f0/0x2f0
[ 135.497646] ? __lock_is_held+0xb6/0x140
[ 135.501684] ? check_preemption_disabled+0x3c/0x250
[ 135.506691] inet6_csk_xmit+0x286/0x4d0
[ 135.510644] ? inet6_csk_update_pmtu+0x140/0x140
[ 135.515386] ? tcp_md5_do_lookup+0x1d3/0x530
[ 135.519777] __tcp_transmit_skb+0x172c/0x2fe0
[ 135.524251] ? __tcp_select_window+0x6e0/0x6e0
[ 135.528812] ? kvm_clock_read+0x23/0x40
[ 135.532764] ? sched_clock_cpu+0x1b/0x1c0
[ 135.536891] ? tcp_small_queue_check+0x184/0x1e0
[ 135.541627] tcp_write_xmit+0x523/0x4960
[ 135.545665] ? tcp_v6_md5_lookup+0x23/0x30
[ 135.549889] ? tcp_established_options+0x2c5/0x420
[ 135.554794] ? tcp_current_mss+0x101/0x2f0
[ 135.559004] __tcp_push_pending_frames+0xa6/0x260
[ 135.563847] tcp_send_fin+0x17e/0xc40
[ 135.567627] tcp_close+0xcc8/0xfb0
[ 135.571143] ? lock_acquire+0x16f/0x430
[ 135.575103] ? ip_mc_drop_socket+0x1d6/0x230
[ 135.579576] inet_release+0xec/0x1c0
[ 135.583272] inet6_release+0x53/0x80
[ 135.587010] __sock_release+0xce/0x2b0
[ 135.590888] ? __sock_release+0x2b0/0x2b0
[ 135.595014] sock_close+0x1b/0x30
[ 135.598602] __fput+0x275/0x7a0
[ 135.601868] ____fput+0x16/0x20
[ 135.605126] task_work_run+0x114/0x190
[ 135.608992] exit_to_usermode_loop+0x1da/0x220
[ 135.613595] do_syscall_64+0x4bc/0x640
[ 135.617572] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 135.622396] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 135.627563] RIP: 0033:0x4135d1
[ 135.630842] RSP: 002b:00007ffcdccdf050 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 135.638528] RAX: 0000000000000000 RBX: 000000000000000a RCX: 00000000004135d1
[ 135.645783] RDX: 0000000000000000 RSI: 00000000000009a7 RDI: 0000000000000009
[ 135.653034] RBP: 0000000000000001 R08: 00000000e64469a7 R09: 00000000e64469ab
[ 135.660283] R10: 00007ffcdccdf130 R11: 0000000000000293 R12: 000000000075c9a0
[ 135.667529] R13: 000000000075c9a0 R14: 00000000007610f0 R15: 000000000075c07c
[ 135.676272] Kernel Offset: disabled
[ 135.679892] Rebooting in 86400 seconds..