[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 27.763012] kauditd_printk_skb: 7 callbacks suppressed [ 27.763022] audit: type=1800 audit(1544575319.586:29): pid=5861 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 27.790695] audit: type=1800 audit(1544575319.596:30): pid=5861 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 30.944517] sshd (5999) used greatest stack depth: 15600 bytes left Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. 2018/12/12 00:42:09 fuzzer started 2018/12/12 00:42:11 dialing manager at 10.128.0.26:34565 2018/12/12 00:42:11 syscalls: 1 2018/12/12 00:42:11 code coverage: enabled 2018/12/12 00:42:11 comparison tracing: enabled 2018/12/12 00:42:11 setuid sandbox: enabled 2018/12/12 00:42:11 namespace sandbox: enabled 2018/12/12 00:42:11 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/12 00:42:11 fault injection: enabled 2018/12/12 00:42:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/12 00:42:11 net packet injection: enabled 2018/12/12 00:42:11 net device setup: enabled 00:44:57 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000000)={'sit0\x00', {0x2, 0x4e24, @rand_addr=0x100000000}}) r1 = signalfd4(r0, &(0x7f0000000040)={0xb1d}, 0x8, 0x80000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x6c, 0x84, 0x1, {"80fd5d144841fa7291fc693788be1fa0470dd49fa67e22074314916a0180817b25e743dba479f037e97e88c826f7a481ac29a4dca27527465bdb4c5d054d85fefd065d5fbb7ce564990427ccb53167d8f76cc7920f6aeb13a8ccb2b2b8c7fe77104d2226d2c8c10388de"}}, {0x0, "be90260945190cfb2d57ef7ef19f27042c59c7905f8a1c161b7caa7083f26709f47d151362499e59dfe5c6ab07698516be0515e4bde68c8af4aa8a"}}, &(0x7f0000000180)=""/172, 0xc1, 0xac, 0x1}, 0x20) recvmmsg(r0, &(0x7f0000005780)=[{{&(0x7f0000000280)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000300)=""/145, 0x91}], 0x1}, 0x8000}, {{&(0x7f0000000400)=@ipx, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000480)=""/227, 0xe3}, {&(0x7f0000000580)=""/68, 0x44}, {&(0x7f0000000600)=""/223, 0xdf}, {&(0x7f0000000700)=""/221, 0xdd}, {&(0x7f0000000800)=""/244, 0xf4}, {&(0x7f0000000900)=""/156, 0x9c}], 0x6, &(0x7f0000000a40)=""/134, 0x86}, 0x3}, {{&(0x7f0000000b00)=@tipc, 0x80, &(0x7f0000000d00)=[{&(0x7f0000000b80)=""/106, 0x6a}, {&(0x7f0000000c00)=""/152, 0x98}, {&(0x7f0000000cc0)=""/5, 0x5}], 0x3, &(0x7f0000000d40)=""/197, 0xc5}, 0x7f}, {{&(0x7f0000000e40)=@nfc, 0x80, &(0x7f0000001140)=[{&(0x7f0000000ec0)=""/85, 0x55}, {&(0x7f0000000f40)=""/181, 0xb5}, {&(0x7f0000001000)=""/79, 0x4f}, {&(0x7f0000001080)=""/187, 0xbb}], 0x4, &(0x7f0000001180)=""/114, 0x72}, 0xbf}, {{&(0x7f0000001200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000002280)=[{&(0x7f0000001280)=""/4096, 0x1000}], 0x1, &(0x7f00000022c0)=""/85, 0x55}, 0xa30}, {{0x0, 0x0, &(0x7f00000036c0)=[{&(0x7f0000002340)=""/168, 0xa8}, {&(0x7f0000002400)=""/96, 0x60}, {&(0x7f0000002480)=""/19, 0x13}, {&(0x7f00000024c0)=""/4096, 0x1000}, {&(0x7f00000034c0)=""/208, 0xd0}, {&(0x7f00000035c0)=""/233, 0xe9}], 0x6, &(0x7f0000003740)=""/204, 0xcc}}, {{&(0x7f0000003840)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000003bc0)=[{&(0x7f00000038c0)=""/197, 0xc5}, {&(0x7f00000039c0)=""/172, 0xac}, {&(0x7f0000003a80)=""/244, 0xf4}, {&(0x7f0000003b80)=""/32, 0x20}], 0x4, &(0x7f0000003c00)=""/224, 0xe0}, 0x100000000}, {{&(0x7f0000003d00)=@rc, 0x80, &(0x7f0000004100)=[{&(0x7f0000003d80)=""/20, 0x14}, {&(0x7f0000003dc0)=""/157, 0x9d}, {&(0x7f0000003e80)=""/85, 0x55}, {&(0x7f0000003f00)=""/18, 0x12}, {&(0x7f0000003f40)=""/39, 0x27}, {&(0x7f0000003f80)=""/89, 0x59}, {&(0x7f0000004000)=""/165, 0xa5}, {&(0x7f00000040c0)=""/23, 0x17}], 0x8, &(0x7f0000004180)=""/158, 0x9e}}, {{&(0x7f0000004240)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000005680)=[{&(0x7f00000042c0)=""/141, 0x8d}, {&(0x7f0000004380)}, {&(0x7f00000043c0)=""/14, 0xe}, {&(0x7f0000004400)=""/45, 0x2d}, {&(0x7f0000004440)=""/17, 0x11}, {&(0x7f0000004480)=""/4096, 0x1000}, {&(0x7f0000005480)=""/79, 0x4f}, {&(0x7f0000005500)=""/15, 0xf}, {&(0x7f0000005540)=""/89, 0x59}, {&(0x7f00000055c0)=""/188, 0xbc}], 0xa, &(0x7f0000005740)=""/60, 0x3c}, 0x3}], 0x9, 0x140, &(0x7f00000059c0)) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000005a40)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r3, &(0x7f0000005b80)={&(0x7f0000005a00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000005b40)={&(0x7f0000005a80)={0x98, r4, 0x500, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffffffffffffffff}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@rand_addr=0x8001}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x200}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x80}, 0x80) setsockopt$packet_buf(r3, 0x107, 0x5, &(0x7f0000005bc0)="6946a422e0c721f0bbbe0b916a4ea888b398651326cee74909dcb021eb0199062db337be9616f65893f4756749b83406c6a6f3f7a49e5946ef73c747a6abb2a337a677ea5e2002d00386a3adfd1c7591d5b3689dc13b9e9ddfc147e1f4757f21e629faef1710cd09ee953818bbb8c6587d1838d3ab5720275e143dc37d6340a6418cef3b213dacd9cbc52a499286c501c1e0b2000bfc8d176fe3b900851087cd0bed394eaec9fad60d9525723500f172019d9c6ddc14a2ceb72a536ca92d9ff605a92cf713ca9672b211d4ee74e69229c70cbd287c07ad61bb106647117a2ba0cc3d61ad16a3b616404fb807da2f1b349e7f", 0xf2) ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000005cc0)={0x5, [0xea, 0x8001, 0x9, 0x10001, 0x8]}) sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000005ec0)={&(0x7f0000005d00)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000005e80)={&(0x7f0000005d40)={0x114, r4, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x7f}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x7}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x23b5}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x8001}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xd3}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x7}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_SERVICE={0x44, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_AF={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8a}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3d}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x24, 0x1}}]}, @IPVS_CMD_ATTR_DEST={0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x380000000000}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x4}, 0x40) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000005f40)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r3, &(0x7f00000060c0)={&(0x7f0000005f00)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000006080)={&(0x7f0000005f80)={0xf8, r5, 0x220, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0xd4, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x483}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x76}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}]}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x14) ioctl$VT_RELDISP(r1, 0x5605) r6 = syz_open_dev$cec(&(0x7f0000006100)='/dev/cec#\x00', 0x3, 0x2) getsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f0000006140), 0x4) setsockopt$inet6_mreq(r6, 0x29, 0x15, &(0x7f0000006180)={@mcast1, r2}, 0x14) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000072c0)={&(0x7f00000061c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x30, 0xa729, {"e77b9d5c303931a44512cc535d97269bbf616efcdf42"}}, {0x0, "bd50b9cd641320b535e93ef098a47ceebdfe167072eeac798875ef6a8234130c864593b11d9bdc277f18f737fecb0e43d66535518a0683f4b36e64be527d7e7b8900da50340cd4f8006bb3b1100899e0d9e78838d9952ae969d25498f76e4bd36cc96995fbc36087fa4974b01dd4c689e08cf002646f9b7abbb0da84d00c1a42d9d0473022e5fa407b990dd9ad2ab845901fd117e3e1fe6a17448ce77e589275c1e86fb91c4120b98f409259b487d2ed1e8dac4eb51dcbdf"}}, &(0x7f00000062c0)=""/4096, 0xea, 0x1000, 0x1}, 0x20) ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000007300)={{0x7, 0x200, 0x8858, 0x7}, 'syz1\x00', 0x43}) clock_adjtime(0x0, &(0x7f0000007380)={0xfffffffffffffff7, 0x1, 0x7, 0x3ff, 0x2, 0x200, 0x4, 0x0, 0x6, 0x8000, 0xffff, 0x40, 0x400, 0x7ff, 0x1, 0x0, 0x10000, 0x5, 0x7, 0x4, 0x40, 0x10001, 0x8, 0x5, 0x7, 0xffffffffffffffe1}) mlockall(0x1) ioctl$KVM_GET_MSR_INDEX_LIST(r6, 0xc004ae02, &(0x7f0000007480)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000074c0)={r2, @empty, @dev={0xac, 0x14, 0x14, 0x1b}}, 0xc) ioctl$VIDIOC_S_EXT_CTRLS(r6, 0xc0205648, &(0x7f0000007580)={0x9f0000, 0x4, 0x0, [], &(0x7f0000007540)={0x990a90, 0x7fff, [], @p_u8=&(0x7f0000007500)=0xdd}}) r7 = msgget(0x1, 0x80) msgctl$MSG_STAT(r7, 0xb, &(0x7f00000075c0)=""/146) setsockopt$RDS_CONG_MONITOR(r6, 0x114, 0x6, &(0x7f0000007680), 0x4) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f00000076c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}}}, &(0x7f00000077c0)=0xe8) lstat(&(0x7f0000007800)='./file0\x00', &(0x7f0000007840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ENTRY(r6, &(0x7f00000078c0)={0x90, 0x0, 0x4, {0x5, 0x1, 0x1, 0x6, 0x401, 0x3ff, {0x6, 0x4, 0xa003, 0x0, 0x4, 0x1000, 0x923, 0x2, 0xfffffffffffff3d4, 0x7fffffff, 0x9efb, r8, r9, 0x7, 0x1}}}, 0x90) write$FUSE_NOTIFY_POLL(r6, &(0x7f0000007980)={0x18, 0x1, 0x0, {0x2}}, 0x18) [ 205.334980] IPVS: ftp: loaded support on port[0] = 21 00:44:57 executing program 1: r0 = memfd_create(&(0x7f0000000000)='^)\x00', 0x1) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000040)={&(0x7f0000ffd000/0x2000)=nil, 0x1, 0x5, 0x58, &(0x7f0000ffd000/0x2000)=nil, 0xff}) getsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000100)=0x0) ptrace$pokeuser(0x6, r1, 0x616d6d3f, 0x815d) r2 = eventfd(0x7) waitid(0x2, r1, &(0x7f0000000140), 0x40000001, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4, 0x1812, r0, 0x0) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f00000001c0)='syz0\x00') write$cgroup_pid(r0, &(0x7f0000000200)=r1, 0x12) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000240)={0x4, 0x6, 0x0, 0x4, 0x7ff, 0x8}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000280)={0xffffffffffffffff}, 0x13f, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f0000000300)={0xa, 0x4, 0xfa00, {r3}}, 0xc) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x9) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000340)=""/16) r4 = inotify_add_watch(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x80000000) inotify_rm_watch(r0, r4) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x1) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000003c0)={0x0, 0x1, 0x101, 0x100000001, 0x80, 0x8000}, &(0x7f0000000400)=0x14) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000440)={r5, 0x5}, 0x8) ioctl$KVM_S390_UCAS_UNMAP(r0, 0x4018ae51, &(0x7f0000000480)={0x7d83, 0x0, 0x4}) write$cgroup_int(r0, &(0x7f00000004c0)=0x1000, 0x12) fcntl$getownex(r2, 0x10, &(0x7f0000000500)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000540)='/dev/uinput\x00', 0x2, 0x0) clock_gettime(0x0, &(0x7f0000000580)={0x0, 0x0}) write$evdev(r0, &(0x7f00000005c0)=[{{r6, r7/1000+30000}, 0x3, 0x7, 0x2}], 0x18) lstat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getgid() chown(&(0x7f0000000600)='./file0\x00', r8, r9) iopl(0x7) [ 205.584817] IPVS: ftp: loaded support on port[0] = 21 00:44:57 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x80, 0x0) ioctl$RNDCLEARPOOL(r0, 0x5206, &(0x7f0000000040)=0x81) ioctl$TIOCGPTPEER(r0, 0x5441, 0x8) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000080)=0x237, 0x4) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r1 = fcntl$getown(r0, 0x9) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000140)=0x0) kcmp(r1, r2, 0x0, r0, r0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r3, 0x510, 0x70bd2a, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000) fstatfs(r0, &(0x7f0000000300)=""/60) r4 = shmget(0x3, 0x1000, 0x1000, &(0x7f0000ffe000/0x1000)=nil) shmctl$SHM_INFO(r4, 0xe, &(0x7f0000000340)=""/147) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000400)=""/200) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000d00)={0x53, 0xffffffffffffffff, 0x60, 0x200, @scatter={0x9, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000500)=""/228, 0xe4}, {&(0x7f0000000600)=""/137, 0x89}, {&(0x7f00000006c0)}, {&(0x7f0000000700)=""/202, 0xca}, {&(0x7f0000000800)=""/94, 0x5e}, {&(0x7f0000000880)=""/18, 0x12}, {&(0x7f00000008c0)=""/5, 0x5}, {&(0x7f0000000900)=""/222, 0xde}, {&(0x7f0000000a00)=""/183, 0xb7}]}, &(0x7f0000000b80)="891b9e616d282155a21168c35b2ba07416c48b8326655c7b79c1ccf8bd5e06d2ddcd97e770fca5e3e3bafeba0457ba7be566b0a30351c40bbdc2e3fc49e04a0a852002a6d0450f7097af275fa33beec894403046d3fb46de2cef17a8968b6431", &(0x7f0000000c00)=""/138, 0x20, 0x10014, 0xffffffffffffffff, &(0x7f0000000cc0)}) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f0000000d80)) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f0000000e40)) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000f00)={0x2b, @local, 0x4e20, 0x2, 'sh\x00', 0x21, 0x8, 0x30}, 0x2c) ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000f40)={0x1, 0x80000001}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000f80)='veth0_to_bridge\x00', 0x10) r5 = syz_open_dev$sndpcmp(&(0x7f0000000fc0)='/dev/snd/pcmC#D#p\x00', 0x7, 0x2000) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000001000)=0x10000) writev(r0, &(0x7f0000001100)=[{&(0x7f0000001040)="8273e7ad58571a9bbf852658c35427c45e241e7e6d30dcadfb98189234216c640cc5445d05cdaaba79b7a2bb606a174fb21191f24c434be3887b6709efe64277bf3d23a1bd41ceed3874a35990d05f4f9967441527f7de2c48f54451bebfa70ab32caeae89cd9ab5edcb5b086e13937b4046ec81a0abfc1d59aa7f427db4628321766c49c565cba711de9ff1b9ecbc167230a872088651eb5175ea9d9be26044a7e57038c58ca657d226aefc3756b8893b6860d29a", 0xb5}], 0x1) bind$vsock_dgram(r5, &(0x7f0000001140)={0x28, 0x0, 0x0, @reserved}, 0x10) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000001180)={0x3, 0x7ff, 0x2, 0x4, 0x3}) setsockopt$IP_VS_SO_SET_STARTDAEMON(r5, 0x0, 0x48b, &(0x7f00000011c0)={0x1, 'teql0\x00', 0x2}, 0x18) r6 = syz_open_dev$mouse(&(0x7f0000001200)='/dev/input/mouse#\x00', 0x5, 0x400002) ioctl$KVM_SMI(r6, 0xaeb7) [ 205.935124] IPVS: ftp: loaded support on port[0] = 21 00:44:57 executing program 3: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x19, &(0x7f0000000080)=',,*vmnet1bdev/)vboxnet0]\x00', 0xffffffffffffffff}, 0x30) tgkill(r0, r3, 0x23) r5 = perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x5, 0xfffffffffffffff7, 0x0, 0x400, 0x0, 0xfffffffffffffffe, 0x2a006, 0xe, 0x3, 0x1, 0x0, 0x1f, 0xffffffffffff7652, 0xffffffffffffc3fd, 0x2, 0xfff, 0x4f39, 0x4000000000000000, 0x3, 0xc3, 0x7, 0x6, 0xb2e4, 0x5, 0x6, 0x80, 0xffffffffffffffff, 0x8c39, 0x40000, 0x3, 0x176c5529, 0x10001, 0xf08, 0xfffffffffffffffd, 0x1, 0x80000000, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000100), 0x5}, 0x280, 0x0, 0xffffffffffff5c4b, 0x6, 0x8, 0x2, 0x1}, 0x0, 0x3, 0xffffffffffffff9c, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x3) r6 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f00000001c0)={0x0, 0x7ff}, 0x8) r7 = dup3(r5, r4, 0x80000) ioctl$TIOCGPGRP(r7, 0x540f, &(0x7f0000000200)=0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x538a7136, 0x401, 0x6, 0x20000000000, 0x10000}, &(0x7f0000000280)=0x14) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r7, 0x84, 0xf, &(0x7f00000002c0)={r9, @in={{0x2, 0x4e21, @multicast1}}, 0x2, 0xfffffffffffffffd, 0x1, 0x8, 0x1000}, &(0x7f0000000380)=0x98) ioctl$RTC_SET_TIME(r7, 0x4024700a, &(0x7f00000003c0)={0x1d, 0x5, 0xb, 0x1e, 0x0, 0x400, 0x2, 0x9e, 0x1}) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000400)) ioctl$KVM_S390_UCAS_MAP(r7, 0x4018ae50, &(0x7f0000000440)={0x8, 0x7, 0x7}) ioctl$VIDIOC_DBG_G_CHIP_INFO(r7, 0xc0c85666, &(0x7f0000000480)={{0x0, @addr=0x1}, "59b30ab9ee55292164f45da62175d14192b346751907549f1a74cdd2279c094a", 0x2}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000580)={0xffffffffffffffff}) getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000840)={{{@in=@multicast1, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in=@multicast1}}, &(0x7f0000000940)=0xe8) sendmsg$nl_route(r6, &(0x7f0000000a00)={&(0x7f00000005c0), 0xc, &(0x7f00000009c0)={&(0x7f0000000980)=@ipv4_deladdr={0x38, 0x15, 0x200, 0x70bd26, 0x25dfdbfc, {0x2, 0x80, 0x20, 0xfd, r11}, [@IFA_ADDRESS={0x8, 0x1, @loopback}, @IFA_ADDRESS={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x10}}, @IFA_FLAGS={0x8, 0x8, 0x20}, @IFA_BROADCAST={0x8, 0x4, @remote}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) syz_init_net_socket$bt_l2cap(0x1f, 0x7, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000a40)={@ipv4={[], [], @remote}, 0x3, 0x1, 0x1, 0x0, 0x9cec, 0x3}, &(0x7f0000000a80)=0x20) prctl$PR_CAPBSET_DROP(0x18, 0x1e) setsockopt$inet_sctp_SCTP_EVENTS(r7, 0x84, 0xb, &(0x7f0000000ac0)={0x24, 0x3f, 0x7, 0x7f, 0x8001, 0x6, 0x8001, 0x3, 0x10001, 0x7, 0x1}, 0xb) write(r10, &(0x7f0000000b00)="2306460510ad3496094ede3741461db7b86684357037053c4ea012de73e925d568ee7a2d1f140493d5b2b6855285d4eb8377b2e72c807e6d9246f312b0a584b3285edb680ac46e4bd6812e68dcf23c1c994adba1937b98b24096f1ea6afc46af97f6f4f7ba1e6f461420e6fb04fa4f4026e2aa208ca977c0838d8f791c47b72c61dc4670ff42152a175df8666e22d5389b746fcb8951173a8b14dbf2525f2cd2122b0b60a0f6b3e40e57c01cee11eb91dca579ae187f3a72ea1a86a239f79dd7c739e55115bdbe52cc1b5633d823f0343113ce66f26051c3e1bd6eb8a9f7d7f7c73c87b1c30651d297f4b263e7", 0xed) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r7, 0x84, 0xc, &(0x7f0000000c00)=0x9f4d, 0x4) pipe2(&(0x7f0000000c40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r12, 0x29, 0xd3, &(0x7f0000000c80)={{0xa, 0x4e22, 0x3b46, @mcast1, 0x200}, {0xa, 0x4e23, 0x2000000000000000, @mcast2, 0x7}, 0x1ff, [0x8000, 0x3ff, 0x3, 0x2225, 0x10000, 0x350, 0x7, 0x400]}, 0x5c) ioctl$PIO_FONTRESET(r13, 0x4b6d, 0x0) sendmsg$unix(r7, &(0x7f0000000f40)={&(0x7f0000000d00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000ec0)=[{&(0x7f0000000d80)="aebc760b79353a5adec61ec71ae5e2c939a71eae49998b359d6dd435bff2ccbdc79c7de252c8e515f1a33cf701bcb6ae3028a00cbd1890ddd6e649b46de86a59e4c8b584e7f3440b0390fc799eb28e49899099d6eb75886bdeb2c6428e23fd4dfad5a05a1bde2e6513e1f50af893c9f61ee848a9b27e59501d9a15d534d8557972d779893892f0dcd02b9245e500286f18a650f6a28554f6ef2a4e8cc541f48b1ebe9f72ee24409ca8a793cdecd1cccae527f624000c498c6227310076b7da10121260af62cea87aabc8c49ba1e1eb33df3c1a60d2ab9230187bf076b0be05aac3ec4d3e5eeb0a986443ff", 0xeb}, {&(0x7f0000000e80)}], 0x2, &(0x7f0000000f00)=[@cred={0x20, 0x1, 0x2, r8, r1, r2}], 0x20, 0x40000}, 0x90) ioctl$VHOST_SET_LOG_FD(r12, 0x4004af07, &(0x7f0000000f80)=r7) [ 206.295612] IPVS: ftp: loaded support on port[0] = 21 00:44:58 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040), &(0x7f0000000080)=0x4) fsetxattr$security_ima(r0, &(0x7f00000000c0)='security.ima\x00', &(0x7f0000000100)=@sha1={0x1, "042170270307c4321ec42d45715f86e645901ca1"}, 0x15, 0x1) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000240)={&(0x7f0000000140), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r1, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x414a}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) read(r0, &(0x7f0000000280)=""/174, 0xae) prctl$PR_CAPBSET_READ(0x17, 0xc) syz_genetlink_get_family_id$ipvs(&(0x7f0000000340)='IPVS\x00') r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz0\x00', 0x200002, 0x0) fsetxattr$security_ima(r2, &(0x7f00000003c0)='security.ima\x00', &(0x7f0000000400)=@sha1={0x1, "5d76dc9c6827294e501756a72ba956a807be60b6"}, 0x15, 0x2) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000440)=0x0) syz_open_procfs$namespace(r3, &(0x7f0000000480)='ns/pid_for_children\x00') r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/dlm-monitor\x00', 0x400, 0x0) ioctl$SG_GET_PACK_ID(r0, 0x227c, &(0x7f0000000500)) ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000000540)=""/24) setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0) bind$bt_sco(r4, &(0x7f0000000580)={0x1f, {0x6, 0x100000000, 0xbe49, 0x5, 0xffffffff, 0x7}}, 0x8) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x7ff) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000006c0)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000005c0)="e7479f3ded8466656033a8dfb74ceca7532eb8e74f37b814965f1f65778192efe66f43b665db4136a5a33b3b0df3c8d7f0b013ef553733a3368b049e07bd1dbe14e430d2e5ebf8122c17d37f02de63d23fe3d6dd622a25e8c7b558c5a94d18b6d44add8311493efead2fc16f042dc80dfcf9518d0124dcc88e67593ada46ca09959a0c237c2e7e324e2e0de127bf92e6f6a1f32788f40075453a49601f969d8b6a59b329da9d0d91d97a8e56a631e3e546fc0df607095e62f5a4c8a6ab7e7bd01accda", 0xc3, r4}, 0x68) ioctl$KDSETKEYCODE(r2, 0x4b4d, &(0x7f0000000740)={0xffffffffffff03a9, 0x1f}) ioctl$PPPIOCSMRU(r0, 0x40047452, &(0x7f0000000780)=0x10001) ioctl$BLKIOMIN(r4, 0x1278, &(0x7f00000007c0)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x10) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x9) syz_open_dev$loop(&(0x7f0000000800)='/dev/loop#\x00', 0x3, 0x40) open(&(0x7f0000000840)='./file0\x00', 0x800, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000880)={0x3f, 0x80000001, 0x53, 0x0, 0x200, 0xf8, 0x8, 0x100, 0xffffffffffffff81, 0xfffffffffffffffb}) readlink(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)=""/79, 0x4f) syz_open_dev$usbmon(&(0x7f0000000980)='/dev/usbmon#\x00', 0x4, 0x80000) ioctl$KDENABIO(r4, 0x4b36) [ 206.855017] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.877361] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.885032] device bridge_slave_0 entered promiscuous mode [ 206.972305] IPVS: ftp: loaded support on port[0] = 21 [ 207.011017] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.024784] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.032387] device bridge_slave_1 entered promiscuous mode [ 207.164004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 207.223535] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.257056] bridge0: port 1(bridge_slave_0) entered disabled state 00:44:59 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x80000, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x7, 0x4) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000080)={{{@in=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @broadcast}}, 0x0, @in=@multicast1}}, &(0x7f0000000180)=0xe8) setsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f00000001c0)={@local, r1}, 0x14) ioctl$BLKIOOPT(r0, 0x1279, &(0x7f0000000200)) ioctl$SNDRV_TIMER_IOCTL_STATUS(r0, 0x80605414, &(0x7f0000000240)=""/17) readv(r0, &(0x7f0000000280), 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000002c0)={0x3, 0x0, 0x5, 0x6, 0x3f, 0xf68000000000000, 0x6, 0x3, 0x0}, &(0x7f0000000300)=0x20) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000340)={r2, 0x8c, 0x4e, "ad73cab27f4386705d6e22932182f78c88d1e030eb352e46765e4415faefd1d7f3224c2a97a176f3f831dacdb8ed27d4c3d757eae939c6b38376fb5161b5024b2033efbf227e536e4aadb22f6302"}, 0x56) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000003c0)={0x5d, 0xffff, 0x3ff, 0xffffffffffffffff, 0x401, 0x9}) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000000400)=""/93) sysinfo(&(0x7f0000000480)=""/143) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000540)={r2, @in6={{0xa, 0x4e21, 0xffff, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x2355}}, 0x6}}}, 0x84) write$P9_RRENAMEAT(r0, &(0x7f0000000600)={0x7, 0x4b, 0x1}, 0x7) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000640)=""/113, &(0x7f00000006c0)=0x71) r3 = getpgrp(0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000700)=r3) prctl$PR_SET_TSC(0x1a, 0x2) write$P9_RWALK(r0, &(0x7f0000000740)={0x16, 0x6f, 0x2, {0x1, [{0x2, 0x2, 0x6}]}}, 0x16) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000780)={0x0, 0x0, [], @bt={0x1116, 0xdd9, 0x101, 0x40b5, 0x100, 0x10000, 0x19}}) mount$9p_fd(0x0, &(0x7f0000000840)='./file0\x00', &(0x7f0000000880)='9p\x00', 0x80, &(0x7f00000008c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@aname={'aname', 0x3d, 'system+'}}, {@posixacl='posixacl'}, {@debug={'debug', 0x3d, 0xb2a}}, {@debug={'debug', 0x3d, 0xff}}, {@fscache='fscache'}, {@afid={'afid', 0x3d, 0x7}}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@dont_measure='dont_measure'}]}}) sysfs$2(0x2, 0x1ff, &(0x7f00000009c0)=""/4096) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000019c0)={'vcan0\x00', r1}) r4 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r4) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000001a00)={0xfffffffffffffffc, 0x5, 0x6, 0x3de4, 0x3, 0x4}) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000001a40)=0x5, 0x4) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000001a80)) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000001ac0)=0x1) ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000001b00)=""/11) [ 207.276092] device bridge_slave_0 entered promiscuous mode [ 207.346798] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 207.377078] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.383578] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.403508] device bridge_slave_1 entered promiscuous mode [ 207.530836] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 207.605034] IPVS: ftp: loaded support on port[0] = 21 [ 207.656382] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 207.679550] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 207.776967] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.023055] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.033670] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.047979] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.055319] device bridge_slave_0 entered promiscuous mode [ 208.158157] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.194354] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.213401] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.229302] device bridge_slave_1 entered promiscuous mode [ 208.352798] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.379504] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.387326] device bridge_slave_0 entered promiscuous mode [ 208.396540] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 208.407966] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 208.419149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.451061] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.466882] team0: Port device team_slave_0 added [ 208.523681] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 208.533194] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.552439] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.570930] device bridge_slave_1 entered promiscuous mode [ 208.593608] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 208.610024] team0: Port device team_slave_1 added [ 208.674493] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 208.724283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 208.741856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.752607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.803937] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 208.829700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 208.861826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.876697] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.888380] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.925583] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.933946] team0: Port device team_slave_0 added [ 208.947606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.957359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.965318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.061863] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.074904] team0: Port device team_slave_1 added [ 209.111438] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.135368] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.157655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.165730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.212976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.235154] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.268049] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.274460] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.287555] device bridge_slave_0 entered promiscuous mode [ 209.347026] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.365689] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.395465] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.416151] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.436587] device bridge_slave_1 entered promiscuous mode [ 209.459271] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 209.469584] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.484484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.501727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.532141] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.544941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.560554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.598551] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.607717] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.628150] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.636141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.644002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.687736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.755420] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.772453] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.786371] device bridge_slave_0 entered promiscuous mode [ 209.796757] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.905411] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.938368] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.945804] device bridge_slave_1 entered promiscuous mode [ 209.964680] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.972629] team0: Port device team_slave_0 added [ 209.987018] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.016812] team0: Port device team_slave_0 added [ 210.080849] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.100307] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.130643] team0: Port device team_slave_1 added [ 210.137195] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.144420] team0: Port device team_slave_1 added [ 210.185066] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.265800] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.286238] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.331891] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.356969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.386558] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.435023] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.442421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.454533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.479667] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.495313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.510863] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.531124] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.547572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.561483] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.582238] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.608614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.627086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.659144] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.675901] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.700966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.717115] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.725823] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.746684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.765037] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.771622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.778861] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.785231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.794016] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.823949] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.837629] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.844683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.856287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.876650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.047966] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.057080] team0: Port device team_slave_0 added [ 211.154591] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.161044] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.167760] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.174143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.202620] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.210441] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.223536] team0: Port device team_slave_1 added [ 211.327298] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.370301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.392781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.419878] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.427597] team0: Port device team_slave_0 added [ 211.440554] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.456404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.464294] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.550375] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.569100] team0: Port device team_slave_1 added [ 211.588423] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.597191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.636800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.674078] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.701621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.712532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.728904] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.753367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.767783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.783210] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.796270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.807951] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.911538] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.920424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.935799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.025874] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.043820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.059690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.097214] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.103705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.110433] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.116895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.152306] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 212.390234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.550850] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.557282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.563900] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.570309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.588877] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.133870] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.140353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.147079] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.153466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.168100] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.373232] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.379698] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.386425] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.392804] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.414722] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.421305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.430003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.437771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 215.846203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.260183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.297050] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 216.660593] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 216.766759] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 216.773042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.783977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.937723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.145667] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 217.166740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.172920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 217.188539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.199976] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.356727] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 217.562590] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.618798] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 217.788555] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 217.815529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 217.823106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 218.002946] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 218.010620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 218.020345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 218.065660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.254149] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.327568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.406138] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.553207] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 218.698350] ================================================================== [ 218.705969] BUG: KASAN: use-after-free in __list_del_entry_valid+0xf1/0x100 [ 218.713087] Read of size 8 at addr ffff8881b9e74270 by task ip/7300 [ 218.719491] [ 218.721132] CPU: 1 PID: 7300 Comm: ip Not tainted 4.20.0-rc6-next-20181210+ #164 [ 218.728671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.738032] Call Trace: [ 218.740655] dump_stack+0x244/0x39d [ 218.744292] ? dump_stack_print_info.cold.1+0x20/0x20 [ 218.749607] ? printk+0xa7/0xcf [ 218.752901] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 218.757683] print_address_description.cold.4+0x9/0x1ff [ 218.763068] ? __list_del_entry_valid+0xf1/0x100 [ 218.767844] kasan_report.cold.5+0x1b/0x39 [ 218.772088] ? __list_del_entry_valid+0xf1/0x100 [ 218.776860] ? refcount_sub_and_test_checked+0x180/0x310 [ 218.782308] ? __list_del_entry_valid+0xf1/0x100 [ 218.787055] __asan_report_load8_noabort+0x14/0x20 [ 218.791981] __list_del_entry_valid+0xf1/0x100 [ 218.796558] neigh_mark_dead+0x13b/0x410 [ 218.800613] ? neigh_change_state+0x680/0x680 [ 218.805108] ? kasan_check_write+0x14/0x20 [ 218.809337] ? do_raw_write_lock+0x14f/0x310 [ 218.813734] ? do_raw_read_unlock+0x70/0x70 [ 218.818044] ? __lock_is_held+0xb5/0x140 [ 218.822203] neigh_flush_dev+0x3a1/0x960 [ 218.826256] ? neigh_changeaddr+0x24/0x40 [ 218.830404] ? __neigh_for_each_release+0x4f0/0x4f0 [ 218.835412] ? do_raw_read_unlock+0x70/0x70 [ 218.839730] ? net_to_rxe+0xe1/0x110 [ 218.843441] neigh_changeaddr+0x31/0x40 [ 218.847419] ndisc_netdev_event+0xe6/0x5b0 [ 218.851650] ? ndisc_send_unsol_na+0x500/0x500 [ 218.856227] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 218.861756] ? netconsole_netdev_event+0x7d/0x280 [ 218.866607] notifier_call_chain+0x17e/0x380 [ 218.871148] ? unregister_die_notifier+0x20/0x20 [ 218.875897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.881433] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 218.886976] ? rtnl_is_locked+0xb5/0xf0 [ 218.890949] ? rtnl_trylock+0x20/0x20 [ 218.894747] raw_notifier_call_chain+0x2d/0x40 [ 218.899325] call_netdevice_notifiers_info+0x3f/0x90 [ 218.904419] dev_set_mac_address+0x293/0x3b0 [ 218.908821] ? netdev_state_change+0x1a0/0x1a0 [ 218.913402] ? lru_cache_add+0xa50/0xa50 [ 218.917459] ? cpumask_any_but+0xb1/0xe0 [ 218.921517] do_setlink+0x7c7/0x3f30 [ 218.925777] ? print_usage_bug+0xc0/0xc0 [ 218.929832] ? find_held_lock+0x36/0x1c0 [ 218.933889] ? validate_linkmsg+0xa50/0xa50 [ 218.938203] ? wp_page_copy+0x1a0e/0x2720 [ 218.943067] ? lock_downgrade+0x900/0x900 [ 218.947215] ? mark_held_locks+0x130/0x130 [ 218.951446] ? mark_held_locks+0x130/0x130 [ 218.955677] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 218.960860] ? validate_nla+0x29a/0x1650 [ 218.964914] ? nla_memcmp+0x90/0x90 [ 218.968535] ? mark_held_locks+0x130/0x130 [ 218.972765] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 218.978315] ? rtnl_is_locked+0xb5/0xf0 [ 218.982285] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 218.987295] ? validate_linkmsg+0x271/0xa50 [ 218.991628] ? rtnl_stats_dump+0xd70/0xd70 [ 218.995951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.001484] ? netdev_master_upper_dev_get+0x173/0x250 [ 219.006752] ? __nla_parse+0x12c/0x3e0 [ 219.010647] ? netdev_has_any_upper_dev+0x170/0x170 [ 219.016114] __rtnl_newlink+0xcde/0x19e0 [ 219.020183] ? rtnl_link_unregister+0x390/0x390 [ 219.024856] ? rcu_read_unlock_special+0x370/0x370 [ 219.029780] ? rcu_softirq_qs+0x20/0x20 [ 219.033748] ? unwind_dump+0x190/0x190 [ 219.037642] ? is_bpf_text_address+0xd3/0x170 [ 219.042131] ? kernel_text_address+0x79/0xf0 [ 219.046553] ? __kernel_text_address+0xd/0x40 [ 219.051052] ? unwind_get_return_address+0x61/0xa0 [ 219.055979] ? __save_stack_trace+0x8d/0xf0 [ 219.060301] ? save_stack+0xa9/0xd0 [ 219.063921] ? save_stack+0x43/0xd0 [ 219.067537] ? kasan_kmalloc+0xcb/0xd0 [ 219.071416] ? kmem_cache_alloc_trace+0x154/0x740 [ 219.076261] ? rtnl_newlink+0x4d/0xa0 [ 219.080052] ? rtnetlink_rcv_msg+0x46a/0xc20 [ 219.084454] ? netlink_rcv_skb+0x172/0x440 [ 219.088774] ? rtnetlink_rcv+0x1c/0x20 [ 219.092652] ? netlink_unicast+0x5a5/0x760 [ 219.097051] ? netlink_sendmsg+0xa18/0xfc0 [ 219.101313] ? rtnl_newlink+0x4d/0xa0 [ 219.105134] ? rcu_read_lock_sched_held+0x14f/0x180 [ 219.110145] ? kmem_cache_alloc_trace+0x356/0x740 [ 219.114988] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 219.120349] ? ns_capable_common+0x13f/0x170 [ 219.124756] ? rcu_read_unlock_special+0x370/0x370 [ 219.129683] rtnl_newlink+0x6b/0xa0 [ 219.133312] ? __rtnl_newlink+0x19e0/0x19e0 [ 219.137632] rtnetlink_rcv_msg+0x46a/0xc20 [ 219.141865] ? rtnl_fdb_dump+0xd00/0xd00 [ 219.145936] netlink_rcv_skb+0x172/0x440 [ 219.149995] ? rtnl_fdb_dump+0xd00/0xd00 [ 219.154050] ? netlink_ack+0xb80/0xb80 [ 219.157928] ? rcu_read_unlock_special+0x370/0x370 [ 219.162859] rtnetlink_rcv+0x1c/0x20 [ 219.166570] netlink_unicast+0x5a5/0x760 [ 219.170633] ? netlink_attachskb+0x9a0/0x9a0 [ 219.175033] ? aa_sk_perm+0x22b/0x8e0 [ 219.178825] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 219.183838] netlink_sendmsg+0xa18/0xfc0 [ 219.187954] ? netlink_unicast+0x760/0x760 [ 219.192191] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 219.197116] ? apparmor_socket_sendmsg+0x29/0x30 [ 219.202042] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.207665] ? security_socket_sendmsg+0x94/0xc0 [ 219.212415] ? netlink_unicast+0x760/0x760 [ 219.216647] sock_sendmsg+0xd5/0x120 [ 219.220360] ___sys_sendmsg+0x7fd/0x930 [ 219.224349] ? copy_msghdr_from_user+0x580/0x580 [ 219.229193] ? graph_lock+0x270/0x270 [ 219.232992] ? graph_lock+0x270/0x270 [ 219.236796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.242335] ? __fget_light+0x2e9/0x430 [ 219.246310] ? fget_raw+0x20/0x20 [ 219.249755] ? find_held_lock+0x36/0x1c0 [ 219.253828] ? __do_page_fault+0x62e/0xd70 [ 219.258066] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.263606] ? sockfd_lookup_light+0xc5/0x160 [ 219.268124] __sys_sendmsg+0x11d/0x280 [ 219.272005] ? __ia32_sys_shutdown+0x80/0x80 [ 219.276406] ? kasan_check_write+0x14/0x20 [ 219.280644] ? up_read+0x225/0x2c0 [ 219.284188] ? up_read_non_owner+0x100/0x100 [ 219.288608] ? do_syscall_64+0x9a/0x820 [ 219.292575] ? do_syscall_64+0x9a/0x820 [ 219.296564] ? trace_hardirqs_off_caller+0x310/0x310 [ 219.301670] __x64_sys_sendmsg+0x78/0xb0 [ 219.305727] do_syscall_64+0x1b9/0x820 [ 219.309613] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 219.314983] ? syscall_return_slowpath+0x5e0/0x5e0 [ 219.319905] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 219.324753] ? trace_hardirqs_on_caller+0x310/0x310 [ 219.329761] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 219.334770] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.340315] ? prepare_exit_to_usermode+0x291/0x3b0 [ 219.345337] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 219.350177] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.355359] RIP: 0033:0x7f0580cf5320 [ 219.359085] Code: 02 48 83 c8 ff eb 8d 48 8b 05 14 7b 2a 00 f7 da 64 89 10 48 83 c8 ff eb c9 90 83 3d d5 d2 2a 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e ba 00 00 48 89 04 24 [ 219.380774] RSP: 002b:00007ffcf777c928 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 219.388477] RAX: ffffffffffffffda RBX: 00007ffcf7780a20 RCX: 00007f0580cf5320 [ 219.395744] RDX: 0000000000000000 RSI: 00007ffcf777c960 RDI: 0000000000000003 [ 219.403005] RBP: 00007ffcf777c960 R08: 0000000000000000 R09: 0000000000000000 [ 219.410268] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005c105a18 [ 219.417616] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffcf7781200 [ 219.424913] [ 219.426542] Allocated by task 5: [ 219.429914] save_stack+0x43/0xd0 [ 219.433356] kasan_kmalloc+0xcb/0xd0 [ 219.437059] __kmalloc+0x15d/0x760 [ 219.440598] ___neigh_create+0x13fc/0x2600 [ 219.444839] __neigh_create+0x30/0x40 [ 219.448632] ip6_finish_output2+0xa64/0x2940 [ 219.453029] ip6_finish_output+0x58c/0xc60 [ 219.457262] ip6_output+0x232/0x9d0 [ 219.460879] ndisc_send_skb+0x1005/0x1560 [ 219.465108] ndisc_send_rs+0x134/0x6e0 [ 219.469000] addrconf_dad_completed+0x331/0xbf0 [ 219.473672] addrconf_dad_work+0x77b/0x1310 [ 219.478159] process_one_work+0xc90/0x1c40 [ 219.482382] worker_thread+0x17f/0x1390 [ 219.486351] kthread+0x35a/0x440 [ 219.489711] ret_from_fork+0x3a/0x50 [ 219.493407] [ 219.495449] Freed by task 7272: [ 219.499169] save_stack+0x43/0xd0 [ 219.502619] __kasan_slab_free+0x102/0x150 [ 219.506842] kasan_slab_free+0xe/0x10 [ 219.510634] kfree+0xcf/0x230 [ 219.513736] rcu_process_callbacks+0xd91/0x15f0 [ 219.518408] __do_softirq+0x308/0xb7e [ 219.522192] [ 219.523808] The buggy address belongs to the object at ffff8881b9e74000 [ 219.523808] which belongs to the cache kmalloc-1k of size 1024 [ 219.536582] The buggy address is located 624 bytes inside of [ 219.536582] 1024-byte region [ffff8881b9e74000, ffff8881b9e74400) [ 219.548651] The buggy address belongs to the page: [ 219.553659] page:ffffea0006e79d00 count:1 mapcount:0 mapping:ffff8881da800ac0 index:0x0 compound_mapcount: 0 [ 219.563619] flags: 0x2fffc0000010200(slab|head) [ 219.568562] raw: 02fffc0000010200 ffffea0006eada08 ffffea0006e80008 ffff8881da800ac0 [ 219.576441] raw: 0000000000000000 ffff8881b9e74000 0000000100000007 0000000000000000 [ 219.584316] page dumped because: kasan: bad access detected [ 219.590031] [ 219.591648] Memory state around the buggy address: [ 219.596571] ffff8881b9e74100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.603919] ffff8881b9e74180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.611272] >ffff8881b9e74200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.618706] ^ [ 219.625733] ffff8881b9e74280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.633089] ffff8881b9e74300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.641049] ================================================================== [ 219.648396] Disabling lock debugging due to kernel taint [ 219.653900] Kernel panic - not syncing: panic_on_warn set ... [ 219.659783] CPU: 1 PID: 7300 Comm: ip Tainted: G B 4.20.0-rc6-next-20181210+ #164 [ 219.668806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.678144] Call Trace: [ 219.680725] dump_stack+0x244/0x39d [ 219.684344] ? dump_stack_print_info.cold.1+0x20/0x20 [ 219.689541] ? __list_del_entry_valid+0x10/0x100 [ 219.694319] panic+0x2ad/0x632 [ 219.697520] ? add_taint.cold.5+0x16/0x16 [ 219.701666] ? trace_hardirqs_on+0xb4/0x310 [ 219.705979] ? __list_del_entry_valid+0xf1/0x100 [ 219.710725] end_report+0x47/0x4f [ 219.714164] kasan_report.cold.5+0xe/0x39 [ 219.719305] ? __list_del_entry_valid+0xf1/0x100 [ 219.724050] ? refcount_sub_and_test_checked+0x180/0x310 [ 219.729491] ? __list_del_entry_valid+0xf1/0x100 [ 219.734238] __asan_report_load8_noabort+0x14/0x20 [ 219.739186] __list_del_entry_valid+0xf1/0x100 [ 219.743760] neigh_mark_dead+0x13b/0x410 [ 219.748071] ? neigh_change_state+0x680/0x680 [ 219.752571] ? kasan_check_write+0x14/0x20 [ 219.756804] ? do_raw_write_lock+0x14f/0x310 [ 219.761284] ? do_raw_read_unlock+0x70/0x70 [ 219.765597] ? __lock_is_held+0xb5/0x140 [ 219.769651] neigh_flush_dev+0x3a1/0x960 [ 219.773973] ? neigh_changeaddr+0x24/0x40 [ 219.778285] ? __neigh_for_each_release+0x4f0/0x4f0 [ 219.783297] ? do_raw_read_unlock+0x70/0x70 [ 219.787608] ? net_to_rxe+0xe1/0x110 [ 219.791315] neigh_changeaddr+0x31/0x40 [ 219.795300] ndisc_netdev_event+0xe6/0x5b0 [ 219.799523] ? ndisc_send_unsol_na+0x500/0x500 [ 219.804102] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.809628] ? netconsole_netdev_event+0x7d/0x280 [ 219.814900] notifier_call_chain+0x17e/0x380 [ 219.819303] ? unregister_die_notifier+0x20/0x20 [ 219.824048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.829574] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.835190] ? rtnl_is_locked+0xb5/0xf0 [ 219.839174] ? rtnl_trylock+0x20/0x20 [ 219.842979] raw_notifier_call_chain+0x2d/0x40 [ 219.847885] call_netdevice_notifiers_info+0x3f/0x90 [ 219.852990] dev_set_mac_address+0x293/0x3b0 [ 219.857384] ? netdev_state_change+0x1a0/0x1a0 [ 219.861951] ? lru_cache_add+0xa50/0xa50 [ 219.866000] ? cpumask_any_but+0xb1/0xe0 [ 219.870047] do_setlink+0x7c7/0x3f30 [ 219.873748] ? print_usage_bug+0xc0/0xc0 [ 219.877796] ? find_held_lock+0x36/0x1c0 [ 219.881845] ? validate_linkmsg+0xa50/0xa50 [ 219.886153] ? wp_page_copy+0x1a0e/0x2720 [ 219.890384] ? lock_downgrade+0x900/0x900 [ 219.894519] ? mark_held_locks+0x130/0x130 [ 219.898754] ? mark_held_locks+0x130/0x130 [ 219.902979] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 219.908159] ? validate_nla+0x29a/0x1650 [ 219.912211] ? nla_memcmp+0x90/0x90 [ 219.915846] ? mark_held_locks+0x130/0x130 [ 219.920158] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.925945] ? rtnl_is_locked+0xb5/0xf0 [ 219.929908] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 219.934907] ? validate_linkmsg+0x271/0xa50 [ 219.939218] ? rtnl_stats_dump+0xd70/0xd70 [ 219.943438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.948962] ? netdev_master_upper_dev_get+0x173/0x250 [ 219.954414] ? __nla_parse+0x12c/0x3e0 [ 219.958290] ? netdev_has_any_upper_dev+0x170/0x170 [ 219.963297] __rtnl_newlink+0xcde/0x19e0 [ 219.967348] ? rtnl_link_unregister+0x390/0x390 [ 219.972002] ? rcu_read_unlock_special+0x370/0x370 [ 219.976913] ? rcu_softirq_qs+0x20/0x20 [ 219.980873] ? unwind_dump+0x190/0x190 [ 219.984759] ? is_bpf_text_address+0xd3/0x170 [ 219.989244] ? kernel_text_address+0x79/0xf0 [ 219.994085] ? __kernel_text_address+0xd/0x40 [ 219.998569] ? unwind_get_return_address+0x61/0xa0 [ 220.003488] ? __save_stack_trace+0x8d/0xf0 [ 220.007823] ? save_stack+0xa9/0xd0 [ 220.011962] ? save_stack+0x43/0xd0 [ 220.015576] ? kasan_kmalloc+0xcb/0xd0 [ 220.019461] ? kmem_cache_alloc_trace+0x154/0x740 [ 220.024293] ? rtnl_newlink+0x4d/0xa0 [ 220.028079] ? rtnetlink_rcv_msg+0x46a/0xc20 [ 220.032476] ? netlink_rcv_skb+0x172/0x440 [ 220.036709] ? rtnetlink_rcv+0x1c/0x20 [ 220.040584] ? netlink_unicast+0x5a5/0x760 [ 220.044806] ? netlink_sendmsg+0xa18/0xfc0 [ 220.049052] ? rtnl_newlink+0x4d/0xa0 [ 220.052854] ? rcu_read_lock_sched_held+0x14f/0x180 [ 220.057863] ? kmem_cache_alloc_trace+0x356/0x740 [ 220.062695] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 220.067962] ? ns_capable_common+0x13f/0x170 [ 220.073402] ? rcu_read_unlock_special+0x370/0x370 [ 220.078335] rtnl_newlink+0x6b/0xa0 [ 220.082040] ? __rtnl_newlink+0x19e0/0x19e0 [ 220.086350] rtnetlink_rcv_msg+0x46a/0xc20 [ 220.090571] ? rtnl_fdb_dump+0xd00/0xd00 [ 220.094636] netlink_rcv_skb+0x172/0x440 [ 220.098698] ? rtnl_fdb_dump+0xd00/0xd00 [ 220.102744] ? netlink_ack+0xb80/0xb80 [ 220.106620] ? rcu_read_unlock_special+0x370/0x370 [ 220.111564] rtnetlink_rcv+0x1c/0x20 [ 220.115276] netlink_unicast+0x5a5/0x760 [ 220.119325] ? netlink_attachskb+0x9a0/0x9a0 [ 220.123832] ? aa_sk_perm+0x22b/0x8e0 [ 220.127622] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 220.132624] netlink_sendmsg+0xa18/0xfc0 [ 220.136672] ? netlink_unicast+0x760/0x760 [ 220.140892] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 220.145815] ? apparmor_socket_sendmsg+0x29/0x30 [ 220.150570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.156092] ? security_socket_sendmsg+0x94/0xc0 [ 220.160830] ? netlink_unicast+0x760/0x760 [ 220.165052] sock_sendmsg+0xd5/0x120 [ 220.168753] ___sys_sendmsg+0x7fd/0x930 [ 220.172715] ? copy_msghdr_from_user+0x580/0x580 [ 220.177470] ? graph_lock+0x270/0x270 [ 220.181263] ? graph_lock+0x270/0x270 [ 220.185054] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.190581] ? __fget_light+0x2e9/0x430 [ 220.194543] ? fget_raw+0x20/0x20 [ 220.197982] ? find_held_lock+0x36/0x1c0 [ 220.202043] ? __do_page_fault+0x62e/0xd70 [ 220.206283] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 220.211809] ? sockfd_lookup_light+0xc5/0x160 [ 220.216292] __sys_sendmsg+0x11d/0x280 [ 220.220166] ? __ia32_sys_shutdown+0x80/0x80 [ 220.224558] ? kasan_check_write+0x14/0x20 [ 220.228777] ? up_read+0x225/0x2c0 [ 220.232303] ? up_read_non_owner+0x100/0x100 [ 220.236707] ? do_syscall_64+0x9a/0x820 [ 220.240680] ? do_syscall_64+0x9a/0x820 [ 220.244644] ? trace_hardirqs_off_caller+0x310/0x310 [ 220.249738] __x64_sys_sendmsg+0x78/0xb0 [ 220.253787] do_syscall_64+0x1b9/0x820 [ 220.257674] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 220.263023] ? syscall_return_slowpath+0x5e0/0x5e0 [ 220.267937] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 220.272764] ? trace_hardirqs_on_caller+0x310/0x310 [ 220.277767] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 220.282773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.288298] ? prepare_exit_to_usermode+0x291/0x3b0 [ 220.293307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 220.298143] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.303329] RIP: 0033:0x7f0580cf5320 [ 220.307035] Code: 02 48 83 c8 ff eb 8d 48 8b 05 14 7b 2a 00 f7 da 64 89 10 48 83 c8 ff eb c9 90 83 3d d5 d2 2a 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e ba 00 00 48 89 04 24 [ 220.326012] RSP: 002b:00007ffcf777c928 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 220.333709] RAX: ffffffffffffffda RBX: 00007ffcf7780a20 RCX: 00007f0580cf5320 [ 220.340979] RDX: 0000000000000000 RSI: 00007ffcf777c960 RDI: 0000000000000003 [ 220.348320] RBP: 00007ffcf777c960 R08: 0000000000000000 R09: 0000000000000000 [ 220.355580] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005c105a18 [ 220.362833] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffcf7781200 [ 220.371310] Kernel Offset: disabled [ 220.374935] Rebooting in 86400 seconds..