[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 95.659905] audit: type=1800 audit(1548721213.719:25): pid=11091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 95.679124] audit: type=1800 audit(1548721213.729:26): pid=11091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 95.698573] audit: type=1800 audit(1548721213.749:27): pid=11091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. 2019/01/29 00:20:27 fuzzer started 2019/01/29 00:20:33 dialing manager at 10.128.0.26:37981 2019/01/29 00:20:33 syscalls: 1 2019/01/29 00:20:33 code coverage: enabled 2019/01/29 00:20:33 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/29 00:20:33 extra coverage: extra coverage is not supported by the kernel 2019/01/29 00:20:33 setuid sandbox: enabled 2019/01/29 00:20:33 namespace sandbox: enabled 2019/01/29 00:20:33 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/29 00:20:33 fault injection: enabled 2019/01/29 00:20:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/29 00:20:33 net packet injection: enabled 2019/01/29 00:20:33 net device setup: enabled 00:23:08 executing program 0: clone(0x8000002102001ff7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000000)={0x0, @loopback, 0x0, 0x0, 'fo\x00', 0x3, 0x0, 0x12}, 0x2c) syzkaller login: [ 271.516320] IPVS: ftp: loaded support on port[0] = 21 [ 271.664659] chnl_net:caif_netlink_parms(): no params data found [ 271.744705] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.751784] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.760364] device bridge_slave_0 entered promiscuous mode [ 271.770003] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.776636] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.785236] device bridge_slave_1 entered promiscuous mode [ 271.817182] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 271.828236] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 271.858253] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 271.867065] team0: Port device team_slave_0 added [ 271.874206] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 271.882612] team0: Port device team_slave_1 added [ 271.889014] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 271.898900] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 272.046885] device hsr_slave_0 entered promiscuous mode [ 272.192893] device hsr_slave_1 entered promiscuous mode [ 272.453389] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 272.461075] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 272.491812] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.498469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.505736] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.512295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.602706] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 272.608809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 272.622729] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 272.635325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 272.646249] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.656355] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.667628] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 272.686153] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 272.692308] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.707890] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 272.715228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 272.725200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 272.733853] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.740339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.756251] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 272.769084] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 272.776729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 272.785520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 272.794232] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.800731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.809424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 272.824608] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 272.832053] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 272.857903] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 272.867554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 272.876801] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 272.891938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 272.904115] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 272.911469] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 272.919840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 272.929003] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 272.938761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 272.947637] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 272.966257] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 272.975887] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 272.988183] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 272.994419] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 273.003795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 273.012596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 273.046517] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 273.070660] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 273.229778] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:0 [ 273.245063] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:0 00:23:11 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x80000006, 0x0, 0x0, 0x2}]}, 0x10) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x1000000000000001, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x1000000004e23, @local}, 0x10) [ 273.442980] protocol 88fb is buggy, dev hsr_slave_0 [ 273.448574] protocol 88fb is buggy, dev hsr_slave_1 00:23:11 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$LOOP_GET_STATUS(r0, 0x40081271, &(0x7f00000001c0)) 00:23:11 executing program 0: semtimedop(0x0, &(0x7f00000000c0), 0x59, 0x0) 00:23:11 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff}) modify_ldt$write2(0x11, &(0x7f0000000080)={0x9ca}, 0x10) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = memfd_create(&(0x7f0000000180)='ppp0)^\x00', 0x0) execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) read$FUSE(r1, &(0x7f00000005c0), 0x1000) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'veth1Tto_bond\x00', 0x3802}) close(r0) 00:23:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000340)='security.ima\x00', &(0x7f0000000380)=@v2, 0xa, 0x0) 00:23:12 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)=0x8) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) 00:23:12 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/sctp\x00') r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x35}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x30, r2, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000000}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x4000800) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f023c123f3188a070") r3 = socket$inet(0x10, 0x3, 0x6) sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000240007031dfffd946fa2830020200a000900ff3e001d85680c1ba3a20400ff7e280000001100ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0xfffffffffffffecd}], 0x1}, 0x0) 00:23:12 executing program 0: socket(0x14, 0xffffffffffffffff, 0xff18) seccomp(0x1, 0x1, &(0x7f0000000080)={0x15a, &(0x7f0000000000)=[{0x84}, {0x4, 0x0, 0x0, 0xffffff7f7ffffffe}]}) 00:23:12 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$inet_dccp_int(r0, 0x21, 0x11, &(0x7f0000000080)=0x2, 0x4) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f0000a6b000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r1, &(0x7f0000000000)="1f0000000104fffffd3b000007110000f30501000b000100050423ca0000cf", 0x1f) [ 274.713318] netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. [ 274.727243] netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. 00:23:12 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x101003, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f00000000c0)={{0x2}}) 00:23:12 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in6={0xa, 0x4e22, 0x10001, @empty, 0x538f1338}, @in6={0xa, 0x4e23, 0x1f, @local, 0xdb4}, @in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e21, @rand_addr=0xfffffffffffffff7}, @in={0x2, 0x4e22, @multicast1}], 0x78) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000100), 0x12) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f00000000c0)) readv(r3, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0x4) 00:23:13 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x8000, 0x0) fsetxattr$security_smack_entry(r0, &(0x7f0000000040)='security.SMACK64\x00', &(0x7f0000000080)='\x00', 0x1, 0x3) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x10000, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000100)={0x1ff, 0x0, &(0x7f0000ffe000/0x1000)=nil}) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000180)) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_bond\x00', 0x0}) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000200)={@loopback, r2}, 0x14) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000240)={0x0, 0xc77a}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f00000002c0)={r3, @in6={{0xa, 0x4e23, 0x7fff, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3240383b}}}, 0x84) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000380)={r3, 0xf5, "ed6e3727d7a9288236e348c29bbcd6fad1caec6e02f9c9f0345027eb6f25f778db1d837b4d87dc1b1e0490ed072e84db71cc935585766b077868bfa45c54e839988c343ef112516b6ffd53f18a7c8fb9c429dd91f6933e444bae6532c9c8213378c3b959fb3ef69372a2df6454200c051f359b90795014b40672fb7766fbec549e76c227d2e54fb7a78ec1118cc84739ae70188539eed6e3cb17da0f8735ea9cdb2eb8b5c084353441c57579a32794677484f39da24d6155f6e7c84d5dc532575ff77f3466d4c1bd6d522943ba929a1ede5b2f44b6c9a9de0420a5399a997d98ad13f03cd4a6e3b1f37416972dcfdbb8a3a65a95d4"}, &(0x7f0000000480)=0xfd) ioctl$void(r1, 0x5451) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f00000004c0)={0x4, 0x3, 0x6, 0x7, 0x40, 0x9}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000500)={0x0}) r5 = mmap$binder(&(0x7f0000fee000/0x12000)=nil, 0x12000, 0x0, 0x10010, 0xffffffffffffff9c, 0x63) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x50, 0x38, &(0x7f0000000540)=[@fda={0x66646185, 0x2, 0x2, 0x5}, @fd={0x66642a85, 0x0, r0}, @flat={0x73622a85, 0xa, r4, 0x1}], &(0x7f00000005c0)=[0x0, 0x20, 0x38, 0x20, 0x20, 0x68, 0x0]}}, @increfs_done={0x40106308, r5}], 0x26, 0x0, &(0x7f0000000680)="9539995dc173f35238d59754b373603816b99ca79b24b898be1bb4826702f41e474edb279a8b"}) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r1, 0xc0845658, &(0x7f0000000700)={0x0, @bt={0xfffffffffffffff9, 0xd71, 0x0, 0x3, 0x4, 0x3ff, 0x100, 0xf1, 0x1, 0x0, 0x9, 0x7, 0x7f, 0x1, 0x8, 0x10}}) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f00000007c0)=0x1, 0x4) setsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000800)="97a1edc7a1a8defab466d8adf21fe0a8f44e800ad116", 0x16) write$P9_RWSTAT(r1, &(0x7f0000000840)={0x7, 0x7f, 0x1}, 0x7) setsockopt$inet6_udp_int(r1, 0x11, 0x6f, &(0x7f0000000880)=0x8850, 0x4) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f00000008c0)=0xc9dc, 0x4) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000bc0)=0x0) r7 = getuid() r8 = getpgrp(0xffffffffffffffff) r9 = geteuid() fstat(r1, &(0x7f0000000f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$netlink(r1, &(0x7f0000001040)={&(0x7f0000000900)=@proc={0x10, 0x0, 0x25dfdbfd, 0x20000000}, 0xc, &(0x7f0000000f00)=[{&(0x7f0000000940)={0x248, 0x1a, 0x800, 0x70bd2d, 0x25dfdbff, "", [@nested={0x8c, 0x28, [@generic="fa10a2072029da137b25ee056b274291e04f603d9d73e7451c3314b5eced7f0c84b8350205afe6716ddba1543ebbc34c1ce0ce6f173ed04ec2ce3194fbd51f964d3d5750d1cbcf42c947156949b1ed755266650c261f272bce42a3daabf5e2e1dc9c65091738acc815cc0b9091d99ff3539372f3a4a8da58", @generic="1ba62c7263952e", @typed={0x8, 0x10, @ipv4=@remote}]}, @nested={0x88, 0x4b, [@generic="7ea49cba272021edf81b6af3691595817edd4ed5f76babc854ef4a4a5655a2b25f6cd7d468a73403aae99f0e10f54fb212679bda8feae43b6e1a263e6d26accbe92342292c9ac1c76289337e964043a390a7f76f33078bbbc83de257054f7e8031bcd470b83d32eab70f9f751d6020d612c2db9c7761d2c7ea06ca456d", @typed={0x4, 0xf}]}, @generic="5342b276730a3bf98f944ccba68a26a7a971cdc1216469d870d0c09c8d97eae6a896f6ab56fdb7e576125806eedb919708fc2a34fc7da7d40980e54ce311086fbb421b8519111785f093727b5c4a565f16f836", @generic, @generic="8d2fa6ca0443ed1cc7ffd07e55105df141249696201ae6f98a721169fb963b2ea62b02b63d2bcaf10ce4f1332863c9d01e21460344ffab757468382d842d22d98c0bb495ff13395a5b6ced439f260e7fb3625b9adb57dcbeefb8e99d321d38b14cf985b11e4373acfd948a358d6bfc325431c274007e1ca7b2f8599d016a61140290889ff8fc47918d1b0e351f4c20401a00bea5b86c54bc9454f8a363a86b07249b8fe9ede1b695e1de3cde0dd28203cc6f8fce551c25e8ad84bc56d763a238cb3cbe90d03f547cbc00494b54f3fac7"]}, 0x248}, {&(0x7f0000000c00)={0x234, 0x25, 0x400, 0x70bd2b, 0x25dfdbfe, "", [@typed={0x8, 0x30, @pid=r6}, @generic="fee5d2da6d2a7124cbea69162124bb8bdf3da1cd18de8f86", @nested={0x204, 0x3c, [@generic="abc5de5198f0dcef2b909230fe3203185ef6a56cabca1729e4219b117f8ca0e4f59af92d6a1ee5538852a7ac4dff15c79ccc48169a5a8fcefe70851aa6dae6ddd1725766d13caa153a18a5ec24101208d92a252352751ebb8f6b7285bc477ad87a503f5880ad59dd8f43479ee730cd6da2f72188e74e03698e587a64b2e4060b0bfe83faf208d7fd04131f24bc8eaa260150fbaf9d8d37f157889abc28f0274dfeced2d64057f887cdb2975acb3a817a072963b204db9a32cea9a1e5a2d95965eb36ce8e8223b2d1f2311c104f007bd482681f20d8a892cd2fc9469a826f5398a8", @generic="e77126ea2110788062da1f493bb3defa31c0588254fdc9bab237363b58b38ef1e78d2bd648c47654697e58ba8880ce5f37e5d3eef89a4bd44b844c1530e4e739de27276180443794486af4a133c46a865d10e9ea97756e6fab1e7e6bd7fabe893b31f0afe8e56a108cb843e1730da1fd91d4f3e841050ab2d016443a6ca2fb4445997962ba3be0e7edf474ff059d2acc64344259f0c99da20ad4746d94b076d4eb43e9dec06b176a1d9c82392843b0cff377baf64177bf1cb946c33791fe8250e060023870742f4cb5828e29b75fe2d567c9f7f08415442475d96fa1c72869", @typed={0x10, 0x68, @str='\xbctrusted\x00'}, @typed={0x10, 0x17, @str='/dev/ppp\x00'}, @typed={0x8, 0x23, @uid=r7}, @typed={0x18, 0x5d, @str='security.SMACK64\x00'}]}]}, 0x234}, {&(0x7f0000000e40)={0xbc, 0x16, 0x1, 0x70bd29, 0x25dfdbfe, "", [@typed={0xc, 0x72, @u64=0x401}, @typed={0x8, 0x45, @ipv4=@broadcast}, @generic="b93e2190318fd950922d3dcf0e5d358f524879000bbb31fa4fe9bf4c83b68944c635e71e1d4023b36cc999efa6525f39ed6dc41e78d33509e4d32fa331110fa60e5cc25e83554d5f738ed96a99fecb94eb4988cbab9875eba2209b103adcc7112e7a11e84f4685bd44047954ac7fa9820c9e8cf50ee763e42dcb4f9c62b721d5c5fe1b92a3e2faec93305a0979", @typed={0x8, 0x8c, @u32=0x8001}]}, 0xbc}], 0x3, &(0x7f0000000fc0)=[@cred={0x20, 0x1, 0x2, r8, r9, r10}, @rights={0x20, 0x1, 0x1, [r1, r0, r1]}, @rights={0x20, 0x1, 0x1, [r1, r0, r1]}], 0x60, 0x4000}, 0x80) ioctl$void(r0, 0x5451) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000001080)=""/153) 00:23:13 executing program 0: r0 = socket$inet(0x2, 0x3, 0x100000000033) accept4(r0, &(0x7f0000000040)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, &(0x7f00000000c0)=0x80, 0x80000) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='ip_vti0\x00', 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmmsg$unix(r1, &(0x7f00000006c0)=[{&(0x7f0000000280)=@abs={0x0, 0xfeffffff0000ffeb, 0xffffff7f}, 0x6e, 0x0}], 0x1, 0x0) [ 275.193956] raw_sendmsg: syz-executor0 forgot to set AF_INET. Fix it! 00:23:13 executing program 0: r0 = socket$inet(0x2, 0x3, 0x100000000033) accept4(r0, &(0x7f0000000040)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, &(0x7f00000000c0)=0x80, 0x80000) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='ip_vti0\x00', 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmmsg$unix(r1, &(0x7f00000006c0)=[{&(0x7f0000000280)=@abs={0x0, 0xfeffffff0000ffeb, 0xffffff7f}, 0x6e, 0x0}], 0x1, 0x0) [ 275.439635] IPVS: ftp: loaded support on port[0] = 21 00:23:13 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) io_setup(0xfff, &(0x7f0000000340)=0x0) io_pgetevents(r1, 0xad4, 0x5, &(0x7f0000000380)=[{}, {}, {}, {}, {}], &(0x7f0000000440)={0x0, 0x989680}, &(0x7f00000004c0)={&(0x7f0000000480)={0x8}, 0x8}) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) listen(r0, 0x4a) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c) r4 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x1, 0x8000) ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f00000000c0)) getdents(r4, &(0x7f00000007c0)=""/17, 0x11) ioctl$TIOCNOTTY(r4, 0x5422) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f00000001c0)=0xfffffffffffffffd) setsockopt$inet6_tcp_int(r3, 0x6, 0xc, &(0x7f0000000040)=0x6, 0xae8c6e6c3a952031) r5 = dup3(r2, r0, 0x0) ioctl$VIDIOC_S_TUNER(r4, 0x4054561e, &(0x7f0000000700)={0x7, "ebca457da197a52fe27761095ac61ab39d3f61f763847174a064b7a672c19c1c", 0x4, 0x800, 0xf8f, 0x1ff, 0x0, 0x2e438788a6549c3b, 0xfffffffeffffffff, 0x3}) io_setup(0x10000, &(0x7f0000000500)) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000780)) ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f00000006c0)={0x80000001, 0xb7d, &(0x7f0000000540)="2e96401ebfc04a6b607698a02c7d11cdc7a6b4cc1e8068cfc72bb5c8d3fabcae34b3648db001e7f2a85c75d13b84aa40059bad2f0f332eaf3a4f73f311bff85e32393348375783f4a3264460c5ba829278", &(0x7f00000005c0)="3de44406ff316ae21ac4cf6cd53cd49b2e283da6dfe686e602693433ee99325e114b07de2007305d56eacf333bda3b513d351b6d0410a6860edd26924213652df1aecad97d9d1ea4aef0cc543c51c4399e6cd0ea0c06c394cf954982cfd8c44e5352e6f44236700cbf6186fd94471e6a740b1e4ffa86ef69fa863ce795dde498919ea72b306e4ab90c05e45e28fd534a1564de07b613aa3bd20ddc326ccca6bc97a951ae4ef84a51abde21a0632f5554df234b61ef1f8dd350b685c08956065319a5cd4aa59dd87d918a200ed26362", 0x51, 0xcf}) ioctl$VIDIOC_G_JPEGCOMP(r5, 0x808c563d, &(0x7f0000000200)) ioctl$RTC_UIE_OFF(r5, 0x7004) ioctl$PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000300)={0x1, &(0x7f00000002c0)=[{0x3ff, 0x7, 0x5, 0x1}]}) [ 275.608583] chnl_net:caif_netlink_parms(): no params data found [ 275.702360] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.708849] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.717110] device bridge_slave_0 entered promiscuous mode [ 275.727234] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.733907] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.742135] device bridge_slave_1 entered promiscuous mode [ 275.776530] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 275.788935] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 275.822745] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 275.831631] team0: Port device team_slave_0 added [ 275.839338] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 275.848102] team0: Port device team_slave_1 added [ 275.855145] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 275.864832] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 275.977070] device hsr_slave_0 entered promiscuous mode [ 276.033007] device hsr_slave_1 entered promiscuous mode [ 276.113351] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 276.120890] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 276.151734] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.158328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.165486] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.172051] bridge0: port 1(bridge_slave_0) entered forwarding state 00:23:14 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) io_setup(0xfff, &(0x7f0000000340)=0x0) io_pgetevents(r1, 0xad4, 0x5, &(0x7f0000000380)=[{}, {}, {}, {}, {}], &(0x7f0000000440)={0x0, 0x989680}, &(0x7f00000004c0)={&(0x7f0000000480)={0x8}, 0x8}) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) listen(r0, 0x4a) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c) r4 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x1, 0x8000) ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f00000000c0)) getdents(r4, &(0x7f00000007c0)=""/17, 0x11) ioctl$TIOCNOTTY(r4, 0x5422) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f00000001c0)=0xfffffffffffffffd) setsockopt$inet6_tcp_int(r3, 0x6, 0xc, &(0x7f0000000040)=0x6, 0xae8c6e6c3a952031) r5 = dup3(r2, r0, 0x0) ioctl$VIDIOC_S_TUNER(r4, 0x4054561e, &(0x7f0000000700)={0x7, "ebca457da197a52fe27761095ac61ab39d3f61f763847174a064b7a672c19c1c", 0x4, 0x800, 0xf8f, 0x1ff, 0x0, 0x2e438788a6549c3b, 0xfffffffeffffffff, 0x3}) io_setup(0x10000, &(0x7f0000000500)) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000780)) ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f00000006c0)={0x80000001, 0xb7d, &(0x7f0000000540)="2e96401ebfc04a6b607698a02c7d11cdc7a6b4cc1e8068cfc72bb5c8d3fabcae34b3648db001e7f2a85c75d13b84aa40059bad2f0f332eaf3a4f73f311bff85e32393348375783f4a3264460c5ba829278", &(0x7f00000005c0)="3de44406ff316ae21ac4cf6cd53cd49b2e283da6dfe686e602693433ee99325e114b07de2007305d56eacf333bda3b513d351b6d0410a6860edd26924213652df1aecad97d9d1ea4aef0cc543c51c4399e6cd0ea0c06c394cf954982cfd8c44e5352e6f44236700cbf6186fd94471e6a740b1e4ffa86ef69fa863ce795dde498919ea72b306e4ab90c05e45e28fd534a1564de07b613aa3bd20ddc326ccca6bc97a951ae4ef84a51abde21a0632f5554df234b61ef1f8dd350b685c08956065319a5cd4aa59dd87d918a200ed26362", 0x51, 0xcf}) ioctl$VIDIOC_G_JPEGCOMP(r5, 0x808c563d, &(0x7f0000000200)) ioctl$RTC_UIE_OFF(r5, 0x7004) ioctl$PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000300)={0x1, &(0x7f00000002c0)=[{0x3ff, 0x7, 0x5, 0x1}]}) [ 276.289516] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 276.296282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 276.336063] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 276.351599] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 276.358981] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.393233] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.406159] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 276.475149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 276.483545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 276.498373] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 276.504607] 8021q: adding VLAN 0 to HW filter on device team0 [ 276.529180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 276.538079] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.544742] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.597288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 276.605826] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.612398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.622190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 276.631264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 276.640051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 276.659362] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 276.670996] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 276.677215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 276.701170] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 276.718432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.728649] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 276.736996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 00:23:14 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r1, &(0x7f00000002c0), 0x10) setsockopt(r1, 0x65, 0x10000000002, &(0x7f0000000200)="c8d63f23", 0x4) getsockname$packet(0xffffffffffffff9c, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) bind$can_raw(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10) r3 = semget$private(0x0, 0x1, 0x0) semctl$GETVAL(r3, 0x2, 0xc, &(0x7f0000000000)=""/26) dup3(r0, r1, 0x0) 00:23:15 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\a/expire_nodest_conn\x00', 0x2, 0x0) unshare(0x400) r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r0, 0x107, 0x0, &(0x7f00000001c0), &(0x7f0000000200)=0xfffffffffffffddb) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) lseek(r1, 0x3, 0x0) getdents(r1, &(0x7f0000000040)=""/148, 0xab) 00:23:15 executing program 0: r0 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0xffffffffffffffff, 0x2) socketpair(0x1, 0x2000000001, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r4, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000001000000010000000300000004000000"], 0x18}, 0x0) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r5, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e21}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40000) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x6, 0x4}, &(0x7f0000000300)=0x90) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000380)={r6, 0x200}, &(0x7f00000003c0)=0x8) close(r3) 00:23:15 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket$inet(0x2, 0xa, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180)={0x10, 0x40030000000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x2f, 0x11d, 0x0, 0x0, {0x2, 0x20000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @binary="02"}]}]}, 0x20}}, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) [ 277.162852] syz-executor1 uses obsolete (PF_INET,SOCK_PACKET) 00:23:15 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000740)={0xb, 0x10, 0xfa00, {0x0}}, 0x18) setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x0) 00:23:15 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x240, 0x0) r1 = dup(r0) write$P9_RWRITE(r1, &(0x7f00000000c0)={0xb, 0x77, 0x1, 0x8}, 0xb) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000500)=""/246) write$evdev(r1, &(0x7f0000000000), 0x0) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f0000000000)={&(0x7f0000ffb000/0x3000)=nil, 0x8de, 0x1, 0x4, &(0x7f0000ffb000/0x3000)=nil, 0x1}) write$P9_RRENAMEAT(r0, &(0x7f0000000080)={0x3a7}, 0xffffffb7) ioctl$CAPI_NCCI_GETUNIT(r1, 0x80044327, &(0x7f0000000100)=0x9486) 00:23:15 executing program 0: r0 = socket(0x1e, 0x805, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000080)='trusted.overlay.opaque\x00', &(0x7f0000000100)='y\x00', 0x2, 0x1) unshare(0x8000040) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x0, @remote, 'team_slave_1\x00'}}, 0x1e) connect$netlink(r0, &(0x7f0000000200), 0xc) r1 = syz_open_dev$vbi(&(0x7f0000000180)='/dev/vbi#\x00', 0x2, 0x2) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f00000001c0)={0xd, 0x200, 0x5}) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0xfffffffffffffffe, @local, 0x1666}, {0xa, 0x4e22, 0x0, @remote, 0x81}, 0x7ff, [0x9, 0x7, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffe0]}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000240)={{0xa, 0x4e21, 0xff, @remote}, {0xa, 0x4e24, 0x0, @mcast2, 0x8}, 0x100, [0x8001, 0x2, 0xa53e, 0xf4, 0x3, 0xf52c, 0x6, 0x23dc8]}, 0x5c) 00:23:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) modify_ldt$write2(0x11, &(0x7f0000000000)={0x80000001, 0x100000, 0x0, 0xfffffffffffffff8, 0x3, 0x1, 0x7f, 0x0, 0x9, 0x6}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89a2, &(0x7f00000000c0)={'batadv0\x00'}) 00:23:15 executing program 0: r0 = msgget$private(0x0, 0x8) msgrcv(r0, &(0x7f0000000000)={0x0, ""/4096}, 0x1008, 0x2, 0x2000) msgsnd(r0, &(0x7f0000001040)={0x3}, 0x8, 0x0) 00:23:15 executing program 1: setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r0 = socket(0x11, 0x80002, 0x0) setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0xc5) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video35\x00', 0x2, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req={0x0, 0x40}, 0x10) 00:23:15 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000a80)='/dev/v4l-subdev#\x00', 0x0, 0x0) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f00000001c0)={0x200000000000004a, &(0x7f0000000140)}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f00000001c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}]}}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000000)={0x2, 0x77774f4e, 0x2, @discrete={0x6, 0x7f}}) [ 277.954027] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 00:23:16 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x100, 0x0) ioctl$KVM_SIGNAL_MSI(r0, 0x4020aea5, &(0x7f00000000c0)={0x15000, 0x10000, 0x9, 0x100000001, 0x56}) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000140)={'ifb0\x00', {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x5, 0x7, 0x9, 0xffffffffffffffff}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={r1, 0x0, 0x0}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x1f, 0xc509, 0x4, 0xf92, 0x10, r1, 0x7b}, 0x2c) 00:23:16 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85322, &(0x7f0000000400)={{0x0, 0x7}, 'port1\x00'}) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) gettid() r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x20e202, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {r2, 0x10, 0x0, @ib={0x1b, 0x2, 0x80f2, {"234efdfbf35571cf05baf0db7dc133e7"}, 0x1ff, 0x4}}}, 0x90) timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x0) 00:23:16 executing program 1: unshare(0x1000000000800) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) r2 = socket$xdp(0x2c, 0x3, 0x0) bind$xdp(r2, &(0x7f0000000300)={0x2c, 0x0, r1}, 0x10) r3 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x0, 0x0) setsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000040)=0x8, 0x1) 00:23:16 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = getpgrp(0x0) fcntl$lock(r0, 0x27, &(0x7f0000000000)={0x2, 0x0, 0x4, 0xd2f, r1}) ioctl(r0, 0x80000004144, &(0x7f0000007fff)) 00:23:16 executing program 0: r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x1f, 0x2) lseek(r0, 0x0, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00', r0}, 0x10) ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(r0, &(0x7f00000000c0)='./file0\x00', 0x60) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000380)='hfsplus\x00', 0x0, &(0x7f0000000180)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb cr\x13\xb1\xe8\x94\xd1 q_\x9d\xc1\x12[\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sr/\xd3g\xad\"\xe8U0%\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\x86,=f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc}0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x1, &(0x7f0000000100)='\x00'}, 0x30) r1 = syz_open_procfs(r0, &(0x7f00000000c0)='net/ip6_tables_targets\x00') mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0xa111, r1, 0x0) removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@random={'os2.', 'btrfs.'}) [ 278.712525] ================================================================== [ 278.720020] BUG: KMSAN: uninit-value in inet_rcv_saddr_equal+0x7b6/0xac0 [ 278.726916] CPU: 0 PID: 11410 Comm: syz-executor0 Not tainted 5.0.0-rc1+ #9 [ 278.734052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 278.743421] Call Trace: [ 278.746084] dump_stack+0x173/0x1d0 [ 278.749777] kmsan_report+0x12e/0x2a0 [ 278.753605] __msan_warning+0x82/0xf0 [ 278.757440] inet_rcv_saddr_equal+0x7b6/0xac0 [ 278.761963] ? __local_bh_enable_ip+0xb3/0x1a0 [ 278.766643] ? ieee80211_update_mesh_config+0x1a1/0x18e0 [ 278.772125] inet_csk_bind_conflict+0x57c/0x990 [ 278.776837] inet_csk_get_port+0x219a/0x22a0 [ 278.781273] ? __msan_poison_alloca+0x1f0/0x2a0 [ 278.785997] ? local_bh_enable+0x36/0x40 [ 278.790099] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 278.795329] ? inet_get_local_port_range+0x2d0/0x2d0 [ 278.800489] __inet_bind+0x9e6/0xf40 [ 278.804240] inet_bind+0x21e/0x300 [ 278.807829] ? inet_release+0x2a0/0x2a0 [ 278.811847] __sys_bind+0x60b/0x7c0 [ 278.815523] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 278.820987] ? prepare_exit_to_usermode+0x114/0x420 [ 278.826032] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 278.831248] __se_sys_bind+0x8d/0xb0 [ 278.834995] __x64_sys_bind+0x4a/0x70 [ 278.838807] do_syscall_64+0xbc/0xf0 [ 278.842571] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 278.847765] RIP: 0033:0x458089 [ 278.850960] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 278.869868] RSP: 002b:00007f551efecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 278.877587] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458089 [ 278.884874] RDX: 0000000000000010 RSI: 0000000020deb000 RDI: 0000000000000004 [ 278.892164] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 278.899446] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f551efed6d4 [ 278.906721] R13: 00000000004be11f R14: 00000000004ce4c8 R15: 00000000ffffffff [ 278.914008] [ 278.915639] Uninit was stored to memory at: [ 278.919965] kmsan_internal_chain_origin+0x134/0x230 [ 278.925096] __msan_chain_origin+0x70/0xe0 [ 278.929332] inet_twsk_alloc+0xa8e/0xba0 [ 278.933394] tcp_time_wait+0xd2/0xf00 [ 278.937187] tcp_rcv_state_process+0xc89/0x6940 [ 278.941870] tcp_v4_do_rcv+0xb11/0xd70 [ 278.945762] __release_sock+0x281/0x5f0 [ 278.949736] tcp_close+0x299/0x18a0 [ 278.953378] inet_release+0x162/0x2a0 [ 278.957180] sock_close+0x13f/0x400 [ 278.960804] __fput+0x4d1/0xbb0 [ 278.964082] ____fput+0x37/0x40 [ 278.967356] task_work_run+0x22e/0x2a0 [ 278.971242] prepare_exit_to_usermode+0x321/0x420 [ 278.976090] syscall_return_slowpath+0xb2/0x650 [ 278.980759] do_syscall_64+0xe2/0xf0 [ 278.984477] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 278.989654] [ 278.991277] Uninit was created at: [ 278.994818] kmsan_internal_poison_shadow+0x92/0x150 [ 279.000006] kmsan_kmalloc+0xa6/0x130 [ 279.003860] kmem_cache_alloc+0x585/0xb60 [ 279.008007] inet_twsk_alloc+0x135/0xba0 [ 279.012090] tcp_time_wait+0xd2/0xf00 [ 279.015903] tcp_rcv_state_process+0xc89/0x6940 [ 279.020568] tcp_v4_do_rcv+0xb11/0xd70 [ 279.024465] __release_sock+0x281/0x5f0 [ 279.028461] tcp_close+0x299/0x18a0 [ 279.032100] inet_release+0x162/0x2a0 [ 279.035908] sock_close+0x13f/0x400 [ 279.039533] __fput+0x4d1/0xbb0 [ 279.042818] ____fput+0x37/0x40 [ 279.046097] task_work_run+0x22e/0x2a0 [ 279.049982] prepare_exit_to_usermode+0x321/0x420 [ 279.054824] syscall_return_slowpath+0xb2/0x650 [ 279.059486] do_syscall_64+0xe2/0xf0 [ 279.063195] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 279.068372] ================================================================== [ 279.075722] Disabling lock debugging due to kernel taint [ 279.081174] Kernel panic - not syncing: panic_on_warn set ... [ 279.087082] CPU: 0 PID: 11410 Comm: syz-executor0 Tainted: G B 5.0.0-rc1+ #9 [ 279.095593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.104946] Call Trace: [ 279.107547] dump_stack+0x173/0x1d0 [ 279.111192] panic+0x3d1/0xb01 [ 279.114478] kmsan_report+0x293/0x2a0 [ 279.118306] __msan_warning+0x82/0xf0 [ 279.122130] inet_rcv_saddr_equal+0x7b6/0xac0 [ 279.126637] ? __local_bh_enable_ip+0xb3/0x1a0 [ 279.131243] ? ieee80211_update_mesh_config+0x1a1/0x18e0 [ 279.136722] inet_csk_bind_conflict+0x57c/0x990 [ 279.141421] inet_csk_get_port+0x219a/0x22a0 [ 279.146645] ? __msan_poison_alloca+0x1f0/0x2a0 [ 279.151332] ? local_bh_enable+0x36/0x40 [ 279.155431] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 279.160652] ? inet_get_local_port_range+0x2d0/0x2d0 [ 279.165761] __inet_bind+0x9e6/0xf40 [ 279.169503] inet_bind+0x21e/0x300 [ 279.173068] ? inet_release+0x2a0/0x2a0 [ 279.177079] __sys_bind+0x60b/0x7c0 [ 279.180753] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 279.186216] ? prepare_exit_to_usermode+0x114/0x420 [ 279.191236] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 279.196455] __se_sys_bind+0x8d/0xb0 [ 279.200197] __x64_sys_bind+0x4a/0x70 [ 279.204003] do_syscall_64+0xbc/0xf0 [ 279.207731] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 279.212920] RIP: 0033:0x458089 [ 279.216126] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 279.235030] RSP: 002b:00007f551efecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 279.242733] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458089 [ 279.249996] RDX: 0000000000000010 RSI: 0000000020deb000 RDI: 0000000000000004 [ 279.257281] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 279.264549] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f551efed6d4 [ 279.271821] R13: 00000000004be11f R14: 00000000004ce4c8 R15: 00000000ffffffff [ 279.280093] Kernel Offset: disabled [ 279.283735] Rebooting in 86400 seconds..