[....] Starting O[ 27.582179] random: sshd: uninitialized urandom read (32 bytes read) penBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.709806] random: sshd: uninitialized urandom read (32 bytes read) [ 41.044581] kauditd_printk_skb: 9 callbacks suppressed [ 41.044589] audit: type=1400 audit(1568671569.622:35): avc: denied { map } for pid=6731 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 41.093624] random: sshd: uninitialized urandom read (32 bytes read) [ 41.720000] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.188' (ECDSA) to the list of known hosts. [ 47.163247] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/16 22:06:15 fuzzer started [ 47.355487] audit: type=1400 audit(1568671575.932:36): avc: denied { map } for pid=6740 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.099123] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/16 22:06:17 dialing manager at 10.128.0.105:38157 2019/09/16 22:06:17 syscalls: 2466 2019/09/16 22:06:17 code coverage: enabled 2019/09/16 22:06:17 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/16 22:06:17 extra coverage: extra coverage is not supported by the kernel 2019/09/16 22:06:17 setuid sandbox: enabled 2019/09/16 22:06:17 namespace sandbox: enabled 2019/09/16 22:06:17 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/16 22:06:17 fault injection: enabled 2019/09/16 22:06:17 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/16 22:06:17 net packet injection: enabled 2019/09/16 22:06:17 net device setup: enabled [ 49.674995] random: crng init done 22:08:01 executing program 0: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x4, 0x301000) setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000040)=0xffffffff, 0x4) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f00000000c0)={0x0, @aes256}) getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000100), &(0x7f0000000140)=0x6) syz_open_dev$ndb(&(0x7f0000000180)='/dev/nbd#\x00', 0x0, 0x80) r2 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x6, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000200)=0x6, 0x4) ioctl$PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000240)=0xffffffffffffffe0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000280), 0x10) r4 = timerfd_create(0x5, 0x0) close(r4) r5 = syz_open_dev$amidi(&(0x7f00000002c0)='/dev/amidi#\x00', 0xaa4, 0x200802) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x1d) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000300)='/dev/mixer\x00', 0x440000, 0x0) ioctl$MON_IOCX_MFETCH(r6, 0xc0109207, &(0x7f0000000380)={&(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x7}) openat$ion(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ion\x00', 0x10400, 0x0) r7 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x80000000) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000400)=0x0) fcntl$setown(r7, 0x8, r8) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000004c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000480)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f0000000500)={0x1, 0x10, 0xfa00, {&(0x7f0000000440), r9}}, 0x18) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000540)={0x0, @in6={{0xa, 0x4e23, 0x3, @local, 0xe}}, 0x1, 0x61d, 0x7fffffff, 0x7, 0x2}, &(0x7f0000000600)=0x98) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000640)={r10, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x3, 0x2c, 0x1000, 0x0, 0x401}, &(0x7f0000000700)=0x98) setxattr$security_ima(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)='security.ima\x00', &(0x7f00000007c0)=@v1={0x2, "817827"}, 0x4, 0x2acaf94e24e9a194) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000800)='/dev/ubi_ctrl\x00', 0x202000, 0x0) r11 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000840)='/proc/capi/capi20ncci\x00', 0x973cd74042176866, 0x0) ioctl$IMADDTIMER(r11, 0x80044940, &(0x7f0000000880)=0x32) r12 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000008c0)='/selinux/checkreqprot\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000980)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000940)={0xffffffffffffffff}, 0x111, 0x4}}, 0x20) r14 = openat$audio(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/audio\x00', 0x225082, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r12, &(0x7f0000000a00)={0x12, 0x10, 0xfa00, {&(0x7f0000000900), r13, r14}}, 0x18) 22:08:01 executing program 3: socket$inet(0x2, 0x2, 0x80000001) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x20, 0x2) sendto$inet(r0, &(0x7f0000000040)="917bfe0d1fa756d961df8856f10987cd897b11810f1845137dcea4cf7e6354f9e2027b57d31c595ae787266fa07bfe01e933728776d1652cfbe7fc997bb46eadd194bc213d8c4c6a57c724f714aafee997e254c5a0c66925f30ee91e378c74573c21d9dc6df2151e7210276b64e2aa3d36e08db71ba17d09d9d83ddc1e42db6bb14cd5398428a35c5adb66799e7ce0a0e1", 0x91, 0x28000, &(0x7f0000000100)={0x2, 0x4e22, @local}, 0x10) r1 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x100000000, 0x4000) ioctl$TIOCLINUX6(r1, 0x541c, &(0x7f0000000180)={0x6, 0x400}) prctl$PR_SVE_GET_VL(0x33, 0x12723) socket$caif_seqpacket(0x25, 0x5, 0x5) mq_open(&(0x7f00000001c0)='(trustedbdev\x00', 0x843, 0x20, &(0x7f0000000200)={0x3, 0x3f, 0x3, 0x2, 0x3d19, 0x1, 0x6, 0x8}) clone(0x100000, &(0x7f0000000240)="aa071b49511a2f550ae8e5d88e06cbfe1197b1cad6248c123170e520d3f30a8118a306a5b1d191b44f3fb28bccaece87cf890f53e893912928e96703b33d35e98bb59282cc05bbe11998cfcea779a718550bd8e6890e27adc588d890f72b01b63d3ccbbac40dd079eb62246738d0dd0ad95940768748f0e5e59fe1e331586bdfbd9189bdf04ad7c39ac343eddf83c05db484aee80954f4f39669c792c9d155a816a457009f93c3c6b82b89177632571dcca494771648c023002a59271faaae5dc585c543", &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)="368a570904792c13348b2ac15fd175") r2 = syz_init_net_socket$ax25(0x3, 0xa00951a693bf6b3e, 0xce) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f0000000400)) ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000440)) pipe2(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$GIO_FONT(r3, 0x4b60, &(0x7f00000004c0)=""/115) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x20000, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000580)=0x8000, 0x4) syz_mount_image$bfs(&(0x7f00000005c0)='bfs\x00', &(0x7f0000000600)='./file0\x00', 0x80000000, 0x5, &(0x7f0000000a80)=[{&(0x7f0000000640)="58ac24de7faf154aaa97372cd09ed4f7968cedab372478d811dcdc63a41339402f7a8081e20468ee098b64ce8012b536f12ab52f9f16b9d009d9d0bc81ae2496ee058bde279b32f1ab788b59c9f2b677af8fbf00f5d51e8457290e699cb585ab0907d7404189164905e1f91124b3308dd9625ff0ab2cc2972eec1feae1ab0e37e6d06ba10e31c65980c3b2eb69fc4ae1cee6725298d0bb4985355892b66eeca85477d4ab0a", 0xa5}, {&(0x7f0000000700)="d5fad5fff98b2ad48ce5be225df0054e7044ac1b5e4eee1d7146956eea74855dcb8b78a458d7bd3e031a08c9bd717b023ecf196855fef088fbcf46ce760c0da90f9e5bc650b85f9d014f70d9b21af66bbf3a5639067e2b353d153dcb3f80a7b8c5b51ddf2c2a5f59306f9774d28b1670c8eec49506afe9d2f857578c67aea9ca2e86ca5c962f03fa468d0b84375aa593238bfb9a0e8030812eb0ae6a9ae0fe5ccfb31f0ab6c2f996603f3e38975c4a1d0d193268037b3d8d88c45e2ed740bca093c49fedafbd440c2acc3fa9ccd1e6b5f33d4c005b80db060900379a7db8fb4697a734e7c8defb6c574c6e921344d08265545f6f4807b7505c722afbc00c7d", 0xff, 0x7}, {&(0x7f0000000800)="cf3f8ac78bd88d9b8956c36fbd18ecd80feb3241696d0b6645fa4206ae73ad281f43c588eaed6f8908482384b702bccf0a145bd0be9d41d3b93b253ef9738f75a89ee5c1550b11eae249a91fd5e61e59bdd9ca1583fc047479c8e113afee7748e7a80d17bb64b19b061a198a53ce16317fb402da03fd3ac441bf5bbe6d3119f55a472672ca6c", 0x86, 0x2}, {&(0x7f00000008c0)="c24199a8b1d5c026eb6bcb308fe8eeb6e32477dd646ee26ef736f12c4ceec35977b6daa07945758ae8cfcf881bbbe210c8f4f02674b2009d6f0bb4a461b3cc05ce67303e271192bb483530a067c8a8743e2a11b07a1dc2d041734e747df5bc3d22ed53bd22078a3e190b9e9e9a741bcc0efe0708ac257bf78224ce751afffd4817d564c610c8a11191b987acad0af3fc96", 0x91}, {&(0x7f0000000980)="98592a5027a6503e944418c92d758ce26ab0227572446e6586e82e21a3e5171943d29a666faa12e74eea6320b2993491ff4990e9b8437f1ece71482e4abe8838e0ec0ac3e90d8e2e0d3d666659eea386a6d836f9d2a6912eaca6d46f83cf0aa3c16eb5c67f8f7527c22f097d56176c404178faa4d1e0713ee27ba037aa00459ad9056237efca3e28bd6250ad1b79acaeae77ddaaf2020ba285a21534d0e8ddea5c74e63f510a80771678ddc21fcc098d051db47fd3e87d299bfe6b2b84b41d16f3a3dac4c4f2c34282be5b92de2bcc2d6b2171aa443014c6", 0xd8, 0x7fffffff}], 0x904820, 0x0) setsockopt$inet6_dccp_buf(r5, 0x21, 0x49, &(0x7f0000000b00)="71e8ceda3806733f852179e31ff6af80a5dac7a4ddae8ea07e7e160f12d94f50e3df0cb8e073d4b9a3ab7a250d1e9ad2e6ac2801980aa78133618c28f54347320405f0bb01db365ca92be2d990f630e17f1c565e94", 0x55) ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000b80)={0x44}) syz_open_dev$sndpcmc(&(0x7f0000000c00)='/dev/snd/pcmC#D#c\x00', 0x80, 0x1) r6 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000c40)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r6, 0x5411, &(0x7f0000000c80)) r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000cc0)='/dev/snapshot\x00', 0x2, 0x0) mkdirat(r7, &(0x7f0000000d00)='./file0\x00', 0x100) r8 = openat$null(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/null\x00', 0x1a70a07728531aa3, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r8, 0x6, 0x16, &(0x7f0000000d80)=[@window={0x3, 0x1, 0xffffffff}, @sack_perm, @mss={0x2, 0xdc}], 0x3) getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000dc0)={'mangle\x00', 0xbf, "00c09ac3635c4ebe9907898c7dce85602f93ec2e91a5fe70778ec46f78bfafb047920ef2b583674321d6e46d52281341828398507f0e040705485f951f69c7d06f948b9002a4c5d267a40cfc255a30628cabb7fc2a944d1b1af693b2dcb5974ca3f90d9137a7c56ae2dc54cfb6d89bca6c4c8cb6c6a64780f0a0259813556f3c4b5565c14e6e975aab562e5046f3ff8a1eb8c4434018a553c48abce57d199d54cee26dd17a7ffc989bffa5d7d21a588b4198a86bc2e2141488cd0e84c9a46b"}, &(0x7f0000000ec0)=0xe3) r9 = syz_open_dev$vcsa(&(0x7f0000000f00)='/dev/vcsa#\x00', 0x31, 0x20001) ioctl$VIDIOC_ENUMSTD(r9, 0xc0485619, &(0x7f0000000f40)={0x1, 0x20, "ad49dae835350f3639e1998a283c55d2d7ef75a3b0d60688", {0x8a2, 0x1}, 0xff}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000f80)={'filter\x00', 0x4}, 0x68) 22:08:01 executing program 2: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) write$cgroup_type(r0, &(0x7f0000000040)='threaded\x00', 0x9) r1 = dup(r0) listen(r1, 0x5) setsockopt$rose(0xffffffffffffffff, 0x104, 0x7, &(0x7f0000000080)=0x3f, 0x4) socket$inet6(0xa, 0xd19e5f8f051ee45c, 0x5) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/enforce\x00', 0x400000, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000204}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r3, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x12}, 0x4) lseek(0xffffffffffffffff, 0x0, 0x3) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000240)=0x1) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000300)=""/28, 0x1c}, {&(0x7f0000000340)=""/19, 0x13}], 0x2, &(0x7f00000003c0)=""/11, 0xb}, 0x3b005cac5d965564) getsockopt$IP_VS_SO_GET_DAEMON(r4, 0x0, 0x487, &(0x7f0000000440), &(0x7f0000000480)=0x30) r5 = openat(r0, &(0x7f00000004c0)='./file0\x00', 0x22000, 0x8) openat$cgroup_subtree(r5, &(0x7f0000000500)='cgroup.subtree_control\x00', 0x2, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) r6 = socket(0x5, 0x1, 0x3443560) ioctl$IMHOLD_L1(r6, 0x80044948, &(0x7f0000000540)=0x4) r7 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000580)='/selinux/status\x00', 0x0, 0x0) getsockopt$inet_dccp_buf(r7, 0x21, 0xe, &(0x7f00000005c0)=""/127, &(0x7f0000000640)=0x7f) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000680)={&(0x7f0000ffc000/0x2000)=nil, 0x2000}, &(0x7f00000006c0)=0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000780)={0x0, @in6={{0xa, 0x4e21, 0x4, @mcast1, 0x7}}, 0x80, 0x200, 0x100000000, 0x1, 0x20}, &(0x7f0000000840)=0x98) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000880)={r8, 0x5}, 0x8) syz_open_dev$loop(&(0x7f00000008c0)='/dev/loop#\x00', 0x6, 0x14000) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) r9 = getpgrp(0xffffffffffffffff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000900)={0x0}, &(0x7f0000000940)=0xc) r11 = accept4(r5, &(0x7f0000000980)=@pppoe={0x18, 0x0, {0x0, @link_local}}, &(0x7f0000000a00)=0x80, 0x80000) kcmp$KCMP_EPOLL_TFD(r9, r10, 0x7, r1, &(0x7f0000000a40)={r0, r11, 0x6b}) getsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000a80)=""/211, &(0x7f0000000b80)=0xd3) 22:08:01 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.stat\x00', 0x0, 0x0) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000040)="f2d62bc6ff234f28cfb570e6559927d83a03cb3d8e3c83686209d1d3") r1 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000080)) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) capget(&(0x7f0000000100)={0x19980330, r2}, &(0x7f0000000140)={0x5, 0x1, 0x4, 0x56, 0x0, 0x401}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r3, &(0x7f0000000540)={&(0x7f0000000180), 0xc, &(0x7f0000000500)={&(0x7f0000000200)={0x2c4, r4, 0x400, 0x70bd25, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0xec, 0x4, [@TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x57a53364}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x282}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xbb5998c}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x101}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xce8c}]}, @TIPC_NLA_MEDIA={0xd8, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffa28f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1400000000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xee08e12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}]}, @TIPC_NLA_NET={0x58, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x35}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x22e0}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8c}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x562}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xebd2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x421}]}]}, 0x2c4}, 0x1, 0x0, 0x0, 0x10}, 0x200008a0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000580)={0xffffffffffffffff}, 0x106, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f0000000600)={0xa, 0x4, 0xfa00, {r5}}, 0xc) ioctl$DRM_IOCTL_SET_UNIQUE(0xffffffffffffffff, 0x40106410, &(0x7f0000001640)={0x1000, &(0x7f0000000640)="a8da4ad777cd43f6a1819aa2e856311a03f3204350b20cfac2c6152fc21d755277df3d7b6374a31e4c8852e66fa44c1333696dbc0da4215b83a68ebd1f41377a890efa656e98022b7ed863df050373b8ab3edd655ec2b5b2ea31210fa56702e0aa399538b2678ed1854ab115d7c65732e464e4b007346b6a87037bb1f9fc2cbdd5f7a0b384d3eb71eac2663a533c6d7d31723ef3c0c0380d1852caff487d7f3745ef7bc8442e901fd8a49f1a3d4bd0ce9618dbd668c4d5f580535fd0fd7a8166020e528de2950459fe473ea7c610850a7edacc9dd38c93a84022d6ec32cf4c09aa6dbe955009b3c5d209d02c64871526d67a643cffba5b783f2f7676b26c4a8b7b4405844b4427630f140ac2e6f2c9000724ee686ed880c6cf715abbceeeb7433293be33cfceb48679e45f214d1485de42c8c9dda3c23fcc23abc2b38fc63c03d44bbfbab4db9cc47289e1b4476d8e61d57abeafa64c994dbb768f4957d56791b816f3b506d3066f4fc745bf69521ef37cb11793698fabbf8649297915174e0db072d70375ca46a53a2977cab9ad7e575c6cbf17a09e1b3d9b3cf07899b42a4b79d0b0cc030807ea9f0382d95f21cf1a889aa747f8241842871139d9a425523b3afc62377ed097c9fc91339cfbf3d33ec922458f7075a9377a7bb6a40bd8d229bbac7a97816545315d2fedd4f4f3d1f44ff9cc138b26b4036020d9b8706d83bc9863c042bf7c61b1684f4924c71cf845909682eb6e7326b0b7f181b67243e053f81c020c57d9c41652a0627affc3495b4fdefa9acde5f0cafa334913aa42c6a8bf2acf1bc6390e486a74bba426645011d8de5576f3eae27f264f507330d3c8373c2052357dea423bce561978a089ef6a84d959436812cec93564f708dcdfa495d3b92d7b070caef748d930991d612b82771e2fe5a89726ca4bc9e7970bf128076556d12eafa3c99915fe1cf57c0d6dd58a56350f8fb8baf21bc012274061017a531dd25aae87f59d8d3926109ffc58369f1fac6a6be93b1fcd78422d9928b0a8356ad5ca635ce793f9e1b609e07855049bf9a03a57b9725e83272e3652732a17e3cbc110411c458da7ff3b1703413b19d5743a29079572e204c71f479f4882fb54e223658072cc25f8f59948c7f74e5e2dc5bad599eb810539288c954a4bccf3c90d734aa381abc2d3cb5fad9abf699c222366cfd522b14d78e0ea6e1070efcc55de62a1bb1b4df29330113765fad4d05c2a88c10dfdb012ac2811e76658cc22fe430c29111d9847ad9486441c62bee75d9c96d03d46d9d2a30b8dbf605964ffce36d9e3c0445c98532d7d2e059a52fd822306787a48f08510a54873cbe39e25eb7d0c3ce2962809b9617f7c7a5f557d2b6bb03cea5a477be6b6b33c27ee0a09a977232235b28e75494542fcda177f0d15f58176687e9982d0e9594fbe0bc4ced54cc6a3435fa3116206018e57218eb3b18b12ba34595ecd9fe1d9e03d567d761538abb8f99e5e6e7438641b3b73864c1e9a7294da29a947a0ae9aa4209a21090ba75d3b3bde1cde3426fc81891b401cec9621ff7158840ce3ad83d01a1e7c0100e266264c37d31a9cc105b18a09b58062d8c9d014e1cb05e315e7837b464ecdec5f36e09ad21403b30ea311abb0b41c00f8ddda0e01e7937af6a83087e20a7d112db75d094c8e44475eafb324b06b3dde23adcdcea3c382e8a4a1ae02cdd28e1dd4598363bd83bfdb291ee8fcbb4e23fe44c1754eb15f5d6eb1695c5c1ef4293659e7b749985190541750d19e53708128d95dcbb95c7dda3f30dc4eee031fe563e724301a3217af80ecdfd55c2be04e250b5c555cfd51bfd2752d42f0589be1d083e5c14229f6eb07c6f178dc958d1d95c2a317a234be2be7b765fd43ec1bbcb7f364d5f0c2bda32856b77b1c769fbc03ace2b5f5ad3da006635c4ef5b43223e7aea6621bb7e62c0b1ec48711563752753a0c6dbbbe1ad8e2bc09a5f90d040a63863d4a43e107c3fa7d5eaf7bc9a57b92a635cfcb1cd74d2b3fa4ed5d77a47d2a7443815cbac4bb5edaa442f0f07e2da177fc8d80bb99072531cdbf24147dc01b40c468e81b9557b2f9dc06a9d69e2fb9a696668014d02fe8ed118540c9dd4c660b6dd392e7f80cf2f5f685bf1a0552c5cd2925fd226bf59be2d7b02a03533eb801bc1d1015f4d108bd5fe1e84000a10869609e790bb72755c960abb9fb51cccc32473fec84070b2051f1a7a146d6c74d80bfcf1b89a5dda2ba021867e69f3795b9e4d8ca31aa077029b34015c2f931b1396acd538a448d8c82a67686e0457409c94f261499bf9fa607f1b4708367e3aef968dbbc7984850de4ff01dd8fcd4d8a21f3050c192d8e1146d844187f5922a4d51a1874ed29a77294217f499cd3b123f0e270aee8fb0b7428c12d099d9390134b73b4dae0c6a768e2aabe606cf17f10079e48c453d536c82ae358c9da95df98e511d94ab321796d9a7d574df7a38a8ef08731389517833e8bffbc35f4e5de4544e67cd57a7a73039a267d67c99817807d2a33718c66b2544a95fc619540316265ce8bc0d497dd76a96c61afbbcf1e7661edc35cfdca935173b25c67071f4f118da795f04be275bc89ae4ec6966f0d20353808686d19faf5f28ba06cd767c710f2849e34480cea374d77a14334a85c18d56a85006b39c57a6c5803a1672f6a7f651fac2365589114d449e10c0c65376794baaa05b3658b4bff5ddb976aac63102e39963aca45144576431b30343b111609ab0bda319052fe290f3ef5e859d75d06a5d71dec88016fd177b6e13bc17a3ebaae8e6cc00dd2c62d69bc1598bf67ba1c745907de2cb7f3d2d0dd65cee4f966d62f54bb51771bf6cc49f921f2723631c3bf534d10e243c3e3795c34d972105388c642379935d94da7dd166ee6f7398f7c0baaef0b938ce4210ab910de565c7226cdb6a7562c4ad652b015384dea89c50dc86ed82c2db38162f8f3264554865b7e613a7de858d46bb30f6d68cce934da4a5a352bd362b4dccca3b6a4bf161fc9cd0f95b3291914a7972e60e244d6b0c67874e390b7928e8eda1711fff333fb9dc6a40b312b7179e3067ceb27e3d3b3b82764d633ab9008464e17c4c136a1411cf40603c7e4d2b53df8b758de2a65ed4a81d6fe951ebf1dd5a59f961f3a5c62a0ad2cba70dc8b2f096185e73a481f7074a7966a08f0461bb6c52e474be3e64988ad218173346c3dfecb17e95cbff088ce80eea442e4f9e9b0184b9395f5a3962613336e3b481c576b841082f9c76a865bc63da023fd419ebbf8663e835f6607402dc5cffec4425cb7c779d394a6beee418400176ac8cf9ae554aafd0cdbd879794c3e0103f0af6c3e801e2ee80c2399ca41fb36b4f85b5b6f9131773700e469b2057dcbc29286b6fe72c8044ce4f178859858d0694b0690bd14f9de1cb2624c12b33cd1e05b4be30240377f191e434489445c945714a12e039155428296f0f4e8f030cd444da585fad2ef849c29fdb133a1933b4bd3ce0a02b59afb8d86867ec3b406d669cfe439892da841fd4ea5dcc7c0595020c96ea003524292f39f8087042f519b1d6e7c911a14a1c6b1f846f678c1435c4cb848b2b341e7471d98d00791798bc8d5d237f713c056417befcc009ccceb515ac44a8b28e23af1bebb42a9410955a96031cf08cc25b57cd642c72023b587ccae2a7c352e87a4dea1789f24c471d9bb68e2e4c5662e4dccf07f12093c39a08c11e633724fb8dc52085a1c7722918432d0ead1a9034ca79f5e2e3a73e6bdb06cd7551e6ad7082cd9e3a340639f524eff269696dde26d29312b063b285adb2215fd0e0ecc46fb345dc46da49ec3ea7fd97dafe80ce112ffbe0f6bcbcb3f42265ca0a60282529e899343b249c77f4336466565e776a131167d3f63374df63898968efc5e7213a13ea735304943a26bcc8b7b914251a77f3e6a75c75238af69068547ae76c3e032d963fc533963eb7ec50b401e6d86ab6b9ac57183861b88687821e794f00c9cb356757cd8516daec9865b2ee6f353ecaec9753add2bb750d7735e9aa74c86cdfb6c015fbc8c50cd4537fa011b677b014571019e92006ea5b3151ba061cc94deb1c1e3c29316391d70a7dbd52d3e9ef75f3ad61a72e1773d5f31a73011898da2698a2bffc4357aa1ac8dae3119b2d53151dcc07fa29182e89f69b9c7f6307b328d6b360d047fb57598dc2505ad7a4d4d65291c69e8076fe0be2034d2d90b579d128a36bef3d57ed1bc0ee9ee275d01f51aa3d677342bce5fd713a0926bf5a58a9a0f322fa2b04a01330978f2dae060b34a2158c57874d288ff00239f1cbf46e2fcc2c00166bc3b29df364ad2ec337196cfb6768cfa056d047eba11de0f28703c4566274cf8014acf8e3fe2f0cccd7a3945f554c422b4182e0719a6249c87f6a62f40bd14ba6530e7a17391cc1739679b6fc11ef9a6b3041211a183b249cd1bbde88d8e9a6e9a92e8317cebeed759df5534f23dd28f94b30508c102a01fb966803251f8925d1b2281930992d8001956b357e5616dc6e4593028793cd9ae4fe15dd62f7e391ec756f4c15ad29cabbb96aa7f595bb61f0dbcee1525ee0c3820c90529b73176865f290064f1f11fa4830fa445b1e865f967bb3b8129e63f0d91350a21f38679b898ca21aed73a362849d812b4cc3b396bca0a252348078700a6265be7a8e5c66a1637bd07d97dd38828a059e1bbd12ccc32fb7e503cd7f1d56f850f1f62fa28d6c184b03bc51f77c686caa252c3a58a8346f8826725cdde4e3ee11b78ec2a840e655784fa93943767ed2f76e499b68567f3149aed27ba3f42da199974d2be7133099e83d71de1a120d0788757aeff12208922fb60526480dee4f693acaa6e1624fc427c8b64efe89372a6154aa78bd6bd156cfaf5f1a3392587e7511f59451ef916b29e67227a5741295027ced7ce10398c6c0a0adcfa3468409a486c631befcc592b2c95f1fa1c4ad717284000d2a458fe9c88320b2103a93125782e70b0ac9a730868c9305bfff1e3c286e6e272290b3b80698a679e3066a37b667eead940b9203fa301494db5014df38b850312cdcddaf7f6de3bab57dfe0c6b3e3187ac5014a03b88c392afe4ed664a0b2f5da2f53a5205cc4dc578b6d6b1065b285f3473bcd472b8ce017a7beaff22b3dd1b2a2f9e1ed56851e33b0f7add02c38a59a1d41a31df3d037faa773b470e850ea5fb876a00e1c3ee8fbf1ca910cbeed7ffbf8136b59b13a4242304d581d3b88006f90cb3d2b4a9532888c6f8a19d55508bc463beefc0e6d86bdba728c2256123d52ebd1fe28c33fead5c4255de639b45d713caacc749d86f5cad28e4795ce3aa936aa837f5e33ee98911ad5b158497a389230c07b7f2f92c4e4221dffe57d5e8fdd7790f3a431e1050a0a4ed24098b6641b91f0612f41c45d044aecfc4dfbc0d9a1f94e760f55c8f05586d5ca531d43b67a982df6da5be8cf5b4fdaee840b65cb7d732cbd8685e27278388f84e08693396e92c81ec6cf33ff127fd5457ec531eebe5f1245f36a739367184ee50adad322971db9319ef42f03f2bbd99806b2e70ad167503d216d2fa828cf16f9c38f4b4b13357afa514ae15d60c27795335e82920a7f3e0cedc0d70721916f2f749628b2857df622c226de2a6aef799e01fd6f0c8d243a4f88e93528c500948c269729d0af86f46f8100e0218cf5949ee43ee8b46f92c6cdc7d5efea75a9b684da4179a9c05ba7c6fcea97de80258c7bc6a3f0060f50452c76752135fe09a9045004d6a3aed78e4292"}) r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001680)='/dev/vsock\x00', 0xb800, 0x0) fcntl$F_GET_FILE_RW_HINT(r6, 0x40d, &(0x7f00000016c0)) r7 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000001700)='/proc/self/attr/current\x00', 0x2, 0x0) fsetxattr$security_selinux(r7, &(0x7f0000001740)='security.selinux\x00', &(0x7f0000001780)='system_u:object_r:tetex_data_t:s0\x00', 0x22, 0x1) ioctl$TIOCVHANGUP(r6, 0x5437, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r6, 0xc0905664, &(0x7f00000017c0)={0x0, 0x0, [], @bt={0x80000001, 0x5870, 0x75d4, 0xc5, 0x3000000000000, 0x91e2, 0x8, 0x4}}) lsetxattr$security_smack_entry(&(0x7f0000001880)='./file0\x00', &(0x7f00000018c0)='security.SMACK64IPIN\x00', &(0x7f0000001900)=',\x00', 0x2, 0x2) sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000001cc0)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001c80)={&(0x7f0000001980)={0x2f0, 0x0, 0x5e106379ec91fc0a, 0x70bd25, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x28, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}, @TIPC_NLA_MEDIA={0x3c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_BEARER={0x70, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}]}, @TIPC_NLA_LINK={0x98, 0x4, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xee6c}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffff5cc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xdf5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf84}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}]}]}, @TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_BEARER={0xdc, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x27}}}, {0x14, 0x2, @in={0x2, 0x4, @dev={0xac, 0x14, 0x14, 0x28}}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x60239e4c}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffffffff0000}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1f}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x7fffffff, @remote, 0x6}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x0, @empty, 0x7}}}}]}, @TIPC_NLA_MEDIA={0x84, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffffff}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}]}]}, 0x2f0}, 0x1, 0x0, 0x0, 0x20000000}, 0x1000) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000001d00)={0x67, @rand_addr=0x6, 0x4e22, 0x2, 'rr\x00', 0x2a, 0x1, 0x4b}, 0x2c) r8 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001d40)='/selinux/enforce\x00', 0x49800, 0x0) openat(r8, &(0x7f0000001d80)='./file0\x00', 0x1, 0x40) r9 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000001dc0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) sendto$inet6(r9, &(0x7f0000001e00)="4d27d2c46b46c41428a23e0097e9ad2e59eb46cb520898dfde214ca1dcfa958a7232e50dbd17d6867b16a0c306d9a5557f5f16a50f6072a76ceb7f1cf869931c65f1a4b664ae8902237bb965daadae10af3204d4c1263fce82a987fa3740eaa150b6ad7ef87106d252708ce38435b59739e5d73d08c0fb47a93a66929c605bc7f73a8d42cfeaac0aa22271c550d3f95c4195192d11bd7c2be1edb0c0460e9211b2ec177f54386c4699bcde505e54c60a73c878edca6548831658a2dc7860284c5d2b7f4f3d7e0ae3e5251aacb573a526a0ea227591e1bfc2cde8c693afd9c88afef6440fe611d55da7dab88c", 0xec, 0x4000000, 0x0, 0x0) r10 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001f00)='/dev/vga_arbiter\x00', 0x200040, 0x0) fsetxattr$security_selinux(r10, &(0x7f0000001f40)='security.selinux\x00', &(0x7f0000001f80)='system_u:object_r:pam_console_exec_t:s0\x00', 0x28, 0x3) pipe2(&(0x7f0000001fc0)={0xffffffffffffffff}, 0x86000) ioctl$RTC_PLL_SET(r11, 0x40207012, &(0x7f0000002000)={0x8, 0x401, 0x9, 0x2, 0x8000, 0x401, 0x3}) r12 = syz_open_dev$sndpcmp(&(0x7f0000002040)='/dev/snd/pcmC#D#p\x00', 0x8, 0x104000) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000002080)=@assoc_value={0x0}, &(0x7f00000020c0)=0x8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r12, 0x84, 0x76, &(0x7f0000002100)={r13, 0xffffffff00000001}, &(0x7f0000002140)=0x8) [ 152.597651] audit: type=1400 audit(1568671681.172:37): avc: denied { map } for pid=6740 comm="syz-fuzzer" path="/root/syzkaller-shm169925554" dev="sda1" ino=16495 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 22:08:01 executing program 5: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x101000, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000040)='erspan0\x00') r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x200000, 0x0) connect$rds(r2, &(0x7f00000000c0)={0x2, 0x4e20, @local}, 0x10) r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$CAPI_GET_FLAGS(r3, 0x80044323, &(0x7f0000000140)) ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e) sync() r4 = syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0xac4, 0x2e2401) ioctl$FS_IOC_SETFSLABEL(r4, 0x41009432, &(0x7f00000001c0)="31cd013e889e68a09c59a04fd4186e2d0ce988ebd1db98de05f6265a71abf46e4d180918f1a778deedbb1f3375722500dc100e5249a5686bc928e42669e4f196d67c14c75f1ad32cc6c47f6e7e6ca605dd91a07eba1b5c3e82061f1f6846f36651908cc9154c5d830d9ebb9ef9d22ffe5efdef70e5efd0bc3eb997772ce83e9df92a18d8636fe11917774e83245fecda440f98fa8e30c38d33432edd246f19685fa10cc4a92f285a59a6c6fa0c26fdb5cd43ed85b64bb228f1ddef814e0b67f9586e7de4eea0622a9630aa3272e7858134e5c6cfb026125739c6d0d34b3a5fe0f45744a18ab3a8017ce6533e0f10690c964967638cf8f3e492e7760d2258bff5") ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x50dcc868, 0x6, 0x7}) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300)='/dev/zero\x00', 0x2000, 0x0) getsockopt$inet_int(r5, 0x0, 0xc, &(0x7f0000000340), &(0x7f0000000380)=0x4) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/capi/capi20ncci\x00', 0x80c00, 0x0) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x100000001) openat$zero(0xffffffffffffff9c, &(0x7f0000000400)='/dev/zero\x00', 0x210000, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xc0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=0x95e1, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x4, 0x5}, 0x0, 0x0, &(0x7f00000004c0)={0x1, 0xd, 0x3ff, 0x100}, &(0x7f0000000500)=0x2, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=0x4}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)=r6, 0x4) prctl$PR_GET_TIMERSLACK(0x1e) r7 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_ENUMAUDOUT(r7, 0xc0345642, &(0x7f0000000700)={0x5, "df0a072acfb0860684ac3c85bb26f2424095f37fa3c142cb14a838c2a7a90f67", 0x1}) write$P9_RLINK(r0, &(0x7f0000000740)={0x7, 0x47, 0x2}, 0x7) r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000780)='/dev/dlm-control\x00', 0x200000, 0x0) ioctl$TCGETX(r8, 0x5432, &(0x7f00000007c0)) r9 = inotify_init1(0x80000) write$binfmt_aout(r9, &(0x7f0000000800)={{0xcc, 0x0, 0x8, 0x36e, 0x20, 0x1, 0x157, 0x200}, "48cc6e3e81c1b0497656fc6998889637b83fe5db3234d1fe8a9a99e693f82b4a42fdda595a88fa3526320f3bfab59e47ce3a224c28cb5f81308e5074023d3213c85dc6bb348b81c9bf79b8e6901acacb620225ad7a92b78e8699bc32bce648ca1cef417cc637cd5e987d85eb8d4a24ce592d3b62960139e2fd7abd5174004aae25692d2b688b386e6b250057db3ae3b81662283065afbe5d59b9f7fce7d5bcd2c2e8cbc565b580dff0e2e676fb391afa0151", [[], [], [], [], [], []]}, 0x6d2) r10 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000f00)='/proc/self/net/pfkey\x00', 0xc0000, 0x0) getsockopt$netrom_NETROM_T2(r10, 0x103, 0x2, &(0x7f0000000f40)=0x10001, &(0x7f0000000f80)=0x4) syz_open_dev$media(&(0x7f0000000fc0)='/dev/media#\x00', 0x401, 0x1) 22:08:01 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x8c802, 0x0) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x20, 0x4) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xfa7, 0x2) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e20, 0x400, @dev={0xfe, 0x80, [], 0xb}, 0x8}], 0x1c) r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x20a000, 0x0) fsync(r2) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x10000, 0x0) setsockopt$netrom_NETROM_N2(r3, 0x103, 0x3, &(0x7f0000000140)=0x100000000, 0x4) syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x2, 0x2) r4 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) connect$netrom(r4, &(0x7f0000000200)={{0x3, @null, 0x4}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r5 = fcntl$getown(0xffffffffffffffff, 0x9) sched_setaffinity(r5, 0x8, &(0x7f0000000280)=0x100000001) r6 = gettid() getpgid(r6) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x0, 0x0) ioctl$KVM_TRANSLATE(r7, 0xc018ae85, &(0x7f0000000300)={0x2000, 0x2000, 0x7, 0x3, 0x40000000000}) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000340)='/dev/btrfs-control\x00', 0x600000, 0x0) fsetxattr$security_smack_transmute(r8, &(0x7f0000000380)='security.SMACK64TRANSMUTE\x00', &(0x7f00000003c0)='TRUE', 0x4, 0x1) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000400)=0x0) sched_rr_get_interval(r9, &(0x7f0000000440)) r10 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000480)='/proc/capi/capi20\x00', 0x8800, 0x0) setsockopt$bt_hci_HCI_TIME_STAMP(r10, 0x0, 0x3, &(0x7f00000004c0)=0x7ff, 0x4) r11 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000500)='/dev/autofs\x00', 0x404000, 0x0) ioctl$EVIOCSABS2F(r11, 0x401845ef, &(0x7f0000000540)={0x0, 0x6, 0xffffffff80000001, 0xfffffffffffff25b, 0x4019b403, 0x7}) r12 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000580)='/dev/mixer\x00', 0x121000, 0x0) ioctl$EVIOCSABS0(r12, 0x401845c0, &(0x7f00000005c0)={0x5a, 0x6, 0x1, 0xd2e, 0x6, 0x1ff}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/net/pfkey\x00', 0x800, 0x0) r13 = syz_open_dev$cec(&(0x7f0000000640)='/dev/cec#\x00', 0x2, 0x2) ioctl$UI_BEGIN_FF_UPLOAD(r13, 0xc06855c8, &(0x7f0000000680)={0x9, 0x9, {0x54, 0x9, 0x3, {0x9bc, 0x3f}, {0x4, 0xb6e}, @ramp={0x1e, 0x7, {0x1f, 0x3a, 0x6, 0x7}}}, {0x57, 0x0, 0x6, {0xa9d, 0xffffffff}, {0x401, 0x3ff}, @cond=[{0x9, 0x800, 0x1ff, 0x9f94, 0x5, 0x8000}, {0xbc3, 0x4, 0x4, 0x7, 0x8ea, 0x3ff}]}}) [ 152.655624] audit: type=1400 audit(1568671681.232:38): avc: denied { map } for pid=6757 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13704 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 152.801829] IPVS: ftp: loaded support on port[0] = 21 [ 153.548261] chnl_net:caif_netlink_parms(): no params data found [ 153.561978] IPVS: ftp: loaded support on port[0] = 21 [ 153.585849] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.594109] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.601580] device bridge_slave_0 entered promiscuous mode [ 153.610313] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.616683] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.623663] device bridge_slave_1 entered promiscuous mode [ 153.637840] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 153.646869] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 153.662999] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 153.670197] team0: Port device team_slave_0 added [ 153.675474] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 153.682571] team0: Port device team_slave_1 added [ 153.687652] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 153.694867] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 153.761762] device hsr_slave_0 entered promiscuous mode [ 153.800275] device hsr_slave_1 entered promiscuous mode [ 153.842421] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 153.851618] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 153.871184] IPVS: ftp: loaded support on port[0] = 21 [ 153.872256] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.882823] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.889631] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.896116] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.964699] chnl_net:caif_netlink_parms(): no params data found [ 154.001786] IPVS: ftp: loaded support on port[0] = 21 [ 154.047693] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.054406] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.061667] device bridge_slave_0 entered promiscuous mode [ 154.089914] chnl_net:caif_netlink_parms(): no params data found [ 154.100430] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.106766] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.114461] device bridge_slave_1 entered promiscuous mode [ 154.137175] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 154.145857] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 154.167989] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 154.175447] team0: Port device team_slave_0 added [ 154.181679] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 154.188654] team0: Port device team_slave_1 added [ 154.204452] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 154.211725] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 154.228547] IPVS: ftp: loaded support on port[0] = 21 [ 154.248183] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 154.254645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.268123] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.274749] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.281974] device bridge_slave_0 entered promiscuous mode [ 154.292706] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.299038] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.306218] device bridge_slave_1 entered promiscuous mode [ 154.372076] device hsr_slave_0 entered promiscuous mode [ 154.410252] device hsr_slave_1 entered promiscuous mode [ 154.482379] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 154.495691] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 154.504996] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 154.516928] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 154.538171] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 154.574056] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 154.581292] team0: Port device team_slave_0 added [ 154.588476] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 154.595521] team0: Port device team_slave_1 added [ 154.601024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 154.619035] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.626066] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.633265] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 154.658108] chnl_net:caif_netlink_parms(): no params data found [ 154.668572] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 154.677104] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 154.689790] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 154.697422] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.762000] device hsr_slave_0 entered promiscuous mode [ 154.800396] device hsr_slave_1 entered promiscuous mode [ 154.860726] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 154.867728] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 154.879672] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 154.880782] IPVS: ftp: loaded support on port[0] = 21 [ 154.913779] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 154.921080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.929421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.937104] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.943454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.955424] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 154.962911] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.969284] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.976612] device bridge_slave_0 entered promiscuous mode [ 154.985087] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.991592] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.998887] device bridge_slave_1 entered promiscuous mode [ 155.009728] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 155.016503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.024771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.032478] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.038830] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.047126] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 155.066307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 155.084555] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 155.093825] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 155.124368] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 155.140138] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 155.149612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 155.164389] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 155.177289] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 155.184700] team0: Port device team_slave_0 added [ 155.191804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 155.199339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 155.206927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 155.214596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 155.222322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 155.255392] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 155.264937] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 155.272299] team0: Port device team_slave_1 added [ 155.277538] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 155.297535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.306539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.317677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 155.328119] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 155.353593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 155.361091] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 155.377166] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 155.383282] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 155.433194] device hsr_slave_0 entered promiscuous mode [ 155.470267] device hsr_slave_1 entered promiscuous mode [ 155.522748] chnl_net:caif_netlink_parms(): no params data found [ 155.533976] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 155.541644] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 155.558055] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 155.604373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.622052] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 155.637321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.643740] chnl_net:caif_netlink_parms(): no params data found [ 155.657542] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 155.689442] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.696541] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.704027] device bridge_slave_0 entered promiscuous mode [ 155.713472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.727556] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 155.734874] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.743514] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.751349] device bridge_slave_1 entered promiscuous mode [ 155.758804] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 155.765739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.776654] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.787352] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 155.793539] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.807620] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 155.829107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 155.840713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.847575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:08:04 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={[{@shortname_lower='shortname=lower'}], [{@smackfsroot={'smackfsroot', 0x3d, 'gfs6\x00'}}]}) [ 155.858459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.866663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.875094] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.881465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.898040] FAT-fs (loop0): Unrecognized mount option "smackfsroot=gfs6" or missing value [ 155.922367] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 155.928465] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.938052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 155.946961] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 155.954184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.963026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.970758] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.971452] FAT-fs (loop0): Unrecognized mount option "smackfsroot=gfs6" or missing value [ 155.978057] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.999843] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 156.009247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 22:08:04 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/arp\x00') sendfile(r0, r1, 0x0, 0x80000000000008) [ 156.023603] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.033250] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.044517] device bridge_slave_0 entered promiscuous mode [ 156.055421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 22:08:04 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/arp\x00') sendfile(r0, r1, 0x0, 0x80000000000008) [ 156.068306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.083373] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.089719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.099606] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 156.109095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 156.121962] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 156.134539] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.141033] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.148022] device bridge_slave_1 entered promiscuous mode [ 156.163113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 156.170356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.177999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.185605] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.191982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.198943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 22:08:04 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000280)={0x1, 0x0, 0x11, &(0x7f00000002c0)="ae9d2a000000f700215e0bccc96823e321"}) 22:08:04 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="d3d2bb3c5a7100cd80"], 0x9}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x40000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYRESHEX, @ANYBLOB="d66bf02dbc8a5f3944e431757b446d7de4c2929523b8d1353a688f314eaa8e386cb8b636754346efd5"], 0x0, 0x3b}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 156.218407] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 156.225880] team0: Port device team_slave_0 added [ 156.231835] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 156.238871] team0: Port device team_slave_1 added [ 156.245018] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 156.307091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.307189] ptrace attach of "/root/syz-executor.0"[6818] was attempted by "/root/syz-executor.0"[6819] [ 156.314242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 156.329956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 156.337892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 156.345878] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready 22:08:04 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="cd80"], 0x2}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRESOCT=0x0], 0x0, 0x17}, 0x20) tkill(r0, 0x39) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 156.353622] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 156.369041] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 156.378788] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 156.398888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 156.409708] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 156.419765] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 156.430444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 156.431212] ptrace attach of "/root/syz-executor.0"[6823] was attempted by "/root/syz-executor.0"[6824] [ 156.448582] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 156.455708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 156.463370] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.470972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 156.478532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 156.486086] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.493752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.500788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.507547] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 156.514442] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 156.573800] device hsr_slave_0 entered promiscuous mode [ 156.630308] device hsr_slave_1 entered promiscuous mode 22:08:05 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = open(&(0x7f0000000280)='./file0\x00', 0x110000141042, 0x0) ftruncate(r2, 0x0) [ 156.672321] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 156.695737] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 156.715601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.726354] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.734308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.742005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.749594] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 156.758354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 156.766273] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 156.773579] team0: Port device team_slave_0 added [ 156.779054] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 156.786261] team0: Port device team_slave_1 added [ 156.793318] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 156.801400] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 156.808057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.815687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.823167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.830826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.839318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 156.848204] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 156.854336] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.860870] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 156.873375] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 156.894036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.901673] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.910655] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 156.916639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.925151] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 156.939391] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 156.947640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 156.955482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.965034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.972406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.979980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.987610] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.993978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.006325] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 157.012438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.023355] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 157.031965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.038933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.047044] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.054690] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.061063] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.114779] device hsr_slave_0 entered promiscuous mode [ 157.170455] device hsr_slave_1 entered promiscuous mode [ 157.210862] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 157.222541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 157.229960] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 157.239001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.248764] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 157.255574] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 157.272288] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 157.285590] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 157.293813] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 157.314527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.322469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.335280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.342931] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.352489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 157.361074] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.367885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.375658] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.387414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 157.396634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.404545] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.413308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.429882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.441861] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 157.449705] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 157.460972] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 157.466969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.475243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.483124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.492398] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.503621] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 157.521515] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.530510] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 157.538862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.546109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.554034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.564108] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.571537] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 157.577608] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.587747] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 157.597563] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 157.608607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.623531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.631568] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.637901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.644806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.653197] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.660787] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.667111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.674263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.683691] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 157.699108] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 157.720570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.728464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.748036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.760125] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 157.766196] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.778855] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 157.787169] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 157.803530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.813563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.840969] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.847335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.855564] audit: type=1400 audit(1568671686.432:39): avc: denied { create } for pid=6857 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 157.880501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.890868] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 157.898325] audit: type=1400 audit(1568671686.452:40): avc: denied { write } for pid=6857 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 157.898343] audit: type=1400 audit(1568671686.452:41): avc: denied { read } for pid=6857 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 157.900257] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 157.962153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.971245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.985884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.004355] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.010735] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.022621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.033128] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 22:08:06 executing program 3: r0 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$can_raw(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 22:08:06 executing program 0: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80000) ustat(0x0, 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) pipe(0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) getuid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x85) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x9d) connect$unix(0xffffffffffffffff, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) write$binfmt_elf64(r2, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000001500)={0x1, 'bridge0\x00', 0x2}, 0x18) shutdown(r2, 0x1) recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa4756f}, 0x100) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) write$eventfd(0xffffffffffffffff, &(0x7f0000000340)=0x2, 0x8) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000001480)={0x0, @empty, @dev}, &(0x7f00000014c0)=0xc) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0xfffffffffffffee3) write$P9_ROPEN(r0, 0x0, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000001440)={0x1, 0x6, 0x1000}, 0x4) [ 158.049752] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 158.062024] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 158.068900] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.078000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.092662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.103707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 158.118193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 158.127799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.135874] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.145097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.153507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.168522] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.183269] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 158.190658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.198254] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.209796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 158.225288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.233192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.243338] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 158.252184] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.262698] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 158.268734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.276813] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 158.286321] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 158.297845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.311469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.318902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.327149] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.334639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.342948] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.355584] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 158.365235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.379292] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 158.385653] protocol 88fb is buggy, dev hsr_slave_0 [ 158.385701] protocol 88fb is buggy, dev hsr_slave_1 [ 158.397135] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 158.412195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.420457] 8021q: adding VLAN 0 to HW filter on device batadv0 22:08:08 executing program 1: unshare(0x2000400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22}, 0x1c) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) fsync(0xffffffffffffffff) syz_open_procfs(0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) sendto$inet6(r0, 0x0, 0xffffffffffffff9d, 0x20000003, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) 22:08:08 executing program 2: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000000)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) creat(&(0x7f0000000100)='./file1\x00', 0x0) 22:08:08 executing program 5: r0 = memfd_create(&(0x7f0000000040)='$.6/%cpuset]\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c46"], 0x4) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 22:08:08 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000580)=ANY=[@ANYBLOB="b702000003000000bfa3000000000000a503000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001077d60b7030000000000006a0a00fe18000000850000002b000000b70000000000000095000000000000000d7a2868cb268cdd91defae2a3c83d07fe3a4102e4aeb54f36633e27c279341bf489903cfdb4c05e96e3046f04e77969be0634674d0942b66b249b3518598e7e290b39a6f2fc2a5e019bc6b45684f002cf57bf887e83fbb2215b8a34e6bdc4dc1af6d3c6958da4bddac602e0048bec11e874602f925b6dbd2af21b75fe26aa5e85ae281993bfa213923bb755c1f1abd196407b4c8fabe27b2121a5f03dff2c8a6fde74750a1435d10f5f78dc90035e0f7eea3882e215588bfad670617fb9038b7568fce4053a6cdec2173ea28bff0b0cc46b0f0154d34d3b25fa6496b98718128e1d7f87b1ca8652df311d4499aea650453895a118f2456f895919bce790c548bedabdc8b60c55693766c093ad865d2f3a054978ac58c57175407a28fa08223120a02f10b76aff1682543cf3a5773931f5642feff73a567d4faec0de08ffebecfc10693a10d13cb6a3f920dd68cad9475e59f8612b33574c69d8be720ae4e46db1d85a7396a3eea625932dab1401306790d1b0e08ae0b517c5f7b4"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r0, 0xc0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)=r1, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='map\x00\x00~6\xf5\b\xd2g\xabz\xfe\x9f?\bU\x1de\x9d\xa3p:\xc5{\x8e\xda\x01\x83B\vg\x8f\xa5\x04\x00\x00\x00\x00\x00\x0f\x18J^\xa5\xf6\x9cv\x9b\x13D\x8a<\xe4i\v\x8f\x0f\xfe\xbaxz\xda|\xdeI\xabL\xe9\xd9\xc9\x97\xbe\x87\xe0xb\xa7\xa7\x12I\x14\xfc\x98\x14\x90\x89\xd7o]*\xf9\xb5\xf9\x10\xa8\xe2}G!\xc9+\xb9\xe6\xf7j6\x15\xfb\x12\xce\x16\x8eoV\x02\fP\x138\xd6U]\xa5\xe2w\xa4l\xa0\x92W~\x81\xa6):#\xa2\x83\xd1\b\x1f\xfb4&\x9b\xa2\xe3v\xa2L\xbb\xfd\xf8\xfc\x12(\x19\xb8&\xdc\xbeH\x13\x03\xee\xb0\xbb\x9b\x11\x88c$\xc35J(73Kf\x83zL\x03-\x18<\xd2\x99\xaan', r2}, 0x10) 22:08:08 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000140)={'lo\x00\x00\xe7\xff\x03\x00\x00\x00\x00\x06\x00', 0xfd}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x0, 0x0, 0x0) getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) 22:08:08 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='cgroup\x00') preadv(r0, &(0x7f0000000a80)=[{&(0x7f0000000280)=""/114, 0x72}], 0x1, 0x0) [ 159.669134] capability: warning: `syz-executor.1' uses 32-bit capabilities (legacy support in use) [ 159.684028] Unknown ioctl 21559 [ 159.687605] Unknown ioctl -1064282524 [ 159.695744] Unknown ioctl 21559 [ 159.699108] Unknown ioctl -1064282524 22:08:08 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'ip\x8ei0\x00\x00@\x00', 0xc205}) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000040)) 22:08:08 executing program 5: r0 = memfd_create(&(0x7f0000000040)='$.6/%cpuset]\x00', 0x0) write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c46"], 0x4) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 22:08:08 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f0000000280)={0x1, 0x0, 0x11, &(0x7f00000002c0)="a19d76da0bde92a169eda7c0ff2a4dd178"}) [ 159.776560] audit: type=1804 audit(1568671688.352:42): pid=6917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.2" name="/root/syzkaller-testdir020639107/syzkaller.Ef7MDP/1/file0/file0" dev="loop2" ino=3 res=1 22:08:08 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r0, 0x11000000000b) r1 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r1, 0x11000000000b) r2 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r2, 0x11000000000b) writev(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r3, 0x11000000000b) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) accept$ax25(0xffffffffffffffff, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r4, 0x11000000000b) r5 = socket$inet_sctp(0x2, 0x800000000001, 0x84) listen(r5, 0x11000000000b) r6 = socket$netlink(0x10, 0x3, 0x4) writev(r6, &(0x7f000051c000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560284470080ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) listen(0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) listen(0xffffffffffffffff, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000003e00)=[@sack_perm], 0x1) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) accept$ax25(0xffffffffffffffff, 0x0, 0x0) getpid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002380), 0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) 22:08:08 executing program 5: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000900)={0x6, @remote, 0x0, 0x2, 'dh\x00'}, 0x2c) 22:08:08 executing program 3: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/c}rrent\x00', 0x2, 0x0) [ 160.052377] ================================================================== [ 160.059876] BUG: KASAN: use-after-free in tcp_init_tso_segs+0x1ae/0x200 [ 160.066623] Read of size 2 at addr ffff8880995855f0 by task syz-executor.1/6913 [ 160.074062] [ 160.075680] CPU: 0 PID: 6913 Comm: syz-executor.1 Not tainted 4.14.144 #0 [ 160.082594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.091943] Call Trace: [ 160.094518] dump_stack+0x138/0x197 [ 160.098129] ? tcp_init_tso_segs+0x1ae/0x200 [ 160.102539] print_address_description.cold+0x7c/0x1dc [ 160.107794] ? tcp_init_tso_segs+0x1ae/0x200 [ 160.112186] kasan_report.cold+0xa9/0x2af [ 160.116322] __asan_report_load2_noabort+0x14/0x20 [ 160.121229] tcp_init_tso_segs+0x1ae/0x200 [ 160.125441] ? tcp_tso_segs+0x7d/0x1c0 [ 160.129311] tcp_write_xmit+0x15e/0x4960 [ 160.133351] ? tcp_v6_md5_lookup+0x23/0x30 [ 160.137562] ? tcp_established_options+0x2c5/0x420 [ 160.142470] ? tcp_current_mss+0x1dc/0x2f0 [ 160.146724] ? __alloc_skb+0x3ee/0x500 [ 160.150607] __tcp_push_pending_frames+0xa6/0x260 [ 160.155437] tcp_send_fin+0x17e/0xc40 [ 160.159264] tcp_close+0xcc8/0xfb0 [ 160.162789] ? lock_acquire+0x16f/0x430 [ 160.166743] ? ip_mc_drop_socket+0x1d6/0x230 [ 160.171137] inet_release+0xec/0x1c0 [ 160.174838] inet6_release+0x53/0x80 [ 160.178538] __sock_release+0xce/0x2b0 [ 160.182406] ? __sock_release+0x2b0/0x2b0 [ 160.186531] sock_close+0x1b/0x30 [ 160.189961] __fput+0x275/0x7a0 [ 160.193223] ____fput+0x16/0x20 [ 160.196483] task_work_run+0x114/0x190 [ 160.200352] exit_to_usermode_loop+0x1da/0x220 [ 160.204913] do_syscall_64+0x4bc/0x640 [ 160.208778] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 160.213606] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 160.218773] RIP: 0033:0x4135d1 [ 160.221943] RSP: 002b:00007fff013e3490 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 160.229629] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004135d1 [ 160.236875] RDX: 0000001b32920000 RSI: 0000000000000000 RDI: 0000000000000003 [ 160.244124] RBP: 0000000000000001 R08: 000000006e783fbb R09: 000000006e783fbf [ 160.251379] R10: 00007fff013e3570 R11: 0000000000000293 R12: 000000000075c9a0 [ 160.258649] R13: 000000000075c9a0 R14: 0000000000760b68 R15: ffffffffffffffff [ 160.266774] [ 160.268391] Allocated by task 6928: [ 160.272008] save_stack_trace+0x16/0x20 [ 160.276007] save_stack+0x45/0xd0 [ 160.279436] kasan_kmalloc+0xce/0xf0 [ 160.283127] kasan_slab_alloc+0xf/0x20 [ 160.286993] kmem_cache_alloc_node+0x144/0x780 [ 160.291557] __alloc_skb+0x9c/0x500 [ 160.295169] sk_stream_alloc_skb+0xb3/0x780 [ 160.299467] tcp_sendmsg_locked+0xf61/0x3200 [ 160.303854] tcp_sendmsg+0x30/0x50 [ 160.307383] inet_sendmsg+0x122/0x500 [ 160.311170] sock_sendmsg+0xce/0x110 [ 160.314868] SYSC_sendto+0x206/0x310 [ 160.318555] SyS_sendto+0x40/0x50 [ 160.321990] do_syscall_64+0x1e8/0x640 [ 160.325856] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 160.331022] [ 160.332635] Freed by task 6928: [ 160.335901] save_stack_trace+0x16/0x20 [ 160.339858] save_stack+0x45/0xd0 [ 160.343286] kasan_slab_free+0x75/0xc0 [ 160.347162] kmem_cache_free+0x83/0x2b0 [ 160.351121] kfree_skbmem+0x8d/0x120 [ 160.354883] __kfree_skb+0x1e/0x30 [ 160.358405] tcp_remove_empty_skb.part.0+0x231/0x2e0 [ 160.363485] tcp_sendmsg_locked+0x1ced/0x3200 [ 160.367954] tcp_sendmsg+0x30/0x50 [ 160.371480] inet_sendmsg+0x122/0x500 [ 160.375314] sock_sendmsg+0xce/0x110 [ 160.379007] SYSC_sendto+0x206/0x310 [ 160.382696] SyS_sendto+0x40/0x50 [ 160.386173] do_syscall_64+0x1e8/0x640 [ 160.390050] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 160.395226] [ 160.396839] The buggy address belongs to the object at ffff8880995855c0 [ 160.396839] which belongs to the cache skbuff_fclone_cache of size 472 [ 160.410188] The buggy address is located 48 bytes inside of [ 160.410188] 472-byte region [ffff8880995855c0, ffff888099585798) [ 160.421990] The buggy address belongs to the page: [ 160.426899] page:ffffea0002656140 count:1 mapcount:0 mapping:ffff8880995850c0 index:0x0 [ 160.435027] flags: 0x1fffc0000000100(slab) [ 160.439243] raw: 01fffc0000000100 ffff8880995850c0 0000000000000000 0000000100000006 [ 160.447104] raw: ffffea000282ae60 ffffea00025f2e60 ffff8880a9e81d80 0000000000000000 [ 160.454962] page dumped because: kasan: bad access detected [ 160.460736] [ 160.462395] Memory state around the buggy address: [ 160.467306] ffff888099585480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 160.474646] ffff888099585500: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 160.481981] >ffff888099585580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 160.489320] ^ [ 160.496832] ffff888099585600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 160.504173] ffff888099585680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 160.511510] ================================================================== [ 160.518851] Disabling lock debugging due to kernel taint [ 160.527150] Kernel panic - not syncing: panic_on_warn set ... [ 160.527150] [ 160.530294] kobject: 'loop0' (ffff8880a498b7e0): kobject_uevent_env [ 160.534525] CPU: 0 PID: 6913 Comm: syz-executor.1 Tainted: G B 4.14.144 #0 [ 160.546236] kobject: 'loop0' (ffff8880a498b7e0): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 160.549030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.549033] Call Trace: [ 160.549044] dump_stack+0x138/0x197 [ 160.549054] ? tcp_init_tso_segs+0x1ae/0x200 [ 160.578365] panic+0x1f2/0x426 [ 160.581538] ? add_taint.cold+0x16/0x16 [ 160.585489] ? ___preempt_schedule+0x16/0x18 [ 160.589876] kasan_end_report+0x47/0x4f [ 160.593824] kasan_report.cold+0x130/0x2af [ 160.598048] __asan_report_load2_noabort+0x14/0x20 [ 160.602957] tcp_init_tso_segs+0x1ae/0x200 [ 160.607167] ? tcp_tso_segs+0x7d/0x1c0 [ 160.611032] tcp_write_xmit+0x15e/0x4960 [ 160.615073] ? tcp_v6_md5_lookup+0x23/0x30 [ 160.619298] ? tcp_established_options+0x2c5/0x420 [ 160.624210] ? tcp_current_mss+0x1dc/0x2f0 [ 160.628425] ? __alloc_skb+0x3ee/0x500 [ 160.632291] __tcp_push_pending_frames+0xa6/0x260 [ 160.637113] tcp_send_fin+0x17e/0xc40 [ 160.640900] tcp_close+0xcc8/0xfb0 [ 160.644434] ? lock_acquire+0x16f/0x430 [ 160.648390] ? ip_mc_drop_socket+0x1d6/0x230 [ 160.652804] inet_release+0xec/0x1c0 [ 160.656493] inet6_release+0x53/0x80 [ 160.660187] __sock_release+0xce/0x2b0 [ 160.664063] ? __sock_release+0x2b0/0x2b0 [ 160.668233] sock_close+0x1b/0x30 [ 160.671678] __fput+0x275/0x7a0 [ 160.675068] ____fput+0x16/0x20 [ 160.678384] task_work_run+0x114/0x190 [ 160.682256] exit_to_usermode_loop+0x1da/0x220 [ 160.686851] do_syscall_64+0x4bc/0x640 [ 160.690717] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 160.695542] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 160.700713] RIP: 0033:0x4135d1 [ 160.703885] RSP: 002b:00007fff013e3490 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 160.711570] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004135d1 [ 160.718817] RDX: 0000001b32920000 RSI: 0000000000000000 RDI: 0000000000000003 [ 160.726077] RBP: 0000000000000001 R08: 000000006e783fbb R09: 000000006e783fbf [ 160.734889] R10: 00007fff013e3570 R11: 0000000000000293 R12: 000000000075c9a0 [ 160.742658] R13: 000000000075c9a0 R14: 0000000000760b68 R15: ffffffffffffffff [ 160.751377] Kernel Offset: disabled [ 160.755014] Rebooting in 86400 seconds..