[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   29.542158] kauditd_printk_skb: 7 callbacks suppressed
[   29.542170] audit: type=1800 audit(1545055729.305:29): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   29.571708] audit: type=1800 audit(1545055729.305:30): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.207632] sshd (6084) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts.
2018/12/17 14:09:00 fuzzer started
2018/12/17 14:09:03 dialing manager at 10.128.0.26:38295
2018/12/17 14:09:03 syscalls: 1
2018/12/17 14:09:03 code coverage: enabled
2018/12/17 14:09:03 comparison tracing: enabled
2018/12/17 14:09:03 setuid sandbox: enabled
2018/12/17 14:09:03 namespace sandbox: enabled
2018/12/17 14:09:03 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/17 14:09:03 fault injection: enabled
2018/12/17 14:09:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/17 14:09:03 net packet injection: enabled
2018/12/17 14:09:03 net device setup: enabled
14:11:52 executing program 0:
r0 = socket$l2tp(0x18, 0x1, 0x1)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='nv\x00', 0x26d)
sendto$inet(r1, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10)
write$binfmt_elf64(r1, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644)
recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000100)=<r3=>0x0)
write$cgroup_pid(r2, &(0x7f0000000140)=r3, 0x12)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070")

[  213.113836] IPVS: ftp: loaded support on port[0] = 21
14:11:53 executing program 1:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r1, 0x0, 0x0, 0x0, 0x0)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000006c80)={0x0, 0x0, &(0x7f0000006c40)={0x0}}, 0x0)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x18, 0x2d, 0x119, 0x0, 0x0, {0x4}, [@nested={0x4}]}, 0x18}}, 0x0)

[  213.384597] IPVS: ftp: loaded support on port[0] = 21
14:11:53 executing program 2:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x0, 0x0)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/12, 0xc}], 0x1)

[  213.702264] IPVS: ftp: loaded support on port[0] = 21
14:11:53 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="71e67a15cdf0319fa22748f9a91c66b3", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000004980)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)="1ef0554e4c99a65af6839704abc83b307a9d82e6530214d0a857bf9bd337216f08e709e1b9", 0x25}], 0x1, 0x0, 0x0, 0x1}], 0x1, 0x8001)
recvmmsg(r1, &(0x7f0000006880)=[{{&(0x7f0000000000)=@ipx, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/36, 0x24}, {&(0x7f0000004a80)=""/4096, 0x1000}], 0x2}}], 0x1, 0x0, 0x0)

[  214.205465] IPVS: ftp: loaded support on port[0] = 21
14:11:54 executing program 4:
clone(0x13102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1b)
ptrace$cont(0x18, r0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x13e})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x1f, r0, 0x0, 0x0)

[  214.747505] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.765498] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.794049] device bridge_slave_0 entered promiscuous mode
[  214.828718] IPVS: ftp: loaded support on port[0] = 21
[  214.980630] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.987388] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.995294] device bridge_slave_1 entered promiscuous mode
[  215.142784] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
14:11:55 executing program 5:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='tasks\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x4)

[  215.249580] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.265675] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.283757] device bridge_slave_0 entered promiscuous mode
[  215.312331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  215.440898] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.452638] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.472519] device bridge_slave_1 entered promiscuous mode
[  215.500060] IPVS: ftp: loaded support on port[0] = 21
[  215.590851] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  215.695044] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.701589] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.710372] device bridge_slave_0 entered promiscuous mode
[  215.738437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  215.793652] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  215.845492] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.858110] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.879694] device bridge_slave_1 entered promiscuous mode
[  215.925913] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  216.012608] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  216.122170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  216.201856] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  216.292690] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  216.301299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  216.403387] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  216.467386] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.477387] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.484935] device bridge_slave_0 entered promiscuous mode
[  216.510812] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  216.531344] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  216.560859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  216.625270] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.662167] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.679742] device bridge_slave_1 entered promiscuous mode
[  216.692986] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  216.702792] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  216.742784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  216.754544] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  216.782797] team0: Port device team_slave_0 added
[  216.790705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  216.910579] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  216.931668] team0: Port device team_slave_1 added
[  216.937872] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  217.088056] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  217.113185] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.119635] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.143572] device bridge_slave_0 entered promiscuous mode
[  217.169983] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  217.178928] team0: Port device team_slave_0 added
[  217.233927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  217.270722] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.290724] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.303171] device bridge_slave_1 entered promiscuous mode
[  217.313743] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  217.321105] team0: Port device team_slave_1 added
[  217.376674] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  217.388199] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  217.402762] team0: Port device team_slave_0 added
[  217.408400] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  217.418638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  217.428652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  217.443402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  217.478022] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  217.530750] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  217.539813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  217.553315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  217.574756] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  217.584697] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  217.598406] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  217.606030] team0: Port device team_slave_1 added
[  217.614984] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  217.643274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  217.654031] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  217.662580] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  217.671535] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  217.702074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  217.709972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  217.743291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  217.762437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  217.773476] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  217.808466] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  217.824453] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  217.851601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  217.874611] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  217.883707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  217.892889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  217.900719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  217.923478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  217.953267] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  217.960851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  217.972779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  218.072457] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  218.080350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  218.090205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  218.106545] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  218.153903] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.160375] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.188150] device bridge_slave_0 entered promiscuous mode
[  218.207213] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  218.227468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  218.254038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  218.263429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  218.277943] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  218.292953] team0: Port device team_slave_0 added
[  218.316653] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.334351] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.343466] device bridge_slave_1 entered promiscuous mode
[  218.371803] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  218.392567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  218.432519] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  218.462443] team0: Port device team_slave_1 added
[  218.473788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  218.492250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  218.530490] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  218.569774] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  218.578076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  218.593559] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  218.647013] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  218.745467] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  218.759408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  218.776641] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  218.895892] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  218.906030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  218.927217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  218.944362] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  218.951698] team0: Port device team_slave_0 added
[  219.025397] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  219.035524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  219.052414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  219.119867] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  219.130107] team0: Port device team_slave_1 added
[  219.200753] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  219.257772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  219.299049] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.305615] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.312733] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.319105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.346476] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  219.370303] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  219.392501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  219.402273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  219.410197] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  219.480139] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  219.493036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  219.538363] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  219.552263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  219.561793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  219.623230] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  219.631831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  219.663961] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.670360] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.677068] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.683478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.691503] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  219.698958] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  219.726585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  219.752828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  219.764711] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.771093] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.777857] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.784273] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.798254] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  220.042916] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  220.083825] team0: Port device team_slave_0 added
[  220.222134] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  220.229658] team0: Port device team_slave_1 added
[  220.262580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  220.279701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  220.309942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  220.422524] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  220.429422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  220.439212] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  220.543157] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  220.550049] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  220.562971] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  220.586666] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.593131] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.599801] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.606261] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.622524] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  220.646903] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  220.661841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  220.693090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  220.799551] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  220.813054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  220.823202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  221.271168] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.277637] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.284387] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.290758] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.303237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  221.309614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  221.319312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  222.140441] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.146905] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.153643] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.160022] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.174065] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  222.332590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  224.905362] 8021q: adding VLAN 0 to HW filter on device bond0
[  224.950057] 8021q: adding VLAN 0 to HW filter on device bond0
[  224.970797] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.345499] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  225.479250] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  225.544113] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  225.756941] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  225.772101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  225.783062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  225.878584] 8021q: adding VLAN 0 to HW filter on device bond0
[  225.933465] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  225.944764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  225.951924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  226.112849] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  226.119038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  226.140036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  226.270507] 8021q: adding VLAN 0 to HW filter on device team0
[  226.287128] 8021q: adding VLAN 0 to HW filter on device bond0
[  226.384889] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  226.428444] 8021q: adding VLAN 0 to HW filter on device team0
[  226.675107] 8021q: adding VLAN 0 to HW filter on device team0
[  226.759702] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  226.945981] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  226.968539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  226.978207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  227.251204] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  227.282576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  227.293347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  227.323853] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.438052] 8021q: adding VLAN 0 to HW filter on device team0
[  227.693836] 8021q: adding VLAN 0 to HW filter on device team0
[  227.803610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  228.314891] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  228.321099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  228.332699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  228.807070] 8021q: adding VLAN 0 to HW filter on device team0
14:12:09 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x0, @local}, 0x10)
r1 = socket$inet6(0xa, 0x803, 0x7)
ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")

14:12:09 executing program 2:

14:12:09 executing program 2:

14:12:09 executing program 2:

14:12:09 executing program 1:

14:12:09 executing program 2:

14:12:09 executing program 0:

14:12:09 executing program 1:

14:12:09 executing program 2:

14:12:10 executing program 3:

14:12:10 executing program 1:

14:12:10 executing program 5:

14:12:10 executing program 2:

14:12:10 executing program 0:

14:12:10 executing program 4:

14:12:10 executing program 3:

14:12:10 executing program 1:

14:12:10 executing program 2:

14:12:10 executing program 4:

14:12:10 executing program 3:

14:12:10 executing program 5:

14:12:10 executing program 0:

14:12:10 executing program 1:

14:12:10 executing program 2:

14:12:10 executing program 5:

14:12:10 executing program 4:
clone(0x3502001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x2)
unshare(0x32040400)
ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, 0x0)
ptrace$cont(0x18, r0, 0x0, 0x0)

14:12:10 executing program 0:

14:12:10 executing program 1:

14:12:10 executing program 3:

14:12:10 executing program 2:

14:12:10 executing program 3:

[  231.123792] ptrace attach of "/root/syz-executor4"[7732] was attempted by "/root/syz-executor4"[7733]
14:12:10 executing program 4:

14:12:10 executing program 5:

14:12:10 executing program 1:

14:12:11 executing program 0:
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x8)
ptrace$cont(0x9, r0, 0x0, 0x7)
tkill(r0, 0xa)
ptrace$cont(0x9, r0, 0x0, 0x0)

14:12:11 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cuse\x00', 0x2, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000080)={0x0, 0x4004400})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000919000/0x400000)=nil, 0x400000, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x20)
ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000001c0))
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000600)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000380)={0x0, @in6={{0xa, 0x4e21, 0x0, @mcast1, 0x2}}, 0xffffffff, 0xf79}, &(0x7f00000004c0)=0x90)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0xc0200, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000100)=0x8b89d10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4)
clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
r2 = socket(0x1e, 0x805, 0x0)
r3 = socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda)
mkdir(&(0x7f00000005c0)='./file0\x00', 0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x100, 0x200, 0x0, 0x0, 0x38f, 0x0, 0x7, 0xb08, 0x5, 0x7, 0x3, 0x800, 0xffffffffffffffff, 0x5a, 0x0, 0x38}})
socket(0x1e, 0x805, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x2, 0x3ff}, 0x94)
sendmsg(r2, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, 0x0, 0x0, &(0x7f00006e9c68)}, 0x0)

14:12:11 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79)
sendmmsg(r0, &(0x7f0000007e00), 0x4000000000000f4, 0xf7ffff7f)

14:12:11 executing program 2:
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000100), 0x0, 0x20000001, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x40000ab15, 0x0)

14:12:11 executing program 4:
r0 = socket$inet(0x2, 0x801, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
sendto$inet(r0, &(0x7f00000000c0)='f', 0x1, 0x0, 0x0, 0x0)
connect$inet(r0, &(0x7f0000001000)={0x2, 0x4e20, @local}, 0xac78cbdca942c85e)

14:12:11 executing program 0:
r0 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0xe259, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1e818bb6, 0x9, 0x3, "c2efcf93e01b66ebdb58d48eab577ab2f73d0000000400", 0xb5315258})
r1 = accept4$inet6(0xffffffffffffff9c, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, &(0x7f00000000c0)=0x1c, 0x800)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x107db3323707ee98, &(0x7f00000001c0)={@ipv4={[], [], @empty}, <r2=>0x0}, &(0x7f0000000200)=0x14)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000000240)={@mcast1, @loopback, @remote, 0x3, 0x4, 0x80000001, 0x100, 0x9, 0x200308, r2})
getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000180)=0x40)
syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)

[  231.318468] ptrace attach of "/root/syz-executor0"[7751] was attempted by "/root/syz-executor0"[7752]
14:12:11 executing program 5:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/4\x00')
r2 = syz_open_dev$dmmidi(0x0, 0x0, 0x0)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="b189cbb6139c00000000", @ANYRES16=0x0, @ANYBLOB="000000005b8bd0c0960000000000"]}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f00000002c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400048}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x34, r3, 0x6ff, 0x70bd2b, 0x25dfdbfd, {{}, 0x0, 0x4102, 0x0, {0x18, 0x13, @l2={'eth', 0x3a, 'team_slave_0\x00'}}}, ["", "", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x2404c010}, 0x7d)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000100)={0x0, 0x3, 0x2})
r4 = syz_open_dev$sndmidi(&(0x7f0000000440)='/dev/snd/midiC#D#\x00', 0xe440, 0x1)
write$cgroup_type(r4, &(0x7f00000000c0)='threaded\x00', 0xff4c)
r5 = syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0xfffffffffffffffe, 0x10000)
close(r5)
socket$inet6_sctp(0xa, 0x200000000000005, 0x84)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x72, 0x0, &(0x7f0000000200))
ioctl$SNDRV_CTL_IOCTL_PVERSION(r2, 0x80045500, &(0x7f0000000140))

14:12:11 executing program 3:
r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f00000006c0)={'syz'}, &(0x7f0000000700)='F', 0x1, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x1010021)
keyctl$describe(0x6, r0, 0x0, 0x0)

[  231.413396] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  231.446774] hrtimer: interrupt took 33963 ns
14:12:11 executing program 2:
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x100101000, 0x0)
socket$alg(0x26, 0x5, 0x0)
bind$tipc(r1, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x41, 0x1}, 0x2}}, 0x5)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10)
sendmsg$tipc(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r2 = memfd_create(&(0x7f0000000000)='\x00', 0x4)
ioctl$RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000180)={0x3, 0x16, 0xe, 0x14, 0x9, 0x63, 0x5, 0x40, 0xffffffffffffffff})
ioctl$VIDIOC_SUBDEV_G_EDID(r2, 0xc0285628, &(0x7f0000000140)={0x0, 0x8c2, 0x80, [], &(0x7f0000000100)=0x3})
setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88)

14:12:11 executing program 4:
ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_dev$swradio(&(0x7f0000000280)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2)
accept$inet(r2, &(0x7f00000002c0), &(0x7f0000000340)=0x10)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x5, 0x0)
r4 = creat(&(0x7f0000000080)='./file0\x00', 0x2)
ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f0000000240)=r4)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000140)={{{@in=@multicast2, @in6=@mcast1}}, {{@in=@local}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
io_cancel(0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000300)="3819c3b57c3715d7940261bd0f99873bdaa2c49e488aa6336976fa91397f40c19fda", 0x22}, &(0x7f0000000400))
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffffd, 0x0, 'y\x14\bK\x16^\x9e\xc5/\x15\x95\xab)\xeb\xf0\x15\xf3{T\x1aWP\xac\xb2\xac\x95\xe9\xad9b\xaf\t.S#\xb7\x1f\xa5^\xe1K\xf9\x00'})
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r5, 0x84, 0x23, &(0x7f00000004c0)={0x0, 0x5}, 0x8)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000480))
ioctl$KVM_RUN(r5, 0xae80, 0x0)

14:12:11 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa9a2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = geteuid()
setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000002c0)={{{@in6, @in6=@mcast2, 0x1, 0x6, 0x4e23, 0x81, 0x0, 0x80, 0x80, 0xbf, 0x0, r3}, {0x4, 0xffffffffffffd786, 0x9, 0xffffffffffffffff, 0xe580000, 0x400, 0x3, 0x4}, {0x0, 0x100000001, 0x9, 0x2}, 0x0, 0x6e6bb4, 0x1, 0x0, 0x743a35633b7eee2b, 0x2}, {{@in=@multicast1, 0x4d6}, 0x0, @in=@multicast1, 0x3507, 0x0, 0x3, 0x6, 0x3, 0x0, 0xf35}}, 0xe8)
ioctl$VT_RELDISP(r1, 0x5605)
io_submit(0x0, 0xd8, &(0x7f0000000200)=[&(0x7f0000000f80)={0x0, 0x0, 0x0, 0x7, 0x0, r0, &(0x7f0000000d40)}])
syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x0, 0x0)
getuid()
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000400)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f0000000480)={0x5, 0x10, 0xfa00, {&(0x7f00000007c0), r4, 0x3}}, 0x18)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000500)={0x5c, 0x8, 0x4, 0x400, {0x77359400}, {0x5, 0x8, 0xc40, 0x3, 0x100, 0x7, "5229fbf8"}, 0x1, 0x3, @offset=0x80, 0x4})
pipe(0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
select(0x40, &(0x7f0000000000)={0x2ff, 0x0, 0x200, 0x8, 0x2, 0x20, 0x8}, &(0x7f0000000080)={0x7fff, 0x7fffffff, 0x8, 0xf83c, 0x2, 0x1, 0xfffffffffffffff8, 0x20}, &(0x7f00000004c0)={0x3c5c4da3, 0x7, 0x6, 0x80000000, 0xfffffffffffffffe, 0x3f, 0x7}, &(0x7f0000000640))
r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sysinfo(&(0x7f0000000d80)=""/201)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r7, 0xc008ae88, &(0x7f00000000c0)={0x2, 0x0, [0x8b]})
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0xa500000000000000, 0x3f00000000000000, 0x0, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x2000000})
shutdown(0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f00000003c0)=0x100000000)
ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000100)={@local, @empty, @loopback, 0x3})
ioctl$DRM_IOCTL_GET_MAP(r0, 0xc0286404, &(0x7f0000000280)={0x0, 0x40, 0x0, 0x8, &(0x7f0000ffa000/0x3000)=nil, 0x8})
ioctl$ASHMEM_GET_NAME(0xffffffffffffffff, 0x81007702, &(0x7f0000000580)=""/187)
r8 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x3, 0x0)
getpgrp(0x0)
fcntl$dupfd(r8, 0x406, r6)

14:12:11 executing program 3:
r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x80, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000014c0)={'ip6g2e0\x00', 0x2000006})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$vcsn(0x0, 0x0, 0x10000)
ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000001500)=0x84f)
r2 = syz_open_dev$usb(0x0, 0x401, 0x0)
ioctl$KVM_GET_DEBUGREGS(r2, 0x8080aea1, &(0x7f0000000300))
getsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec={0x1100000000000000, 0x1100, 0xaa, 0x80fe}, 0x80, &(0x7f0000003800)=[{&(0x7f00000018c0)="f4001100002b2c25e994efd18498d66205baa68754a3000000000200000000000000000000ffffff8400000000000000c00195c1e2d4f32ebd", 0x39}], 0x1}, 0x0)
r3 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2)
ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f0000000100)=""/29)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000580)={0x0, 0x0, 0x21, 0x8}, 0x10)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000540)={0x0, 0x4}, 0x8)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f00000002c0)={0x200000000001})
close(0xffffffffffffffff)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000580)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x5, 0x0, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000001600)={0x0, 0x0, 0x10}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000280)={0x2, 0x4e20, @broadcast}, 0x10)
ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000001540))
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000380))

[  231.747740] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  232.098115] binder: 7795:7796 ioctl c0306201 0 returned -14
14:12:12 executing program 5:
setrlimit(0x8, &(0x7f00000a3ff0))
mlockall(0x2)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x200000, 0x0)
fstat(r0, &(0x7f0000000080))
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x20000, 0x0)
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)
setsockopt$inet_dccp_int(r1, 0x21, 0x11, &(0x7f0000000100)=0x1, 0x4)

[  232.403515] ==================================================================
[  232.411079] BUG: KASAN: use-after-free in tipc_group_bc_cong+0x327/0x3f0
[  232.417936] Read of size 2 at addr ffff8881cd579274 by task syz-executor2/7782
[  232.425298] 
[  232.426950] CPU: 0 PID: 7782 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #375
[  232.434250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  232.434264] Call Trace:
[  232.434291]  dump_stack+0x244/0x39d
[  232.434316]  ? dump_stack_print_info.cold.1+0x20/0x20
[  232.434332]  ? printk+0xa7/0xcf
[  232.434350]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  232.434367]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[  232.434396]  print_address_description.cold.7+0x9/0x1ff
[  232.463191]  kasan_report.cold.8+0x242/0x309
[  232.463214]  ? tipc_group_bc_cong+0x327/0x3f0
[  232.463232]  __asan_report_load2_noabort+0x14/0x20
[  232.463256]  tipc_group_bc_cong+0x327/0x3f0
[  232.463272]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  232.463289]  ? tipc_group_cong+0x5d0/0x5d0
[  232.463307]  ? remove_wait_queue+0x1a6/0x360
[  232.463327]  ? add_wait_queue+0x2b0/0x2b0
[  232.463349]  ? __local_bh_enable_ip+0x160/0x260
[  232.463372]  tipc_send_group_bcast+0x50a/0xd90
[  232.478272]  ? tipc_sk_sock_err.isra.61+0x2f0/0x2f0
[  232.478301]  ? __init_waitqueue_head+0x150/0x150
[  232.497275]  ? refill_pi_state_cache.part.8+0x310/0x310
[  232.497309]  ? mark_held_locks+0x130/0x130
[  232.497322]  ? futex_wait_setup+0x266/0x3e0
[  232.497346]  ? futex_wake+0x760/0x760
[  232.497366]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  232.497386]  __tipc_sendmsg+0xeec/0x1d40
[  232.556093]  ? futex_wait+0x5ec/0xa50
[  232.559915]  ? tipc_sendmcast+0xf50/0xf50
[  232.564075]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  232.569278]  ? zap_class+0x640/0x640
[  232.573002]  ? print_usage_bug+0xc0/0xc0
[  232.577082]  ? find_held_lock+0x36/0x1c0
[  232.581168]  ? mark_held_locks+0xc7/0x130
[  232.585329]  ? __local_bh_enable_ip+0x160/0x260
[  232.590002]  ? __local_bh_enable_ip+0x160/0x260
[  232.594696]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  232.599290]  ? trace_hardirqs_on+0xbd/0x310
[  232.603621]  ? lock_release+0xa00/0xa00
[  232.607596]  ? lock_sock_nested+0xe2/0x120
[  232.611836]  ? trace_hardirqs_off_caller+0x310/0x310
[  232.616951]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  232.622499]  ? check_preemption_disabled+0x48/0x280
[  232.627521]  ? lock_sock_nested+0x9a/0x120
[  232.631760]  ? lock_sock_nested+0x9a/0x120
[  232.636017]  ? __local_bh_enable_ip+0x160/0x260
[  232.640705]  tipc_sendmsg+0x50/0x70
[  232.644342]  ? __tipc_sendmsg+0x1d40/0x1d40
[  232.648672]  sock_sendmsg+0xd5/0x120
[  232.652393]  ___sys_sendmsg+0x7fd/0x930
[  232.656370]  ? __local_bh_enable_ip+0x160/0x260
[  232.661050]  ? copy_msghdr_from_user+0x580/0x580
[  232.665810]  ? _raw_spin_unlock_bh+0x30/0x40
[  232.670240]  ? __fget_light+0x2e9/0x430
[  232.674221]  ? fget_raw+0x20/0x20
[  232.677678]  ? __might_fault+0x12b/0x1e0
[  232.681750]  ? lock_downgrade+0x900/0x900
[  232.685911]  ? lock_release+0xa00/0xa00
[  232.689891]  ? perf_trace_sched_process_exec+0x860/0x860
[  232.695349]  ? posix_ktime_get_ts+0x15/0x20
[  232.699681]  ? trace_hardirqs_off_caller+0x310/0x310
[  232.704792]  ? tipc_setsockopt+0x726/0xd70
[  232.709040]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  232.714586]  ? sockfd_lookup_light+0xc5/0x160
[  232.719093]  __sys_sendmsg+0x11d/0x280
[  232.722988]  ? __ia32_sys_shutdown+0x80/0x80
[  232.727403]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  232.732945]  ? put_timespec64+0x10f/0x1b0
[  232.737108]  ? do_syscall_64+0x9a/0x820
[  232.741096]  ? do_syscall_64+0x9a/0x820
[  232.745084]  ? trace_hardirqs_off_caller+0x310/0x310
[  232.750214]  __x64_sys_sendmsg+0x78/0xb0
[  232.754288]  do_syscall_64+0x1b9/0x820
[  232.758195]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  232.763565]  ? syscall_return_slowpath+0x5e0/0x5e0
[  232.768501]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  232.773355]  ? trace_hardirqs_on_caller+0x310/0x310
[  232.778381]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  232.783407]  ? prepare_exit_to_usermode+0x291/0x3b0
[  232.788433]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  232.793300]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  232.798494] RIP: 0033:0x457669
[  232.801697] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  232.820606] RSP: 002b:00007fce52e5cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  232.828325] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669
[  232.835602] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  232.842877] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  232.850171] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce52e5d6d4
[  232.857446] R13: 00000000004c44bd R14: 00000000004d74a8 R15: 00000000ffffffff
[  232.864738] 
[  232.866366] Allocated by task 7782:
[  232.870486]  save_stack+0x43/0xd0
[  232.873947]  kasan_kmalloc+0xc7/0xe0
[  232.877669]  kmem_cache_alloc_trace+0x152/0x750
[  232.882347]  tipc_group_create+0x152/0xa70
[  232.886588]  tipc_setsockopt+0x2d1/0xd70
[  232.890656]  __sys_setsockopt+0x1ba/0x3c0
[  232.894812]  __x64_sys_setsockopt+0xbe/0x150
[  232.899226]  do_syscall_64+0x1b9/0x820
[  232.903115]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  232.908311] 
[  232.909935] Freed by task 7790:
[  232.913220]  save_stack+0x43/0xd0
[  232.916687]  __kasan_slab_free+0x102/0x150
[  232.920928]  kasan_slab_free+0xe/0x10
[  232.924732]  kfree+0xcf/0x230
[  232.927839]  tipc_group_delete+0x2e4/0x3f0
[  232.932075]  tipc_sk_leave+0x113/0x220
[  232.935961]  tipc_setsockopt+0x97d/0xd70
[  232.940022]  __sys_setsockopt+0x1ba/0x3c0
[  232.944190]  __x64_sys_setsockopt+0xbe/0x150
[  232.948609]  do_syscall_64+0x1b9/0x820
[  232.952501]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  232.957679] 
[  232.959323] The buggy address belongs to the object at ffff8881cd579200
[  232.959323]  which belongs to the cache kmalloc-192 of size 192
[  232.971988] The buggy address is located 116 bytes inside of
[  232.971988]  192-byte region [ffff8881cd579200, ffff8881cd5792c0)
[  232.983870] The buggy address belongs to the page:
[  232.988810] page:ffffea0007355e40 count:1 mapcount:0 mapping:ffff8881da800040 index:0x0
[  232.996956] flags: 0x2fffc0000000200(slab)
[  233.001229] raw: 02fffc0000000200 ffffea000735b008 ffffea000734d488 ffff8881da800040
[  233.009120] raw: 0000000000000000 ffff8881cd579000 0000000100000010 0000000000000000
[  233.017016] page dumped because: kasan: bad access detected
[  233.022725] 
[  233.024346] Memory state around the buggy address:
[  233.029279]  ffff8881cd579100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  233.036647]  ffff8881cd579180: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  233.044025] >ffff8881cd579200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
14:12:12 executing program 1:
r0 = syz_open_dev$mice(0x0, 0x0, 0x101080)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa00000400, 0x0, 0x8000010004}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f000000a000))
arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000080))
write$P9_RSYMLINK(r1, &(0x7f0000000100)={0x14, 0x11, 0x2, {0x10}}, 0x14)
pselect6(0x0, 0x0, &(0x7f00000001c0)={0xfffffffffffffffc, 0x1, 0x5, 0xf0c, 0xffff, 0x95, 0x0, 0x7fff}, 0x0, &(0x7f0000000240)={0x77359400}, &(0x7f0000000300)={&(0x7f0000000280)={0x2}, 0x8})
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
r2 = openat$zero(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000040)={0x0, 0x3910, 0x301b, 0x0, 0x3, 0x3, 0xfffb})
ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000480), &(0x7f00000004c0)=0xc)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000200)={{&(0x7f00009fe000/0x600000)=nil, 0x600000}, 0x1})
fstat(r0, &(0x7f0000000500))
ioctl$KDSETKEYCODE(r2, 0x4b4d, &(0x7f0000000000)={0x2, 0xb})

[  233.051392]                                                              ^
[  233.058419]  ffff8881cd579280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  233.065789]  ffff8881cd579300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  233.073157] ==================================================================
[  233.080526] Disabling lock debugging due to kernel taint
[  233.096908] ------------[ cut here ]------------
[  233.101695] downgrading a read lock
14:12:12 executing program 5:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xffffffffffffffc1, 0x2)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vga_arbiter\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000500)={0x0, <r2=>r1, 0x0, 0x3, &(0x7f0000000480)='!!\x00'}, 0x30)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540)={<r3=>0x0}, &(0x7f00000005c0)=0xc)
sched_setaffinity(r3, 0x8, &(0x7f0000000140)=0x5)
r4 = dup2(r2, r0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getresgid(&(0x7f0000000240), &(0x7f00000002c0), &(0x7f0000000300))
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000100)='./file0\x00', 0x0, 0x8}, 0x10)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
mount(&(0x7f00000003c0)=@nbd={'\ndev/nbd', 0xffffffffffffffff, 0x7000000ffff2300}, &(0x7f0000000400)='./file0\x00', &(0x7f0000000000)='9p\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f00000004c0)=ANY=[@ANYBLOB="035f9399595886797f357d00000000000000000000000000000000"])
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0x3f, 0x80000001, 0x0, 0x5, 0x2, 0xfffffffffffffffe, 0x9, 0x48, 0x3, 0x401, 0x2}, 0xb)
syz_genetlink_get_family_id$team(&(0x7f0000000200)='team\x00')
accept4$packet(r1, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000440)=0x14, 0x800)
sendmsg$TEAM_CMD_PORT_LIST_GET(r4, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x0)

[  233.101805] WARNING: CPU: 0 PID: 7814 at kernel/locking/lockdep.c:3556 lock_downgrade+0x4d7/0x900
[  233.105875] binder: 7795:7805 ioctl c0306201 0 returned -14
[  233.114429] Kernel panic - not syncing: panic_on_warn set ...
[  233.114445] CPU: 0 PID: 7814 Comm: modprobe Tainted: G    B             4.20.0-rc7+ #375
[  233.114452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  233.114456] Call Trace:
[  233.114478]  dump_stack+0x244/0x39d
[  233.114494]  ? dump_stack_print_info.cold.1+0x20/0x20
[  233.114512]  panic+0x2ad/0x55c
[  233.114527]  ? add_taint.cold.5+0x16/0x16
[  233.114542]  ? __warn.cold.8+0x5/0x45
[  233.114555]  ? __warn+0xe8/0x1d0
[  233.114571]  ? lock_downgrade+0x4d7/0x900
[  233.114591]  __warn.cold.8+0x20/0x45
[  233.152792] kobject: '��' (00000000dd717ebf): kobject_uevent_env
[  233.155174]  ? lock_downgrade+0x4d7/0x900
[  233.158381] kobject: '��' (00000000dd717ebf): fill_kobj_path: path = '/devices/virtual/net/��'
[  233.162510]  report_bug+0x254/0x2d0
[  233.162529]  do_error_trap+0x11b/0x200
[  233.162542]  do_invalid_op+0x36/0x40
[  233.162555]  ? lock_downgrade+0x4d7/0x900
[  233.162567]  invalid_op+0x14/0x20
[  233.162585] RIP: 0010:lock_downgrade+0x4d7/0x900
[  233.162605] Code: 00 00 fc ff df 41 c6 44 05 00 f8 e9 1b ff ff ff 48 c7 c7 a0 6d 2b 88 4c 89 9d 58 ff ff ff 48 89 85 60 ff ff ff e8 69 1f e7 ff <0f> 0b 48 8b 85 60 ff ff ff 4c 8d 4d d8 4c 89 e9 48 ba 00 00 00 00
[  233.166802] kasan: CONFIG_KASAN_INLINE enabled
[  233.169741] RSP: 0018:ffff8881817f7b70 EFLAGS: 00010086
[  233.169752] RAX: 0000000000000000 RBX: 1ffff110302fef74 RCX: 0000000000000000
[  233.169760] RDX: 0000000000000000 RSI: ffffffff8165e495 RDI: 0000000000000006
[  233.169775] RBP: ffff8881817f7c28 R08: ffff8881819d86c0 R09: fffffbfff12b2314
[  233.186635] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  233.187875] R10: fffffbfff12b2314 R11: ffffffff895918a3 R12: ffffffff8b0f97e0
[  233.187884] R13: ffff8881817f7bc0 R14: 0000000000000001 R15: ffff8881819d86c0
[  233.187908]  ? vprintk_func+0x85/0x181
[  233.187930]  ? __do_munmap+0xcd8/0xf80
[  233.204028] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  233.204188]  ? lock_set_class+0x770/0x770
[  233.207887] CPU: 1 PID: 7782 Comm: syz-executor2 Tainted: G    B             4.20.0-rc7+ #375
[  233.212021]  ? perf_trace_sched_process_exec+0x860/0x860
[  233.215462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  233.220210]  downgrade_write+0x76/0x270
[  233.239115] RIP: 0010:tipc_group_update_bc_members+0x38/0x1f0
[  233.243684]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  233.243703]  ? up_read+0x2c0/0x2c0
[  233.249060] Code: 54 53 48 83 ec 18 89 55 c4 89 75 d0 e8 31 c8 db f9 49 8d 4e 72 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 4d c8 48 c1 ea 03 <0f> b6 14 02 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 76
[  233.256329]  ? vma_compute_subtree_gap+0x160/0x240
[  233.263578] RSP: 0018:ffff888183a6f370 EFLAGS: 00010202
[  233.270854]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  233.278196] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000072
[  233.285477]  __do_munmap+0xcd8/0xf80
[  233.292730] RDX: 000000000000000e RSI: ffffffff87a3bc3f RDI: 0000000000000000
[  233.296613]  __vm_munmap+0x138/0x1f0
[  233.300472] RBP: ffff888183a6f3b0 R08: ffff888183a66480 R09: 0000000038deb8e8
[  233.306707]  ? __do_munmap+0xf80/0xf80
[  233.310826] R10: 000000000cd2367c R11: ffff888183a66480 R12: ffff888183a6f618
[  233.319484]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  233.324908] R13: ffff8881d4882adc R14: 0000000000000000 R15: 0000000000000000
[  233.334281]  ? trace_hardirqs_off_caller+0x310/0x310
[  233.338232] FS:  00007fce52e5d700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
[  233.344107]  __x64_sys_munmap+0x65/0x80
[  233.349620] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  233.353159]  do_syscall_64+0x1b9/0x820
[  233.372046] CR2: 0000000000a3fd98 CR3: 00000001bbd41000 CR4: 00000000001406e0
[  233.376977]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  233.382314] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  233.387325]  ? syscall_return_slowpath+0x5e0/0x5e0
[  233.394572] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  233.398282]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  233.405528] Call Trace:
[  233.409238]  ? trace_hardirqs_on_caller+0x310/0x310
[  233.416517]  tipc_send_group_bcast+0xa71/0xd90
[  233.420387]  ? prepare_exit_to_usermode+0x291/0x3b0
[  233.427650]  ? tipc_sk_sock_err.isra.61+0x2f0/0x2f0
[  233.432993]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  233.440255]  ? __init_waitqueue_head+0x150/0x150
[  233.445339]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  233.453549]  ? refill_pi_state_cache.part.8+0x310/0x310
[  233.457508] RIP: 0033:0x7f7998b22417
[  233.463382]  ? mark_held_locks+0x130/0x130
[  233.467242] Code: f0 ff ff 73 01 c3 48 8d 0d 8a ad 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 5d ad 20 00 31 d2 48 29 c2 89
[  233.474502]  ? futex_wait_setup+0x266/0x3e0
[  233.479840] RSP: 002b:00007ffdc1dfd528 EFLAGS: 00000203 ORIG_RAX: 000000000000000b
[  233.487119]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  233.492017] RAX: ffffffffffffffda RBX: 00007f7998d2d1c8 RCX: 00007f7998b22417
[  233.499283]  __tipc_sendmsg+0xeec/0x1d40
[  233.504100] RDX: 00000000000c8c00 RSI: 00000000000033ef RDI: 00007f7998d25000
[  233.506679]  ? futex_wait+0x5ec/0xa50
[  233.511674] RBP: 00007ffdc1dfd690 R08: 0000000000000001 R09: 0000000000000007
[  233.511688] R10: 00007f7998b1ca0b R11: 0000000000000203 R12: 0000000051b9cb56
[  233.516268]  ? tipc_sendmcast+0xf50/0xf50
[  233.521257] R13: 0000007f51b9cb56 R14: 0000007f51aeda57 R15: 00007f7998d23700
[  233.526277]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  233.643792]  ? zap_class+0x640/0x640
[  233.647513]  ? print_usage_bug+0xc0/0xc0
[  233.651600]  ? find_held_lock+0x36/0x1c0
[  233.655672]  ? mark_held_locks+0xc7/0x130
[  233.659822]  ? __local_bh_enable_ip+0x160/0x260
[  233.664501]  ? __local_bh_enable_ip+0x160/0x260
[  233.669178]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[  233.673763]  ? trace_hardirqs_on+0xbd/0x310
[  233.678083]  ? lock_release+0xa00/0xa00
[  233.682062]  ? lock_sock_nested+0xe2/0x120
[  233.686304]  ? trace_hardirqs_off_caller+0x310/0x310
[  233.691415]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  233.696955]  ? check_preemption_disabled+0x48/0x280
[  233.701980]  ? lock_sock_nested+0x9a/0x120
[  233.706227]  ? lock_sock_nested+0x9a/0x120
[  233.710467]  ? __local_bh_enable_ip+0x160/0x260
[  233.715140]  tipc_sendmsg+0x50/0x70
[  233.718796]  ? __tipc_sendmsg+0x1d40/0x1d40
[  233.723125]  sock_sendmsg+0xd5/0x120
[  233.726853]  ___sys_sendmsg+0x7fd/0x930
[  233.730829]  ? __local_bh_enable_ip+0x160/0x260
[  233.735503]  ? copy_msghdr_from_user+0x580/0x580
[  233.740261]  ? _raw_spin_unlock_bh+0x30/0x40
[  233.744692]  ? __fget_light+0x2e9/0x430
[  233.748674]  ? fget_raw+0x20/0x20
[  233.752131]  ? __might_fault+0x12b/0x1e0
[  233.756202]  ? lock_downgrade+0x900/0x900
[  233.760353]  ? lock_release+0xa00/0xa00
[  233.764331]  ? perf_trace_sched_process_exec+0x860/0x860
[  233.769781]  ? posix_ktime_get_ts+0x15/0x20
[  233.774107]  ? trace_hardirqs_off_caller+0x310/0x310
[  233.779244]  ? tipc_setsockopt+0x726/0xd70
[  233.783495]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  233.789035]  ? sockfd_lookup_light+0xc5/0x160
[  233.793533]  __sys_sendmsg+0x11d/0x280
[  233.797427]  ? __ia32_sys_shutdown+0x80/0x80
[  233.801851]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  233.807404]  ? put_timespec64+0x10f/0x1b0
[  233.811557]  ? do_syscall_64+0x9a/0x820
[  233.815531]  ? do_syscall_64+0x9a/0x820
[  233.819511]  ? trace_hardirqs_off_caller+0x310/0x310
[  233.824624]  __x64_sys_sendmsg+0x78/0xb0
[  233.828707]  do_syscall_64+0x1b9/0x820
[  233.832601]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  233.837973]  ? syscall_return_slowpath+0x5e0/0x5e0
[  233.842908]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  233.847769]  ? trace_hardirqs_on_caller+0x310/0x310
[  233.852790]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  233.857821]  ? prepare_exit_to_usermode+0x291/0x3b0
[  233.862852]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  233.867707]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  233.872896] RIP: 0033:0x457669
[  233.876094] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  233.895018] RSP: 002b:00007fce52e5cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  233.902728] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669
[  233.909998] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  233.917267] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  233.924534] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce52e5d6d4
[  233.931815] R13: 00000000004c44bd R14: 00000000004d74a8 R15: 00000000ffffffff
[  233.939093] Modules linked in:
[  233.943327] Kernel Offset: disabled
[  233.946951] Rebooting in 86400 seconds..