[ 57.141946] audit: type=1800 audit(1544471320.176:27): pid=6465 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 57.161621] audit: type=1800 audit(1544471320.196:28): pid=6465 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 58.724656] audit: type=1800 audit(1544471321.776:29): pid=6465 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 58.744095] audit: type=1800 audit(1544471321.786:30): pid=6465 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. 2018/12/10 19:48:52 fuzzer started 2018/12/10 19:48:57 dialing manager at 10.128.0.26:41043 2018/12/10 19:48:57 syscalls: 1 2018/12/10 19:48:57 code coverage: enabled 2018/12/10 19:48:57 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/10 19:48:57 setuid sandbox: enabled 2018/12/10 19:48:57 namespace sandbox: enabled 2018/12/10 19:48:57 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/10 19:48:57 fault injection: enabled 2018/12/10 19:48:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/10 19:48:57 net packet injection: enabled 2018/12/10 19:48:57 net device setup: enabled 19:51:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@ipv6_getroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x2}}, 0x1c}}, 0x0) syzkaller login: [ 203.402236] IPVS: ftp: loaded support on port[0] = 21 [ 205.270799] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.277429] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.285916] device bridge_slave_0 entered promiscuous mode [ 205.393165] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.399747] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.408296] device bridge_slave_1 entered promiscuous mode [ 205.514211] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 205.617401] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 205.937043] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 206.047069] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 206.152275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 206.162839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 19:51:09 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x5) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet6(0xa, 0x803, 0x3) ioctl(r2, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty, [0x0, 0x20000000]}}, 0x0, 0x0, 0x0, 0x18, 0x21}, 0x98) [ 206.575780] ip (6686) used greatest stack depth: 53824 bytes left [ 206.674507] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 206.682943] team0: Port device team_slave_0 added [ 206.801947] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 206.810418] team0: Port device team_slave_1 added [ 206.927665] IPVS: ftp: loaded support on port[0] = 21 [ 207.041080] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 207.048177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.057088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.271837] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 207.278861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.287844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.470775] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 207.478516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.487600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.663850] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 207.671547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.680624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.615866] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.622460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.629510] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.636092] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.645181] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 209.770554] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.777209] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.785840] device bridge_slave_0 entered promiscuous mode [ 209.971506] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.978225] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.986733] device bridge_slave_1 entered promiscuous mode [ 210.111959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.148322] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.275775] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.830003] bond0: Enslaving bond_slave_0 as an active interface with an up link 19:51:14 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x5) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet6(0xa, 0x803, 0x3) ioctl(r2, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty=0x18000000, [0x0, 0x20000000]}}}, 0x98) [ 211.080065] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.345946] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.353289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.590767] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.598022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.848491] IPVS: ftp: loaded support on port[0] = 21 [ 212.248419] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.256885] team0: Port device team_slave_0 added [ 212.443721] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.452341] team0: Port device team_slave_1 added [ 212.642734] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.649778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.658689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.875938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.883210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.891999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.045165] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.052932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.061979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.254008] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 213.261845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.270619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.370119] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.376748] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.385325] device bridge_slave_0 entered promiscuous mode [ 215.649091] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.655788] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.664350] device bridge_slave_1 entered promiscuous mode [ 215.710099] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.716663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.723805] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.730300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.739455] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 215.913047] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 216.084225] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.501909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.662774] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.930453] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.147981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 217.155345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.386988] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 217.394353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 19:51:20 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='vegas\x00', 0x6) sendto$inet(r0, 0x0, 0x0, 0x400200007fd, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x99, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x20013a5a}], 0x1, &(0x7f0000000200)=""/20, 0x8034}, 0x100) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0a5c2d023c126285718070") [ 217.997992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.177207] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.185768] team0: Port device team_slave_0 added [ 218.471358] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.479635] team0: Port device team_slave_1 added [ 218.688021] IPVS: ftp: loaded support on port[0] = 21 [ 218.813225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.820350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.829691] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.999224] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.044567] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.051828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.060733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.315601] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.323306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.332408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.593379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.600943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.610406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.025982] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.032511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.040426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.567165] ip (7057) used greatest stack depth: 53792 bytes left [ 221.063495] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.552993] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.559524] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.566752] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.573306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.582500] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 222.841990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.225558] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.232279] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.240725] device bridge_slave_0 entered promiscuous mode [ 223.529844] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.536465] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.545196] device bridge_slave_1 entered promiscuous mode [ 223.813436] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 223.978674] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 224.831122] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 225.095450] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 225.363831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 225.370835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.605310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 225.612456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 226.147700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.413371] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.421543] team0: Port device team_slave_0 added [ 226.695181] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 226.703851] team0: Port device team_slave_1 added 19:51:30 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") r2 = accept$alg(r0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000006100)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001d00)=""/4096, 0x1000}], 0x1}}], 0x10, 0x0, 0x0) [ 226.974195] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 226.981286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 226.990780] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.248372] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 227.371828] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 227.379076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 227.388043] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 19:51:30 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000500)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x1e6) [ 227.782975] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 227.790557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 227.799459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 19:51:31 executing program 0: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000004080501ff0080fffdfffe2e0a0000000c0003002f0000009c0a00010c000200170022ff02f10000"], 0x2c}}, 0x0) [ 228.072055] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 228.079507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.088565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 228.168790] IPVS: ftp: loaded support on port[0] = 21 19:51:31 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140), 0x10) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000100), 0x4) times(&(0x7f0000000000)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x20000, 0x0) syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0x0, 0x0) ioctl$NBD_DISCONNECT(r1, 0xab08) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f0000000080)={{0x2, 0x800}, {0x6db, 0x9}, 0x4}) [ 228.654303] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.660963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.668916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 19:51:31 executing program 0: socketpair$unix(0x1, 0x20000000000002, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x4000000000000002, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) bind$tipc(r2, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x2, {0x0, 0x4, 0x2}}, 0x10) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000000)=@fragment, 0x8) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmmsg(r1, &(0x7f0000000240), 0x5c3, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000002000)=[{{&(0x7f0000001c00)=@in={0x2, 0x0, @broadcast}, 0x80, 0x0}}], 0x1, 0x0) 19:51:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0xfffffffffffffdba, 0x0, &(0x7f0000000040)=ANY=[@ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRES64]], 0xb6, 0x0, 0x0}) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000000)) [ 229.312551] binder: 7337:7338 ioctl c0306201 20000100 returned -14 19:51:32 executing program 0: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) [ 229.737997] 8021q: adding VLAN 0 to HW filter on device team0 19:51:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000000)={0x40, 0x9c0, 0x1}) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x240800, 0x0) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000000080)={0x8, 0x100, 0x1}) r2 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000018000000000000000800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a627300000000", @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="00fd00000000000000000000000000"]], 0x0, 0x0, &(0x7f00000003c0)}) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0x4020565b, &(0x7f0000000140)={0x8001006, 0x46, 0x1}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r3, 0x10, 0x70bd26, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4805}, 0x4000000) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x10, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0e630c400000000000000000000000005373141f816bbb7b58ec25d0a7868e97ade03791ab9fb2f12cf044cc511e5f4475b00ddf0da7c142992756bba2d016"], 0x0, 0x0, &(0x7f0000000540)}) [ 229.961969] binder: 7358:7359 ioctl 401070c9 20000000 returned -22 [ 229.976294] binder: 7358:7359 got transaction with invalid offset (64768, min 0 max 24) or object. [ 229.985781] binder: 7358:7359 transaction failed 29201/-22, size 24-8 line 3035 [ 230.113252] binder: 7358:7359 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 230.143588] binder: 7358:7359 ioctl 401070c9 20000000 returned -22 [ 230.186282] binder: BINDER_SET_CONTEXT_MGR already set [ 230.191808] binder: 7358:7367 ioctl 40046207 0 returned -16 [ 230.192779] binder_alloc: 7358: binder_alloc_buf, no vma [ 230.203218] binder: 7358:7370 transaction failed 29189/-3, size 24-8 line 2973 [ 230.265318] binder: 7358:7367 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 230.304026] binder: undelivered TRANSACTION_ERROR: 29201 [ 230.312301] binder: undelivered TRANSACTION_ERROR: 29189 19:51:33 executing program 0: r0 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x7, 0x98102) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000080)=0x5, &(0x7f00000000c0)=0x2) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x82, &(0x7f0000000000), 0x4) [ 231.922467] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.928992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.936124] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.942701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.951457] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 231.958268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 233.450256] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.456965] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.465855] device bridge_slave_0 entered promiscuous mode [ 233.731245] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.737820] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.746238] device bridge_slave_1 entered promiscuous mode [ 233.936101] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 234.231527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.460206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.015386] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 235.252871] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.453856] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 235.460892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 235.566448] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 235.700397] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 235.707691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.582854] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 236.591227] team0: Port device team_slave_0 added [ 236.608672] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 236.615219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.623226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 236.829099] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.837475] team0: Port device team_slave_1 added 19:51:40 executing program 1: [ 237.090582] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.097856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.106825] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.329728] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 237.336961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.345784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.380344] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.557311] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.565646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.574389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.691065] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 237.698701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.707591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.691920] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.698563] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.705705] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.712249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.721002] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.727694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.857361] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.422921] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 19:51:44 executing program 2: [ 242.006669] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 242.013203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.021227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.436478] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.812496] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.191900] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.516757] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.523273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.531223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.790223] 8021q: adding VLAN 0 to HW filter on device team0 19:51:48 executing program 3: 19:51:50 executing program 4: 19:51:50 executing program 0: munmap(&(0x7f000057f000/0x1000)=nil, 0x1000) mremap(&(0x7f0000581000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000ffb000/0x3000)=nil) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) munmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = request_key(&(0x7f0000000280)='big_key\x00', &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000300)='^*proc\x00', 0xfffffffffffffff9) r2 = request_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000140)='vmnet0ppp0,keyringppp1security\x00', r1) keyctl$assume_authority(0x10, r2) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000057f000/0x3000)=nil) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x402140, 0x0) keyctl$instantiate(0xc, r2, &(0x7f0000000180)=ANY=[@ANYBLOB="7570646174652064656661756c7420747275737465643a73797a0068f4dfcabdba66b7fd9fae679fcf642fee45741588ec8efe3785d97be8e60611d855acf445c969d37dc2b1bf3b35c1328a9c5dafd07c45e77143e90a56e6d12f7a5eb5c8ae3c852e0d3741e1995927e13caaa3c1d94299a77467f25d6c89b7a32450f3b89adc5fba18800220c7d5a64f8d608fc2e404a0a6292d1acb7bc233db11f87a94498faa1015c916acbecd44e481355e30d15dd8d2ccc9"], 0x1b, r2) fcntl$getownex(r0, 0x10, &(0x7f0000000080)) 19:51:50 executing program 5: r0 = memfd_create(&(0x7f0000000000)='%\x00', 0x6) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000040)) ioctl$EXT4_IOC_RESIZE_FS(r0, 0x40086610, &(0x7f0000000080)=0x3ff) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000000c0)) write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:var_run_t:s0\x00', 0x1f) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000140)=0x2, 0x4) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000180)={0x4, 0x7, {0x51, 0x6abb, 0xffffffffffffff7f, {0x1, 0x5}, {0x8ee, 0x100000001}, @rumble={0x7, 0x3}}, {0x57, 0xbe, 0x200, {0x9, 0xff}, {0x9, 0x6}, @ramp={0x0, 0x0, {0x7f, 0x7, 0x4, 0x6}}}}) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000200)={0xa, 0x0, {0x57, 0x2, 0x1f, {0x4, 0x7}, {0x8, 0x2}, @cond=[{0x2, 0x7ff, 0x2, 0x800, 0x1, 0x2}, {0x40, 0x4, 0x6, 0x9, 0x2, 0x5e33e794}]}, {0x56, 0x448, 0xa755ccb, {0x7, 0x5}, {0xffc000000000000}, @cond=[{0x9, 0x14e, 0x80200000000, 0x9, 0x8, 0x9410}, {0x3, 0x7, 0x3, 0x917, 0x8, 0x800}]}}) ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f00000002c0)={0x3, &(0x7f0000000280)=[{0x80, 0x6a, 0x100000000, 0x2}, {0x2, 0x3, 0x8, 0x2}, {0x80000000, 0x6f49, 0xff, 0x1d8d}]}) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000300), 0x2) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000340)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000380)={0x0, 0x0, 0x5, 0x0, [], [{0x166, 0x6, 0x472, 0x6, 0xed}, {0x1f, 0xdf, 0x2, 0x4, 0x6, 0x6}], [[], [], [], [], []]}) r1 = syz_open_dev$midi(&(0x7f0000000580)='/dev/midi#\x00', 0x10001, 0x40001) ioctl$TUNSETLINK(r1, 0x400454cd, 0x206) ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f00000005c0)=0x9) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000640)={0x8, 0x8, 0x4, 0x100, {0x0, 0x7530}, {0x0, 0xc, 0xff, 0x20, 0x7, 0x100000000000000, "32ca3ad9"}, 0x31ff, 0x0, @planes=&(0x7f0000000600)={0xd59d, 0x93dc, @userptr=0x7fffffff, 0x40}, 0x4}) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f00000006c0)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40086409, &(0x7f0000000700)={r2}) setsockopt$inet_udp_int(r1, 0x11, 0x6f, &(0x7f0000000740)=0xffffffffffffffc1, 0x4) ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000780)=""/80) symlinkat(&(0x7f0000000800)='./file0\x00', r1, &(0x7f0000000840)='./file0\x00') write$FUSE_INTERRUPT(r0, &(0x7f0000000880)={0x10, 0x0, 0x7}, 0x10) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000008c0)={'veth0\x00', 0x4000}) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) write$P9_RREADLINK(r1, &(0x7f0000000900)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r3 = syz_open_dev$admmidi(&(0x7f0000000940)='/dev/admmidi#\x00', 0xf1, 0x1) r4 = openat$cgroup_type(r3, &(0x7f0000000980)='cgroup.type\x00', 0x2, 0x0) ioctl$FS_IOC_FSGETXATTR(r4, 0x801c581f, &(0x7f00000009c0)={0x7, 0x20, 0x6, 0x1, 0x5}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000a00)=0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000a40)) 19:51:50 executing program 1: 19:51:50 executing program 2: 19:51:50 executing program 3: 19:51:50 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000c00)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, 0x0, 0x5, 0x0, {0x14}}}, 0x30}}, 0x0) 19:51:50 executing program 3: syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @local, [], {@ipv4={0x4305, {{0x9, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast2=0xe0000001}, @tipc=@payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb}}}}}}}}}}, 0x0) 19:51:50 executing program 2: r0 = socket$tipc(0xa, 0x2, 0x88) connect$tipc(r0, &(0x7f00000000c0)=@nameseq={0xa}, 0x6a) sendmsg$tipc(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x8000) sendmsg$tipc(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000005c0)="f5", 0x1}], 0x1}, 0x0) 19:51:50 executing program 0: socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(0xffffffffffffffff, 0x0, 0x0) recvmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/73, 0x49}, {&(0x7f0000000180)=""/165, 0xa5}], 0x2}, 0x10000) sendmsg$tipc(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200), 0x2f4}, 0x0) 19:51:50 executing program 4: socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg$tipc(r0, &(0x7f0000000380)={&(0x7f0000000000)=@name, 0x10, 0x0, 0x0, 0x0, 0x40000}, 0x0) 19:51:51 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r1, 0x201, 0x0, 0x0, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xf0ffffffffffff, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) 19:51:51 executing program 3: syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @local, [], {@ipv4={0x4305, {{0x9, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast2=0xe0000001}, @tipc=@payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb}}}}}}}}}}, 0x0) 19:51:51 executing program 2: syz_emit_ethernet(0xfffffffffffffdd6, 0x0, &(0x7f0000000080)={0x0, 0xfffffffffffff7fc, [0x0, 0x132]}) [ 248.206293] Failed to obtain node identity [ 248.210799] Enabling of bearer rejected, failed to enable media [ 248.292895] Failed to obtain node identity [ 248.297497] Enabling of bearer rejected, failed to enable media [ 248.683070] IPVS: ftp: loaded support on port[0] = 21 [ 249.811572] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.818154] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.825988] device bridge_slave_0 entered promiscuous mode [ 249.888207] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.894810] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.902774] device bridge_slave_1 entered promiscuous mode [ 249.964662] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 250.028143] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 250.214038] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 250.278884] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 250.576905] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 250.584787] team0: Port device team_slave_0 added [ 250.644932] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 250.652744] team0: Port device team_slave_1 added [ 250.715147] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 250.722872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 250.731503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 250.795065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 250.858510] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 250.865951] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 250.874988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 250.933859] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 250.941150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.950355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.624205] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.630648] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.637646] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.644198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.652504] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 252.501948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 254.186605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.414381] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 254.654999] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 254.661348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 254.669604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 254.907414] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.368900] audit: type=1326 audit(1544471519.416:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8268 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a4ba code=0x0 19:52:00 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={&(0x7f0000001840)={0x14, r1, 0x735}, 0x14}}, 0x0) 19:52:00 executing program 4: syz_emit_ethernet(0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="8000000090780000080a0000000100000fff00000cea44d8bba09892d4bea6990af4c435da8dffe862e4ccc718c82996351608e593f83fe04e48348d9a93bed0c657c2476c899f30800c56b519d3c226705687215eecb64e3a4ad990ade593963ae4ee7e9535bb9e5a6cf15a0dfe88161797cbf9e9814d2fed421008e3c6e5d7b62bfe9103058e5cf6b39d01f21c82cd54ab244a411da2da1ba9e769257b575afe82516279d01d10a85bc5dcca8ab52dd2e927a85a5e1d4fde1e3174d2086880fc4fe2bfd38c1fa67d44cc13074cb029f098faceb0bd65acb9c81857e9bf2af06d423d30d84f7084b51248d6e28c6f2b6d87e7a248947c75f88e0b725bf8"], 0x0) 19:52:00 executing program 3: syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @local, [], {@ipv4={0x4305, {{0x9, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast2=0xe0000001}, @tipc=@payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb}}}}}}}}}}, 0x0) 19:52:00 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r1, 0x201, 0x0, 0x0, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xf0ffffffffffff, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) 19:52:00 executing program 2: socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCGETLINKNAME(r0, 0x89a1, &(0x7f0000000200)={0xfffe}) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f00000000c0)={0x10, 0x0, 0x25dfdbfb, 0x100000}, 0xc) getpeername$tipc(r0, &(0x7f0000000040)=@id, &(0x7f0000000100)=0x10) 19:52:00 executing program 0: syz_emit_ethernet(0x1062, &(0x7f00000005c0)={@link_local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "1dfa6f", 0x102c, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x4]}, @local, {[], @tipc=@payload_mcast={{{{{{0x102b, 0x0, 0x0, 0x0, 0x0, 0xb}}}}}}}}}}}, 0x0) [ 257.161164] audit: type=1326 audit(1544471520.206:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8268 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45a4ba code=0x0 [ 257.297195] Failed to obtain node identity [ 257.302199] Enabling of bearer rejected, failed to enable media 19:52:00 executing program 5: syz_emit_ethernet(0x1, &(0x7f0000000e40)=ANY=[@ANYBLOB="9387889ba7e500000000000086dd6092b0ed0000670000000000000000000000000000000000fe802000e1ffffff0000008ad8215faa83b35c79a6a664a7217bb200000000000000000000000000000000000000000000000000ac9385522d10000000000000008100000000000000000000000000000000000002000000000000006905fa25ae9ab9632271516537b4b5e0bcbee4b39f836d0730f3ad7664917e454741d2b9308a8e8ff13ea80347de6ee9000000007fa68eda099b87d7d6aa205d041a6df77101063f4c49cdf3384b2fb1faddc240cfca8977f0521a8a5feac99da0dea53e64d52059fb5a5430c6dccf9d12ffa77ef2df7c02c4d6d947e6a98cf9b1411edb8152e2744178c59e9a8cafe74d24e923ad7b122f14b6db14e05157142a067e885f2c0c0dd7ee34b60eb43f7b55d811acbd1736b861c07c9d6e720c417facca540125e0cb3532ced9b73ac837a382fcfa5978fa0a683c47f1d61151d0267a4bb9c847fe472dcb16ffcde98bdaf5e992f7961de218dafbf676cc"], 0x0) 19:52:00 executing program 0: syz_emit_ethernet(0x1062, &(0x7f00000005c0)={@link_local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "1dfa6f", 0x102c, 0x2c, 0x0, @dev={0xfe, 0x80, [0x0, 0x4]}, @local, {[], @tipc=@payload_mcast={{{{{{0x102b, 0x0, 0x0, 0x0, 0x0, 0xb}}}}}}}}}}}, 0x0) 19:52:00 executing program 3: syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @local, [], {@ipv4={0x4305, {{0x9, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast2=0xe0000001}, @tipc=@payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb}}}}}}}}}}, 0x0) 19:52:00 executing program 4: socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCGETLINKNAME(r0, 0x89a0, &(0x7f0000000200)={0x0, 0x0, [0x0, 0x0, 0x0, 0x300]}) 19:52:00 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r1, 0x201, 0x0, 0x0, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xf0ffffffffffff, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) 19:52:00 executing program 2: socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCGETLINKNAME(r0, 0x89a0, &(0x7f0000000200)={0xfeff, 0x0, [0x3]}) [ 257.713563] Failed to obtain node identity [ 257.717904] Enabling of bearer rejected, failed to enable media 19:52:00 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000c00)={0x30, r1, 0x101, 0x0, 0x0, {{}, 0x9effffff00000000, 0x400b, 0x0, {0x14}}}, 0x30}}, 0x0) 19:52:00 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0086dd60ff000000000000008000000000000000000000000000bbff02000000000000000000000000000100000000000000000000000000ef92ced6fbbc11000000000000d600000000000000000000"], 0x0) 19:52:00 executing program 3: syz_emit_ethernet(0x0, 0x0, 0x0) 19:52:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r1, 0x201, 0x0, 0x0, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xf0ffffffffffff, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) 19:52:01 executing program 4: syz_emit_ethernet(0x63, &(0x7f0000000080)={@local, @random="52bd94ee1087", [], {@ipv6={0x86dd, {0x0, 0x6, "3ddd60", 0x2d, 0x0, 0x0, @remote, @mcast2, {[], @tipc=@payload_mcast={{{{{{0x2d, 0x0, 0x8de, 0x0, 0x2, 0xb, 0x1, 0x2, 0x30, 0x0, 0x3, 0x0, 0x1, 0x1, 0x80000001, 0x6, 0x0, 0x4e24, 0x4e24}, 0x3, 0x2}, 0x4, 0x1}, 0x3}}, [0x0]}}}}}}, &(0x7f0000000140)={0x1, 0x4, [0xeb5, 0x595, 0x2ec, 0xb29]}) [ 258.125892] Failed to obtain node identity [ 258.130342] Enabling of bearer rejected, failed to enable media 19:52:01 executing program 3: syz_emit_ethernet(0x0, 0x0, 0x0) 19:52:01 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000380)={0x2c, r1, 0x813, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}]}, 0x2c}}, 0x0) 19:52:01 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000c00)={0x30, r1, 0x101, 0x0, 0x0, {{}, 0x9effffff00000000, 0x400b, 0x0, {0x14}}}, 0x30}}, 0x0) 19:52:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r1, 0x201, 0x0, 0x0, {{}, 0xf, 0x4101, 0x0, {0x20, 0x17, {0x0, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) 19:52:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, 0x0, 0x201, 0x0, 0x0, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xf0ffffffffffff, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) 19:52:01 executing program 3: syz_emit_ethernet(0x0, 0x0, 0x0) 19:52:01 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000c00)={0x30, r1, 0x101, 0x0, 0x0, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x0, 0x0, 0x9}}}}, 0x30}}, 0x0) [ 258.498720] Failed to obtain node identity [ 258.503304] Enabling of bearer rejected, failed to enable media [ 258.526299] Failed to obtain node identity [ 258.530667] Enabling of bearer rejected, failed to enable media 19:52:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, 0x0, 0x201, 0x0, 0x0, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xf0ffffffffffff, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) 19:52:01 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000380)={0x2c, r1, 0x813, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}]}, 0x2c}}, 0x0) 19:52:01 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000c00)={0x30, r1, 0x101, 0x0, 0x0, {{}, 0x9effffff00000000, 0x400b, 0x0, {0x14}}}, 0x30}}, 0x0) 19:52:01 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r1, 0x201, 0x0, 0x0, {{}, 0xf, 0x4101, 0x0, {0x20, 0x17, {0x0, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) 19:52:01 executing program 3: r0 = socket$tipc(0xa, 0x3, 0x88) connect$tipc(r0, &(0x7f00000000c0)=@nameseq={0xa}, 0x6a) sendmsg$tipc(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x804) 19:52:02 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, 0x0, 0x201, 0x0, 0x0, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xf0ffffffffffff, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) 19:52:02 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000380)={0x2c, r1, 0x813, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8}]}]}]}, 0x2c}}, 0x0) [ 259.002728] Failed to obtain node identity [ 259.007149] Enabling of bearer rejected, failed to enable media 19:52:02 executing program 4: r0 = socket$tipc(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@id={0x1e, 0x3, 0x0, {0x0, 0xc000000}}, 0x10) 19:52:02 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000600)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000640)={0x5c, r1, 0x201, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x48, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @remote, 0x1ff}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @loopback}}}}]}]}, 0x5c}}, 0x0) 19:52:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000600)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000640)={0x6c, r1, 0x201, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x0, @remote, 0x1ff}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @loopback}}}}]}]}, 0x6c}}, 0x0) 19:52:02 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r1, 0x201, 0x0, 0x0, {{}, 0xf, 0x4101, 0x0, {0x20, 0x17, {0x0, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) [ 259.392877] Started in network mode [ 259.396783] Own node identity fe8000000000000000000000000000bb, cluster identity 4711 [ 259.405268] ================================================================== [ 259.412653] BUG: KMSAN: uninit-value in __inet6_bind+0xb72/0x1ad0 [ 259.418898] CPU: 0 PID: 8376 Comm: syz-executor3 Not tainted 4.20.0-rc5+ #111 [ 259.426298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.435658] Call Trace: [ 259.438252] dump_stack+0x284/0x3b0 [ 259.441887] ? __inet6_bind+0xb72/0x1ad0 [ 259.445965] kmsan_report+0x12d/0x290 [ 259.449773] __msan_warning+0x76/0xc0 [ 259.453582] __inet6_bind+0xb72/0x1ad0 [ 259.457497] inet6_bind+0x27f/0x390 [ 259.461150] ? ipv6_mod_enabled+0x60/0x60 [ 259.465323] kernel_bind+0xc6/0xf0 [ 259.468875] udp_sock_create6+0x2ee/0x890 [ 259.473054] tipc_udp_enable+0x166f/0x1d70 [ 259.477343] ? tipc_udp_send_msg+0x7d0/0x7d0 [ 259.481761] __tipc_nl_bearer_enable+0x1213/0x1da0 [ 259.486742] tipc_nl_bearer_enable+0x6c/0xb0 19:52:02 executing program 4: r0 = socket$tipc(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@id={0x1e, 0x3, 0x0, {0x0, 0xc000000}}, 0x10) [ 259.491170] ? __tipc_nl_bearer_enable+0x1da0/0x1da0 [ 259.496285] genl_rcv_msg+0x185f/0x1a60 [ 259.500296] ? __msan_poison_alloca+0x1e0/0x270 [ 259.504987] netlink_rcv_skb+0x444/0x640 [ 259.509059] ? genl_unbind+0x390/0x390 [ 259.512972] genl_rcv+0x63/0x80 [ 259.516264] netlink_unicast+0xfc5/0x10a0 [ 259.520447] netlink_sendmsg+0x1298/0x13e0 [ 259.524717] ___sys_sendmsg+0xdbc/0x11d0 [ 259.528798] ? netlink_getsockopt+0x1830/0x1830 [ 259.533506] ? __fdget+0x2c6/0x430 [ 259.537072] __se_sys_sendmsg+0x305/0x460 [ 259.541270] __x64_sys_sendmsg+0x4a/0x70 [ 259.545343] do_syscall_64+0xcd/0x110 [ 259.549166] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 259.554360] RIP: 0033:0x457659 [ 259.557556] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 259.576545] RSP: 002b:00007f82ebc52c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 259.584272] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659 [ 259.591543] RDX: 0000000000000000 RSI: 00000000200008c0 RDI: 0000000000000003 [ 259.598808] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 259.606078] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f82ebc536d4 [ 259.613363] R13: 00000000004c421b R14: 00000000004d7160 R15: 00000000ffffffff [ 259.620656] [ 259.622279] Local variable description: ----udp6_addr@udp_sock_create6 [ 259.628942] Variable was created at: [ 259.632666] udp_sock_create6+0x80/0x890 [ 259.636731] tipc_udp_enable+0x166f/0x1d70 19:52:02 executing program 4: r0 = socket$tipc(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@id={0x1e, 0x3, 0x0, {0x0, 0xc000000}}, 0x10) 19:52:02 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r1, 0x401, 0x0, 0x0, {{}, 0x0, 0x4108, 0x0, {0x4c, 0x18, {0x0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0) [ 259.640958] ================================================================== [ 259.648310] Disabling lock debugging due to kernel taint [ 259.653772] Kernel panic - not syncing: panic_on_warn set ... [ 259.659673] CPU: 0 PID: 8376 Comm: syz-executor3 Tainted: G B 4.20.0-rc5+ #111 [ 259.668331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.677686] Call Trace: [ 259.680278] dump_stack+0x284/0x3b0 [ 259.683926] panic+0x533/0xb02 [ 259.687177] kmsan_report+0x290/0x290 19:52:02 executing program 1: r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x3c, r0, 0x201, 0x0, 0x0, {{}, 0x0, 0x4101, 0x0, {0x20, 0x17, {0xf0ffffffffffff, 0x0, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}}}}, 0x3c}}, 0x0) [ 259.691028] __msan_warning+0x76/0xc0 [ 259.694857] __inet6_bind+0xb72/0x1ad0 [ 259.698786] inet6_bind+0x27f/0x390 [ 259.702431] ? ipv6_mod_enabled+0x60/0x60 [ 259.706588] kernel_bind+0xc6/0xf0 [ 259.710152] udp_sock_create6+0x2ee/0x890 [ 259.714328] tipc_udp_enable+0x166f/0x1d70 [ 259.718629] ? tipc_udp_send_msg+0x7d0/0x7d0 [ 259.723058] __tipc_nl_bearer_enable+0x1213/0x1da0 [ 259.728041] tipc_nl_bearer_enable+0x6c/0xb0 [ 259.732463] ? __tipc_nl_bearer_enable+0x1da0/0x1da0 [ 259.737580] genl_rcv_msg+0x185f/0x1a60 [ 259.741585] ? __msan_poison_alloca+0x1e0/0x270 [ 259.746276] netlink_rcv_skb+0x444/0x640 [ 259.750337] ? genl_unbind+0x390/0x390 [ 259.754235] genl_rcv+0x63/0x80 [ 259.757531] netlink_unicast+0xfc5/0x10a0 [ 259.761707] netlink_sendmsg+0x1298/0x13e0 [ 259.765988] ___sys_sendmsg+0xdbc/0x11d0 [ 259.770063] ? netlink_getsockopt+0x1830/0x1830 [ 259.774779] ? __fdget+0x2c6/0x430 [ 259.778333] __se_sys_sendmsg+0x305/0x460 [ 259.782504] __x64_sys_sendmsg+0x4a/0x70 [ 259.786571] do_syscall_64+0xcd/0x110 [ 259.790380] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 259.795569] RIP: 0033:0x457659 [ 259.798781] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 259.817687] RSP: 002b:00007f82ebc52c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 259.825399] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659 [ 259.832670] RDX: 0000000000000000 RSI: 00000000200008c0 RDI: 0000000000000003 [ 259.839973] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 259.847335] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f82ebc536d4 [ 259.854607] R13: 00000000004c421b R14: 00000000004d7160 R15: 00000000ffffffff [ 259.862969] Kernel Offset: disabled [ 259.866597] Rebooting in 86400 seconds..