[ 62.925433] sshd (6321) used greatest stack depth: 53392 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 63.149635] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 64.954825] random: sshd: uninitialized urandom read (32 bytes read) [ 65.444586] sshd (6389) used greatest stack depth: 53184 bytes left [ 65.553534] random: sshd: uninitialized urandom read (32 bytes read) [ 68.047626] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. [ 73.799658] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 16:14:48 fuzzer started [ 78.601722] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 16:14:54 dialing manager at 10.128.0.26:45337 2018/10/10 16:17:21 syscalls: 1 2018/10/10 16:17:21 code coverage: enabled 2018/10/10 16:17:21 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 16:17:21 setuid sandbox: enabled 2018/10/10 16:17:21 namespace sandbox: enabled 2018/10/10 16:17:21 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 16:17:21 fault injection: enabled 2018/10/10 16:17:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 16:17:21 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/10 16:17:21 net device setup: enabled [ 229.413132] random: crng init done 16:19:22 executing program 0: openat$dsp(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/dsp\x00', 0x0, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000600)=@nullb='/dev/nullb0\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000800)='udf\x00', 0x0, &(0x7f0000000840)='bridge0\x00') sched_getscheduler(0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000002c0), 0x10) chmod(&(0x7f0000000300)='./file1\x00', 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000380)={{{@in, @in=@broadcast}}, {{@in=@remote}, 0x0, @in6=@remote}}, &(0x7f0000000200)=0xe8) [ 350.067534] IPVS: ftp: loaded support on port[0] = 21 [ 351.487331] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.494045] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.502944] device bridge_slave_0 entered promiscuous mode [ 351.660274] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.666980] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.675933] device bridge_slave_1 entered promiscuous mode [ 351.822009] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 351.967450] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 352.421131] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 352.572815] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 352.865409] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 352.872609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:19:26 executing program 1: r0 = memfd_create(&(0x7f00000000c0)='system.posix_acl_default\x00', 0x0) fremovexattr(r0, &(0x7f0000000080)=@known='system.posix_acl_default\x00') [ 353.329672] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 353.338991] team0: Port device team_slave_0 added [ 353.504928] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 353.513335] team0: Port device team_slave_1 added [ 353.805599] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 353.949062] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 353.956254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 353.965530] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 354.113075] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 354.120796] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 354.130300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 354.319900] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 354.327771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 354.337175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 354.414793] IPVS: ftp: loaded support on port[0] = 21 [ 356.493951] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.500458] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.509257] device bridge_slave_0 entered promiscuous mode [ 356.727731] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.734426] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.743450] device bridge_slave_1 entered promiscuous mode [ 356.929197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 357.104384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 357.313059] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.319583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 357.326724] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.333247] bridge0: port 1(bridge_slave_0) entered forwarding state [ 357.342384] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 357.689813] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 357.903360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 357.958336] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 358.237701] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 358.244958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 358.472068] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 358.479183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:19:32 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x8, 0x1b}) [ 359.233667] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 359.242004] team0: Port device team_slave_0 added [ 359.541298] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 359.549778] team0: Port device team_slave_1 added [ 359.849569] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 359.859277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 359.868240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 360.176359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 360.183916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 360.192978] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 360.384715] IPVS: ftp: loaded support on port[0] = 21 [ 360.434360] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 360.442161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 360.451052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 360.737968] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 360.746859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 360.756664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 363.057792] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.064430] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.073154] device bridge_slave_0 entered promiscuous mode [ 363.412380] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.418867] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.427608] device bridge_slave_1 entered promiscuous mode [ 363.693982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 363.963056] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 364.327915] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.334494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 364.341469] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.348081] bridge0: port 1(bridge_slave_0) entered forwarding state [ 364.357384] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 364.781917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 364.831919] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 365.160970] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 365.385613] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 365.392855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 365.547084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 365.554302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 366.520947] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 366.529340] team0: Port device team_slave_0 added 16:19:39 executing program 3: r0 = socket$inet(0x10, 0x400000000000003, 0x6) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="1b000000120003eee7fffd946fa2830f001900000000000000317f", 0x1b}], 0x1}, 0x0) [ 366.866107] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 366.874643] team0: Port device team_slave_1 added [ 367.281393] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 367.288615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 367.297845] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 367.793635] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 367.801016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 367.809987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 368.140606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 368.148438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 368.157413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 368.394489] IPVS: ftp: loaded support on port[0] = 21 [ 368.528214] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 368.536095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 368.545532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 369.656262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.098749] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 372.085807] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.092713] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.101435] device bridge_slave_0 entered promiscuous mode [ 372.436205] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.443063] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.451929] device bridge_slave_1 entered promiscuous mode [ 372.530497] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 372.537217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 372.545745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 372.859182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 372.876549] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.883191] bridge0: port 2(bridge_slave_1) entered forwarding state [ 372.890166] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.896803] bridge0: port 1(bridge_slave_0) entered forwarding state [ 372.906254] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 373.249095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 373.342969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 373.956899] 8021q: adding VLAN 0 to HW filter on device team0 [ 374.512428] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 374.884247] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 375.284561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 375.291943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 375.673251] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 375.680548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 376.756128] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 376.764771] team0: Port device team_slave_0 added [ 377.149693] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 377.158185] team0: Port device team_slave_1 added [ 377.471361] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 377.478840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 377.488361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 16:19:50 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) open(&(0x7f0000000e00)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f0000000200)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, &(0x7f00000002c0)) r0 = request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000200)='vboxnet0\x00', 0xfffffffffffffffc) keyctl$revoke(0x3, r0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') sendfile(r1, r1, &(0x7f0000000180)=0x74000000, 0x5) [ 377.906156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 377.915594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 377.924824] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 378.368716] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 378.377040] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 378.386725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 378.853912] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 378.892196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 378.901535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 379.579462] IPVS: ftp: loaded support on port[0] = 21 [ 380.439559] 8021q: adding VLAN 0 to HW filter on device bond0 [ 382.210148] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 383.666015] bridge0: port 2(bridge_slave_1) entered blocking state [ 383.672568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 383.679555] bridge0: port 1(bridge_slave_0) entered blocking state [ 383.686223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 383.694846] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 383.752518] bridge0: port 1(bridge_slave_0) entered blocking state [ 383.759069] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.767768] device bridge_slave_0 entered promiscuous mode [ 383.996741] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 384.003296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 384.011264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:19:57 executing program 0: clone(0x210007fa, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="69eb"], 0x1}}, 0x0) mkdir(&(0x7f0000002900)='./file0\x00', 0x0) mount(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f0000000140)=',') [ 384.308723] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.315326] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.323974] device bridge_slave_1 entered promiscuous mode [ 384.485793] tmpfs: No value for mount option 'ë' 16:19:57 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x806, 0x0) bind$unix(r0, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e) write$uinput_user_dev(r2, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x2) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0x8) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x1) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') ioctl$UI_DEV_SETUP(r2, 0x5501, &(0x7f0000000300)={{}, 'syz0\x00'}) ioctl$UI_DEV_DESTROY(r2, 0x5502) [ 384.544530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 384.817707] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 385.015956] input: syz1 as /devices/virtual/input/input5 [ 385.302063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 16:19:58 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x80000) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x2bd) [ 385.907086] 8021q: adding VLAN 0 to HW filter on device team0 16:19:59 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x80000) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x2bd) 16:19:59 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x80000) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x2bd) [ 386.702366] bond0: Enslaving bond_slave_0 as an active interface with an up link 16:20:00 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x80000) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0x2bd) [ 387.076365] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 387.479010] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 387.486374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 16:20:00 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x80000) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 16:20:01 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x80000) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) [ 388.028227] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 388.035508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 389.305976] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 389.314472] team0: Port device team_slave_0 added [ 389.710719] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 389.719132] team0: Port device team_slave_1 added [ 390.099193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 390.110032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 390.119342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 390.499020] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 390.506226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 390.515101] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 390.699558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 390.830784] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 390.839540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 390.850201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 391.181870] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 391.190791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 391.201190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 392.097965] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 393.304671] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 393.311073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 393.319132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 394.348521] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.355083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 394.362235] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.368702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 394.377454] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 394.384534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 394.484588] 8021q: adding VLAN 0 to HW filter on device team0 16:20:07 executing program 1: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)) ioprio_get$uid(0x3, 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$update(0x2, r0, &(0x7f0000000440)="c0ca1cdbaa1aedbbed80dddaa28e15b9449e2e82cca4244c40ffd0fd4e6631c7d3d86e1339de17344340b02dd527f2d8b3ae6c1db3594e657da33c3ec668f143974a65753472df5319a6b83e1e86b8f2666c61a2e700d1c1e0ae1fc52494bd4885a5c64e9007d39fa11313805290dd6342f9775f01a02ec88f6bee22f25a377a9b143abba1264586d2779088006d5f8be82b00f10287031623f73470", 0x9c) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000240)) [ 394.936903] hrtimer: interrupt took 59215 ns [ 400.353983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.181934] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 402.095517] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 402.102181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 402.110117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:20:15 executing program 2: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)) ioprio_get$uid(0x3, 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$update(0x2, r0, &(0x7f0000000440)="c0ca1cdbaa1aedbbed80dddaa28e15b9449e2e82cca4244c40ffd0fd4e6631c7d3d86e1339de17344340b02dd527f2d8b3ae6c1db3594e657da33c3ec668f143974a65753472df5319a6b83e1e86b8f2666c61a2e700d1c1e0ae1fc52494bd4885a5c64e9007d39fa11313805290dd6342f9775f01a02ec88f6bee22f25a377a9b143abba1264586d2779088006d5f8be82b00f10287031623f73470", 0x9c) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000240)) [ 402.874526] 8021q: adding VLAN 0 to HW filter on device team0 [ 405.341521] 8021q: adding VLAN 0 to HW filter on device bond0 [ 405.904307] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 406.450464] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 406.456891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 406.464888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 406.601947] netlink: 11 bytes leftover after parsing attributes in process `syz-executor3'. 16:20:19 executing program 3: r0 = socket$inet(0x2, 0x8008000000003, 0x33) sendto$inet(r0, &(0x7f0000000000), 0xffeb, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) [ 406.994777] 8021q: adding VLAN 0 to HW filter on device team0 16:20:22 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000100)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f0000000140)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800000000004, 0x20011, r1, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000080), &(0x7f0000000180)=0x18) 16:20:22 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x80000) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) 16:20:22 executing program 5: ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000040)=0x0) tgkill(r0, r1, 0xeac) sched_getscheduler(r1) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setflags(r3, 0x2, 0x1) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x4c, &(0x7f0000000100)=[@in={0x2, 0x4e21, @loopback}, @in6={0xa, 0x4e24, 0xfffffffffffffffe, @dev={0xfe, 0x80, [], 0x16}, 0x1}, @in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x4e21, @rand_addr=0x3c03}]}, &(0x7f00000001c0)=0x10) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000200)={r5, @in={{0x2, 0x4e24, @local}}}, 0x84) ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f00000002c0)={0x9, 0x6, 0x1, 0x0, 0x0, [{r4, 0x0, 0x6}]}) ioctl$EVIOCGUNIQ(r4, 0x80404508, &(0x7f0000000300)=""/35) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000340)) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000380)={r5, 0x8}, 0x8) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f00000003c0)={r5, 0x4}, &(0x7f0000000400)=0x8) getpeername$packet(r4, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000600)=0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x5, 0x17, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x287, 0x0, 0x0, 0x0, 0x100}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x33}, @map={0x18, 0x7, 0x1, 0x0, r4}, @ldst={0x0, 0x0, 0x7, 0x3, 0x0, 0x10}, @call={0x85, 0x0, 0x0, 0x52}, @generic={0x2, 0x7ff, 0x5, 0x5}, @exit, @alu={0x7, 0x400, 0xd, 0x0, 0xf, 0xfffffffffffffff8, 0xffffffffffffffff}, @map={0x18, 0x4, 0x1, 0x0, r4}, @generic={0xffff, 0xbb, 0x0, 0x4}]}, &(0x7f0000000500)='GPL\x00', 0x869, 0x61, &(0x7f0000000540)=""/97, 0x41f00, 0x1, [], r7}, 0x48) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r4, 0x84, 0x78, &(0x7f00000006c0)=r5, 0x4) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, &(0x7f0000000700), &(0x7f0000000740)=0x4) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(r4, 0x5385, &(0x7f0000000780)={0x4, ""/4}) bind$netlink(r4, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfc, 0x80010}, 0xc) unshare(0x0) bind$inet6(r6, &(0x7f0000000800)={0xa, 0x4e22, 0x1f, @remote, 0xf250}, 0x1c) syz_open_dev$mouse(&(0x7f0000000840)='/dev/input/mouse#\x00', 0x3f, 0x4200) getsockname$inet6(r4, &(0x7f0000000880)={0xa, 0x0, 0x0, @local}, &(0x7f00000008c0)=0x1c) r8 = syz_genetlink_get_family_id$team(&(0x7f0000000940)='team\x00') sendmsg$TEAM_CMD_NOOP(r4, &(0x7f0000000d00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000980)={0x338, r8, 0x335, 0x70bd2a, 0x25dfdbfb, {}, [{{0x8, 0x1, r7}, {0x84, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0xb5}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r7}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x15c, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x7fffffff}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x20}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r7}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r7}, {0x12c, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8}}, {0x8, 0x6, r7}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}]}}]}, 0x338}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000000d40)={0x7b, 0x0, 0x5, 0x5, 0x1, 0x200}) 16:20:22 executing program 2: r0 = semget(0x2, 0x0, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xffff}], 0x1, &(0x7f00000000c0)={0x0, 0x1c9c380}) 16:20:22 executing program 1: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)='X', 0x1, 0xfffffffffffffffe) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)) ioprio_get$uid(0x3, 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) keyctl$update(0x2, r0, &(0x7f0000000440)="c0ca1cdbaa1aedbbed80dddaa28e15b9449e2e82cca4244c40ffd0fd4e6631c7d3d86e1339de17344340b02dd527f2d8b3ae6c1db3594e657da33c3ec668f143974a65753472df5319a6b83e1e86b8f2666c61a2e700d1c1e0ae1fc52494bd4885a5c64e9007d39fa11313805290dd6342f9775f01a02ec88f6bee22f25a377a9b143abba1264586d2779088006d5f8be82b00f10287031623f73470", 0x9c) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000240)) 16:20:22 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000020000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x10, 0x18, &(0x7f0000000000)="5ae02efc446af0d1d96ac723fa000000", &(0x7f0000000040)=""/24}, 0x28) 16:20:22 executing program 0: syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x80000) 16:20:22 executing program 3: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='fusectl\x00', 0x0, &(0x7f0000000180)='\x00') open(&(0x7f00000000c0)='./file0\x00', 0x4000, 0x0) 16:20:22 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000029c0)={0xa, 0x4e20, 0x0, @ipv4={[], [], @local}}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000000)=0x9, 0x4) readv(r0, &(0x7f0000000280)=[{&(0x7f0000000080)=""/3, 0x3}], 0x1) accept4(0xffffffffffffffff, 0x0, &(0x7f00000024c0), 0x0) 16:20:22 executing program 2: perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x10000, &(0x7f0000000040), &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000280)) [ 409.638486] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 16:20:22 executing program 0: syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x0, 0x80000) 16:20:22 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000200)=0x3, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000040), 0x0, 0x20000800, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)="766574683100000000ffffffffffef00", 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 16:20:23 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000100)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f0000000140)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800000000004, 0x20011, r1, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000080), &(0x7f0000000180)=0x18) 16:20:23 executing program 3: socket$inet6_sctp(0xa, 0x0, 0x84) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)}}, 0x20) openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x0, 0x0) getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000180), &(0x7f00000001c0)=0x4) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000240)='trusted.overlay.redirect\x00', &(0x7f0000000280)='./file0/file0\x00', 0xe, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x4) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000380)) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) [ 410.751033] IPVS: ftp: loaded support on port[0] = 21 [ 411.653064] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.659472] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.668191] device bridge_slave_0 entered promiscuous mode [ 411.749704] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.756226] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.764400] device bridge_slave_1 entered promiscuous mode [ 411.845432] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 411.924707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 412.273008] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 412.359019] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 412.437798] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 412.444830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 412.523935] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 412.530889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 412.767744] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 412.775555] team0: Port device team_slave_0 added [ 412.853008] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 412.860748] team0: Port device team_slave_1 added [ 412.938250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 413.018541] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 413.099268] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 413.106685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 413.115902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 413.189827] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 413.197190] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 413.206401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 414.069147] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.076148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 414.083233] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.089648] bridge0: port 1(bridge_slave_0) entered forwarding state [ 414.098168] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 414.271986] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 417.315099] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.607383] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 417.906162] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 417.912494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 417.920364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 418.218252] 8021q: adding VLAN 0 to HW filter on device team0 16:20:33 executing program 5: mknod$loop(&(0x7f0000000480)='./file0\x00', 0x0, 0xffffffffffffffff) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='xfs\x00', 0x8002, 0x0) 16:20:33 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94", 0x5) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) recvmmsg(r1, &(0x7f0000004740)=[{{&(0x7f00000007c0)=@pptp={0x18, 0x2, {0x0, @rand_addr}}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000840)=""/82, 0x20000892}, {&(0x7f0000000940)=""/191, 0xbf}, {&(0x7f0000000a00)=""/164, 0xa4}, {&(0x7f0000000b40)=""/166, 0xa6}, {&(0x7f0000000c00)=""/197, 0x20000cc5}], 0x5, &(0x7f0000000ec0)=""/210, 0xd2}}], 0x1, 0x0, &(0x7f0000004840)) 16:20:33 executing program 0: syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x0, 0x80000) 16:20:33 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000100)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f0000000140)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800000000004, 0x20011, r1, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000080), &(0x7f0000000180)=0x18) 16:20:33 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000200)=0x3, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000040), 0x0, 0x20000800, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)="766574683100000000ffffffffffef00", 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 16:20:33 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000100)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f0000000140)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000340)={0x0, @in={{0x2, 0x0, @rand_addr}}}, &(0x7f0000000000)=0x2c2) 16:20:33 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000000080)="0f", 0x1, 0x0, &(0x7f0000000040)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f0000029000)="c6", 0x1, 0x0, &(0x7f0000007ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r1, 0x1) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000018000)={0x0, @in6}, &(0x7f0000000000)=0x8c) 16:20:33 executing program 0: syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x0, 0x80000) 16:20:33 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200001, 0xc04e27d3b503e3df}) 16:20:33 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10d, 0x3, &(0x7f0000000000), 0x36) socket$kcm(0x29, 0x7, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x7, 0x8000000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)="2f67726f75702e7374619fd474002b044a7b09ab0b0274e10985a6fa15b35ba69421f204dec5668a06000000b90ff860e01f262bafac750a6d5ce259cb61ea0cd94458583eef2fc597ea93a7dec9b4168e468be0576d1d0ebf8bc4478f8ed85b547c6924880400000000000000901e428b98add1375f51e135848fea98c6e3574511e0c61ff22ff61f", 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffd9f, &(0x7f0000000100), 0x0, &(0x7f0000001580), 0xfcdb}, 0x0) socketpair(0x0, 0x0, 0x8, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000000)) socketpair$inet(0x2, 0x0, 0x0, &(0x7f0000000080)) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000340)={r1}) 16:20:34 executing program 0: syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x0) 16:20:34 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200001, 0xc04e27d3b503e3df}) 16:20:34 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_open_pts(0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000fd0000), 0xfffffffffffffd54, 0x20000800, &(0x7f0000deaff0)={0x2, 0x3, @local}, 0x10) 16:20:34 executing program 3: pipe2(&(0x7f00000000c0), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') fchdir(r0) r1 = memfd_create(&(0x7f0000000300), 0x0) write(r1, &(0x7f00000001c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 16:20:34 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, &(0x7f0000fd0000), 0xfffffffffffffd54, 0x20000800, &(0x7f0000deaff0)={0x2, 0x3, @local}, 0x10) 16:20:34 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200001, 0xc04e27d3b503e3df}) 16:20:34 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0xc04e27d3b503e3df, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000040)=0x2) 16:20:34 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xb, 0x12, r0, 0x0) 16:20:34 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000100)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000008c0)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff00000000]}}, 0x7}, 0x5c) 16:20:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="ffff7f000a00020015b8994fa8ed1d4b"], 0x1}}, 0x0) 16:20:35 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200001, 0xc04e27d3b503e3df}) [ 422.091141] ================================================================== [ 422.098572] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 422.105704] CPU: 0 PID: 8075 Comm: syz-executor5 Not tainted 4.19.0-rc4+ #66 [ 422.112922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.122302] Call Trace: [ 422.124969] dump_stack+0x306/0x460 [ 422.128634] ? vmap_page_range_noflush+0x975/0xed0 [ 422.133621] kmsan_report+0x1a2/0x2e0 [ 422.137468] __msan_warning+0x7c/0xe0 [ 422.141316] vmap_page_range_noflush+0x975/0xed0 [ 422.146167] map_vm_area+0x17d/0x1f0 [ 422.149931] kmsan_vmap+0xf2/0x180 [ 422.153511] vmap+0x3a1/0x510 [ 422.156661] ? ion_heap_map_kernel+0xa33/0xad0 [ 422.161281] ion_heap_map_kernel+0xa33/0xad0 [ 422.165940] ? ion_ioctl+0x690/0x690 [ 422.169694] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 422.174945] ? ion_dma_buf_release+0x430/0x430 [ 422.179560] dma_buf_ioctl+0x376/0x630 [ 422.183492] ? dma_buf_poll+0x1690/0x1690 [ 422.187668] do_vfs_ioctl+0xcf3/0x2810 [ 422.191607] ? security_file_ioctl+0x92/0x200 [ 422.196155] __se_sys_ioctl+0x1da/0x270 [ 422.200178] __x64_sys_ioctl+0x4a/0x70 [ 422.204103] do_syscall_64+0xbe/0x100 [ 422.207942] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 422.213150] RIP: 0033:0x457579 [ 422.216380] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 422.235328] RSP: 002b:00007fc7918dbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.243092] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 422.250391] RDX: 0000000020000040 RSI: 0000000040086200 RDI: 0000000000000005 [ 422.257678] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 422.264963] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc7918dc6d4 [ 422.272255] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 422.279557] [ 422.281197] Uninit was created at: [ 422.284766] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 422.289895] kmsan_kmalloc+0xa4/0x120 [ 422.293725] __kmalloc+0x14b/0x440 [ 422.297287] kmsan_vmap+0x9b/0x180 [ 422.300851] vmap+0x3a1/0x510 [ 422.303984] ion_heap_map_kernel+0xa33/0xad0 [ 422.308427] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 422.313645] dma_buf_ioctl+0x376/0x630 [ 422.317558] do_vfs_ioctl+0xcf3/0x2810 [ 422.321498] __se_sys_ioctl+0x1da/0x270 [ 422.325500] __x64_sys_ioctl+0x4a/0x70 [ 422.329426] do_syscall_64+0xbe/0x100 [ 422.333270] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 422.338478] ================================================================== [ 422.345856] Disabling lock debugging due to kernel taint [ 422.351329] Kernel panic - not syncing: panic_on_warn set ... [ 422.351329] [ 422.358742] CPU: 0 PID: 8075 Comm: syz-executor5 Tainted: G B 4.19.0-rc4+ #66 [ 422.367334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.376706] Call Trace: [ 422.379326] dump_stack+0x306/0x460 [ 422.383009] panic+0x54c/0xafa [ 422.386306] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 422.391807] kmsan_report+0x2d3/0x2e0 [ 422.395656] __msan_warning+0x7c/0xe0 [ 422.399503] vmap_page_range_noflush+0x975/0xed0 [ 422.404345] map_vm_area+0x17d/0x1f0 [ 422.408116] kmsan_vmap+0xf2/0x180 [ 422.411697] vmap+0x3a1/0x510 [ 422.414833] ? ion_heap_map_kernel+0xa33/0xad0 [ 422.419462] ion_heap_map_kernel+0xa33/0xad0 [ 422.423921] ? ion_ioctl+0x690/0x690 [ 422.427674] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 422.432909] ? ion_dma_buf_release+0x430/0x430 [ 422.437527] dma_buf_ioctl+0x376/0x630 [ 422.441452] ? dma_buf_poll+0x1690/0x1690 [ 422.445635] do_vfs_ioctl+0xcf3/0x2810 [ 422.449568] ? security_file_ioctl+0x92/0x200 [ 422.454104] __se_sys_ioctl+0x1da/0x270 [ 422.458127] __x64_sys_ioctl+0x4a/0x70 [ 422.462041] do_syscall_64+0xbe/0x100 [ 422.465875] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 422.471083] RIP: 0033:0x457579 [ 422.474301] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 422.493224] RSP: 002b:00007fc7918dbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.500955] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 422.508246] RDX: 0000000020000040 RSI: 0000000040086200 RDI: 0000000000000005 [ 422.515546] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 422.522836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc7918dc6d4 [ 422.530124] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 422.538346] Kernel Offset: disabled [ 422.542001] Rebooting in 86400 seconds..