[ 52.060813] audit: type=1800 audit(1545313791.102:26): pid=6335 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 53.664784] kauditd_printk_skb: 2 callbacks suppressed [ 53.664814] audit: type=1800 audit(1545313792.712:29): pid=6335 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 53.689612] audit: type=1800 audit(1545313792.722:30): pid=6335 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts. 2018/12/20 13:50:06 fuzzer started 2018/12/20 13:50:11 dialing manager at 10.128.0.26:46613 2018/12/20 13:50:11 syscalls: 1 2018/12/20 13:50:11 code coverage: enabled 2018/12/20 13:50:11 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/20 13:50:11 setuid sandbox: enabled 2018/12/20 13:50:11 namespace sandbox: enabled 2018/12/20 13:50:11 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/20 13:50:11 fault injection: enabled 2018/12/20 13:50:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/20 13:50:11 net packet injection: enabled 2018/12/20 13:50:11 net device setup: enabled 13:50:19 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) syzkaller login: [ 80.651899] IPVS: ftp: loaded support on port[0] = 21 [ 82.013452] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.020029] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.028356] device bridge_slave_0 entered promiscuous mode [ 82.111741] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.118304] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.126928] device bridge_slave_1 entered promiscuous mode [ 82.208443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 82.287811] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 82.535444] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 82.619882] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 82.704867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 82.712032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 82.796958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 82.803969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 83.055224] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 83.063831] team0: Port device team_slave_0 added [ 83.143837] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 83.153096] team0: Port device team_slave_1 added [ 83.235960] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.325244] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.410673] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 83.418337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.427695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.514192] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 83.521800] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.531247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 13:50:23 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) [ 84.534587] IPVS: ftp: loaded support on port[0] = 21 [ 84.713945] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.720559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.727793] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.734400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.743769] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 84.750266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 85.666020] ip (6622) used greatest stack depth: 53888 bytes left [ 86.898365] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.905041] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.913301] device bridge_slave_0 entered promiscuous mode [ 87.098820] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.105491] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.113753] device bridge_slave_1 entered promiscuous mode [ 87.259839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.390167] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.842756] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.933426] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 88.583713] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.592450] team0: Port device team_slave_0 added [ 88.729748] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.738481] team0: Port device team_slave_1 added [ 88.833708] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 13:50:28 executing program 2: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f0000000000)={0x0, 0x9, 0x0, "e5f9fe8eb2df5e42090cca28e845b2eabd7ce740a1468fe351a06e3de92acc3c"}) [ 88.954599] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.136563] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.144269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.153489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.335307] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.342912] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.352160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.495945] IPVS: ftp: loaded support on port[0] = 21 [ 91.087875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.229772] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.236395] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.243569] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.250110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.259325] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 91.265911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.765471] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 92.091917] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.098463] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.106913] device bridge_slave_0 entered promiscuous mode [ 92.292563] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.299120] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.307371] device bridge_slave_1 entered promiscuous mode [ 92.335284] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 92.341584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 92.350181] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.540112] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 92.718865] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.033818] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.162797] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.312547] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.468209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 93.475281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 93.651497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 93.658648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.175548] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 94.184294] team0: Port device team_slave_0 added [ 94.361545] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 94.370313] team0: Port device team_slave_1 added [ 94.565672] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 94.572751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.581685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.703853] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 94.710876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.719979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.835661] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 94.843482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.852624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 95.057938] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 95.065654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 95.075016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 13:50:35 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) 13:50:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) [ 96.919974] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.926604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.933825] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.940398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.949504] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 96.956029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 13:50:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) 13:50:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) 13:50:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x10}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48) 13:50:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) 13:50:36 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) 13:50:37 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r1, 0x9) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x0) ioctl(r0, 0x40084146, &(0x7f0000001f64)) 13:50:37 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r1, 0x9) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x0) ioctl(r0, 0x40084146, &(0x7f0000001f64)) [ 98.226787] IPVS: ftp: loaded support on port[0] = 21 [ 98.389331] 8021q: adding VLAN 0 to HW filter on device bond0 13:50:37 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r1, 0x9) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x0) ioctl(r0, 0x40084146, &(0x7f0000001f64)) [ 99.160152] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.788816] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 99.795186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 99.803041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.478620] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.064640] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.071172] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.079462] device bridge_slave_0 entered promiscuous mode [ 101.236408] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.243112] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.251385] device bridge_slave_1 entered promiscuous mode [ 101.430705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 101.619893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 102.184096] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 102.365035] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 102.489954] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 102.499188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 103.129997] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 103.138605] team0: Port device team_slave_0 added [ 103.294035] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 103.303272] team0: Port device team_slave_1 added [ 103.510148] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 103.519194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 103.528274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 103.700348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 103.870784] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 103.878512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.887744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.914250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.084178] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 104.091987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 104.100968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 104.669404] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 13:50:44 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) [ 105.380787] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 105.389051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 105.396995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 105.895310] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.901968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.909088] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.915674] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.924920] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 105.965821] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.392278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 13:50:48 executing program 2: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f0000000000)={0x0, 0x9, 0x0, "e5f9fe8eb2df5e42090cca28e845b2eabd7ce740a1468fe351a06e3de92acc3c"}) 13:50:48 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r1, 0x9) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x0) ioctl(r0, 0x40084146, &(0x7f0000001f64)) 13:50:48 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) 13:50:48 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) 13:50:48 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) [ 109.967066] IPVS: ftp: loaded support on port[0] = 21 [ 111.358993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.661969] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 111.888434] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.895067] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.903221] device bridge_slave_0 entered promiscuous mode [ 111.983910] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.990427] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.998650] device bridge_slave_1 entered promiscuous mode [ 112.012906] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 112.019171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 112.027160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 112.075011] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 112.151309] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 112.326249] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.392373] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 112.476594] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 112.560817] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 112.567890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 112.651272] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 112.658336] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 112.914764] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 112.923516] team0: Port device team_slave_0 added [ 113.011384] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 113.020133] team0: Port device team_slave_1 added [ 113.100780] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 113.188883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 113.271223] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 113.278879] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 113.288159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 113.360074] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 113.367699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 113.376925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 114.256881] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.263424] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.270272] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.276879] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.286797] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 13:50:53 executing program 2: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f0000000000)={0x0, 0x9, 0x0, "e5f9fe8eb2df5e42090cca28e845b2eabd7ce740a1468fe351a06e3de92acc3c"}) 13:50:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x10}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48) 13:50:53 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) 13:50:53 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) 13:50:53 executing program 5: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r1, 0x9) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x0) ioctl(r0, 0x40084146, &(0x7f0000001f64)) [ 114.512070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 13:50:53 executing program 2: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f0000000000)={0x0, 0x9, 0x0, "e5f9fe8eb2df5e42090cca28e845b2eabd7ce740a1468fe351a06e3de92acc3c"}) 13:50:53 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r1, 0x9) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x0) ioctl(r0, 0x40084146, &(0x7f0000001f64)) 13:50:53 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) 13:50:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x10}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48) 13:50:53 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000110007031dfffd946fa28300070002d414000000001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) [ 115.265978] IPVS: ftp: loaded support on port[0] = 21 [ 116.612830] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.619381] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.628069] device bridge_slave_0 entered promiscuous mode [ 116.718377] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.724966] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.733313] device bridge_slave_1 entered promiscuous mode [ 116.813172] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 116.891396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 117.139848] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 117.225471] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 117.304555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 117.311539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 117.390693] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 117.397726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 117.659727] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 117.668361] team0: Port device team_slave_0 added [ 117.747297] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 117.755974] team0: Port device team_slave_1 added [ 117.842030] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 117.927191] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 118.008635] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 118.016340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 118.025890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 118.114617] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 118.122047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 118.131121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 118.295345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.617375] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 118.931011] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 118.937948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 118.946047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.103215] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.109831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.117010] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.123610] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.132813] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 119.245758] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.262308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 13:51:00 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) 13:51:00 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r1, 0x9) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x0) ioctl(r0, 0x40084146, &(0x7f0000001f64)) 13:51:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x10}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48) 13:51:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = memfd_create(&(0x7f0000000040)='\x0f\xc5\xd4\xe1?\xd1D\xbb\xf9\xda\xf6p\xef/\xf4,%\x03\xdfv\xb6\xa5\xa8\x12+@\x16K\xa8\x1cx\x12\x00\x00\x00\x00\xcd_\xafk\xa8!t\x17\xe6\x9e\xb7VoX\x1bu\x80\xbe \xc8v\xcb\x0f\xd1\a\xb0m', 0x0) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xf, 0x13, r3, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000380)={[{}, {}, {0x0, 0x0, 0xfffffffffffffffb}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:51:00 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000110007031dfffd946fa28300070002d414000000001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) [ 121.394317] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 13:51:00 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000110007031dfffd946fa28300070002d414000000001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) [ 122.409158] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.584914] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 122.756071] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 122.762449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 122.770054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 122.941455] 8021q: adding VLAN 0 to HW filter on device team0 13:51:03 executing program 5: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r1, 0x9) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x0) ioctl(r0, 0x40084146, &(0x7f0000001f64)) 13:51:03 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xdau\xaf\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZ') getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f0000000200)=0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0c0583b, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}) 13:51:03 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000004fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0) ftruncate(r1, 0x9) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2, 0x13, r2, 0x0) ioctl(r0, 0x40084146, &(0x7f0000001f64)) 13:51:03 executing program 3: r0 = socket$inet6(0xa, 0x803, 0xc2) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xc0109207, 0x20000000) 13:51:03 executing program 2: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000110007031dfffd946fa28300070002d414000000001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) 13:51:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = memfd_create(&(0x7f0000000040)='\x0f\xc5\xd4\xe1?\xd1D\xbb\xf9\xda\xf6p\xef/\xf4,%\x03\xdfv\xb6\xa5\xa8\x12+@\x16K\xa8\x1cx\x12\x00\x00\x00\x00\xcd_\xafk\xa8!t\x17\xe6\x9e\xb7VoX\x1bu\x80\xbe \xc8v\xcb\x0f\xd1\a\xb0m', 0x0) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xf, 0x13, r3, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000380)={[{}, {}, {0x0, 0x0, 0xfffffffffffffffb}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:51:03 executing program 3: r0 = socket$inet6(0xa, 0x803, 0xc2) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xc0109207, 0x20000000) 13:51:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = memfd_create(&(0x7f0000000040)='\x0f\xc5\xd4\xe1?\xd1D\xbb\xf9\xda\xf6p\xef/\xf4,%\x03\xdfv\xb6\xa5\xa8\x12+@\x16K\xa8\x1cx\x12\x00\x00\x00\x00\xcd_\xafk\xa8!t\x17\xe6\x9e\xb7VoX\x1bu\x80\xbe \xc8v\xcb\x0f\xd1\a\xb0m', 0x0) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xf, 0x13, r3, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000380)={[{}, {}, {0x0, 0x0, 0xfffffffffffffffb}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:51:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = memfd_create(&(0x7f0000000040)='\x0f\xc5\xd4\xe1?\xd1D\xbb\xf9\xda\xf6p\xef/\xf4,%\x03\xdfv\xb6\xa5\xa8\x12+@\x16K\xa8\x1cx\x12\x00\x00\x00\x00\xcd_\xafk\xa8!t\x17\xe6\x9e\xb7VoX\x1bu\x80\xbe \xc8v\xcb\x0f\xd1\a\xb0m', 0x0) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0xf, 0x13, r3, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000380)={[{}, {}, {0x0, 0x0, 0xfffffffffffffffb}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:51:03 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x3) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x800000100000001, 0x4) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x1db) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000100), 0x28) write$binfmt_elf64(r2, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0xfefa) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") 13:51:03 executing program 3: r0 = socket$inet6(0xa, 0x803, 0xc2) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xc0109207, 0x20000000) [ 124.454103] ================================================================== [ 124.461547] BUG: KMSAN: uninit-value in __siphash_aligned+0x512/0xae0 [ 124.468153] CPU: 1 PID: 8176 Comm: syz-executor4 Not tainted 4.20.0-rc7+ #8 [ 124.475273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.484639] Call Trace: [ 124.487266] dump_stack+0x173/0x1d0 [ 124.490942] kmsan_report+0x120/0x290 [ 124.494791] kmsan_internal_check_memory+0x9a7/0xa20 [ 124.499962] __msan_instrument_asm_load+0x8a/0x90 [ 124.504840] __siphash_aligned+0x512/0xae0 [ 124.509140] secure_ipv6_port_ephemeral+0x110/0x220 [ 124.514245] inet6_hash_connect+0x11f/0x1a0 [ 124.518608] tcp_v6_connect+0x20ba/0x2890 [ 124.522824] ? __msan_poison_alloca+0x1e0/0x270 [ 124.527544] ? tcp_v6_pre_connect+0x130/0x130 [ 124.532095] __inet_stream_connect+0x2f9/0x1340 [ 124.536915] inet_stream_connect+0x101/0x180 [ 124.541366] __sys_connect+0x664/0x820 [ 124.545296] ? __inet_stream_connect+0x1340/0x1340 13:51:03 executing program 3: r0 = socket$inet6(0xa, 0x803, 0xc2) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xc0109207, 0x20000000) [ 124.550277] ? prepare_exit_to_usermode+0x114/0x420 [ 124.555404] ? syscall_return_slowpath+0x50/0x650 [ 124.560326] __se_sys_connect+0x8d/0xb0 [ 124.564416] __x64_sys_connect+0x4a/0x70 [ 124.568547] do_syscall_64+0xbc/0xf0 [ 124.572299] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 124.577509] RIP: 0033:0x457669 [ 124.580725] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 124.600159] RSP: 002b:00007fa5db7dac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 124.607971] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 124.615337] RDX: 000000000000001c RSI: 0000000020000140 RDI: 0000000000000005 [ 124.622665] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 124.630516] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5db7db6d4 [ 124.637894] R13: 00000000004bdc27 R14: 00000000004cd678 R15: 00000000ffffffff [ 124.645291] [ 124.647002] Local variable description: ----combined@secure_ipv6_port_ephemeral [ 124.654487] Variable was created at: [ 124.658300] secure_ipv6_port_ephemeral+0x6a/0x220 [ 124.663320] inet6_hash_connect+0x11f/0x1a0 [ 124.667660] [ 124.669362] Bytes 2-7 of 8 are uninitialized [ 124.673829] Memory access of size 8 starts at ffff88815c3ef9f0 [ 124.679876] ================================================================== [ 124.687311] Disabling lock debugging due to kernel taint [ 124.692862] Kernel panic - not syncing: panic_on_warn set ... [ 124.698842] CPU: 1 PID: 8176 Comm: syz-executor4 Tainted: G B 4.20.0-rc7+ #8 [ 124.707383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.716824] Call Trace: [ 124.719499] dump_stack+0x173/0x1d0 [ 124.723173] panic+0x3ce/0x961 [ 124.726484] kmsan_report+0x285/0x290 [ 124.730333] kmsan_internal_check_memory+0x9a7/0xa20 [ 124.735634] __msan_instrument_asm_load+0x8a/0x90 [ 124.740611] __siphash_aligned+0x512/0xae0 [ 124.745024] secure_ipv6_port_ephemeral+0x110/0x220 [ 124.750233] inet6_hash_connect+0x11f/0x1a0 [ 124.754742] tcp_v6_connect+0x20ba/0x2890 [ 124.759107] ? __msan_poison_alloca+0x1e0/0x270 [ 124.763899] ? tcp_v6_pre_connect+0x130/0x130 [ 124.768441] __inet_stream_connect+0x2f9/0x1340 [ 124.773325] inet_stream_connect+0x101/0x180 [ 124.777825] __sys_connect+0x664/0x820 [ 124.781845] ? __inet_stream_connect+0x1340/0x1340 [ 124.786858] ? prepare_exit_to_usermode+0x114/0x420 [ 124.791997] ? syscall_return_slowpath+0x50/0x650 [ 124.796918] __se_sys_connect+0x8d/0xb0 [ 124.800963] __x64_sys_connect+0x4a/0x70 [ 124.805088] do_syscall_64+0xbc/0xf0 [ 124.808854] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 124.814065] RIP: 0033:0x457669 [ 124.817294] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 124.836247] RSP: 002b:00007fa5db7dac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 124.844199] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 124.851488] RDX: 000000000000001c RSI: 0000000020000140 RDI: 0000000000000005 [ 124.858796] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 124.866089] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5db7db6d4 [ 124.873388] R13: 00000000004bdc27 R14: 00000000004cd678 R15: 00000000ffffffff [ 124.881776] Kernel Offset: disabled [ 124.885406] Rebooting in 86400 seconds..