[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 43.190215][ T24] audit: type=1800 audit(1554354782.432:25): pid=7659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 43.218017][ T24] audit: type=1800 audit(1554354782.432:26): pid=7659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 43.248664][ T24] audit: type=1800 audit(1554354782.432:27): pid=7659 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. 2019/04/04 05:13:16 fuzzer started 2019/04/04 05:13:19 dialing manager at 10.128.0.26:37451 2019/04/04 05:13:19 syscalls: 2408 2019/04/04 05:13:19 code coverage: enabled 2019/04/04 05:13:19 comparison tracing: enabled 2019/04/04 05:13:19 extra coverage: extra coverage is not supported by the kernel 2019/04/04 05:13:19 setuid sandbox: enabled 2019/04/04 05:13:19 namespace sandbox: enabled 2019/04/04 05:13:19 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/04 05:13:19 fault injection: enabled 2019/04/04 05:13:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/04 05:13:19 net packet injection: enabled 2019/04/04 05:13:19 net device setup: enabled 05:15:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xf) syzkaller login: [ 163.196753][ T7823] IPVS: ftp: loaded support on port[0] = 21 05:15:02 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = timerfd_create(0x8, 0x0) timerfd_settime(r1, 0x0, 0x0, 0x0) read(r1, &(0x7f0000a16000)=""/71, 0x47) [ 163.300709][ T7823] chnl_net:caif_netlink_parms(): no params data found [ 163.375542][ T7823] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.383567][ T7823] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.393364][ T7823] device bridge_slave_0 entered promiscuous mode [ 163.402707][ T7823] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.409842][ T7823] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.418984][ T7823] device bridge_slave_1 entered promiscuous mode [ 163.446440][ T7823] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 163.457841][ T7823] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 163.483349][ T7823] team0: Port device team_slave_0 added [ 163.490913][ T7823] team0: Port device team_slave_1 added [ 163.521023][ T7826] IPVS: ftp: loaded support on port[0] = 21 05:15:02 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000009c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(0x0, 0x0, &(0x7f00005f7ffa)='ramfs\x00', 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000400000/0x4000)=nil, 0x4000) mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x4) [ 163.584413][ T7823] device hsr_slave_0 entered promiscuous mode [ 163.621657][ T7823] device hsr_slave_1 entered promiscuous mode [ 163.671598][ T7823] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.678839][ T7823] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.686777][ T7823] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.693997][ T7823] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.801224][ T7823] 8021q: adding VLAN 0 to HW filter on device bond0 05:15:03 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18}], 0x18}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) getpid() ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000180)={0x3}) sendfile(r2, r3, 0x0, 0x16300) [ 163.859293][ T7823] 8021q: adding VLAN 0 to HW filter on device team0 [ 163.868659][ T7829] IPVS: ftp: loaded support on port[0] = 21 [ 163.879804][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 163.899040][ T2992] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.918425][ T2992] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.934862][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 163.994787][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.013028][ T2992] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.020164][ T2992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.064686][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.082037][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.089129][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state 05:15:03 executing program 4: r0 = socket$inet(0x10, 0x200000003, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="240000002c0007031dfffd946fa28300cee60a0009000000001d85680c1ba3a2ff030000", 0x24}], 0x1}, 0x0) [ 164.122603][ T7826] chnl_net:caif_netlink_parms(): no params data found [ 164.153243][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 164.165295][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 164.180007][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 164.190477][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 164.208242][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 164.226222][ T7834] IPVS: ftp: loaded support on port[0] = 21 [ 164.256396][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 164.304876][ T7823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 164.396504][ T7829] chnl_net:caif_netlink_parms(): no params data found [ 164.470145][ T7826] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.479636][ T7826] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.489882][ T7826] device bridge_slave_0 entered promiscuous mode [ 164.510469][ T7835] IPVS: ftp: loaded support on port[0] = 21 [ 164.544616][ T7826] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.561814][ T7826] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.582360][ T7826] device bridge_slave_1 entered promiscuous mode 05:15:03 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1000000000005, 0x0) getsockopt$inet_buf(r1, 0x84, 0xe, 0x0, &(0x7f00000000c0)=0x700) [ 164.600656][ T7839] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 164.642270][ T7829] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.649375][ T7829] bridge0: port 1(bridge_slave_0) entered disabled state 05:15:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xf) [ 164.689031][ T7829] device bridge_slave_0 entered promiscuous mode [ 164.721079][ T7826] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 164.752247][ T7826] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 164.769973][ T7829] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.780372][ T7829] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.803809][ T7829] device bridge_slave_1 entered promiscuous mode 05:15:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xf) [ 164.845316][ T7826] team0: Port device team_slave_0 added [ 164.874717][ T7826] team0: Port device team_slave_1 added [ 164.877684][ T7844] IPVS: ftp: loaded support on port[0] = 21 [ 164.895325][ T7829] bond0: Enslaving bond_slave_0 as an active interface with an up link 05:15:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xf) [ 164.967499][ T7829] bond0: Enslaving bond_slave_1 as an active interface with an up link 05:15:04 executing program 0: r0 = eventfd(0x0) writev(r0, &(0x7f0000001640)=[{&(0x7f0000001200)="e7b6c858631521bf4c", 0x9}], 0x1) [ 165.036676][ T7829] team0: Port device team_slave_0 added [ 165.044222][ T7829] team0: Port device team_slave_1 added 05:15:04 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x423, &(0x7f0000000cc0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x415, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}, "b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2cf2b08292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7014fc0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"}}}}}, 0x0) [ 165.085092][ T7826] device hsr_slave_0 entered promiscuous mode [ 165.122909][ T7826] device hsr_slave_1 entered promiscuous mode 05:15:04 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x423, &(0x7f0000000cc0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x415, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}, "b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2cf2b08292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7014fc0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"}}}}}, 0x0) [ 165.222366][ T7834] chnl_net:caif_netlink_parms(): no params data found [ 165.284443][ T7829] device hsr_slave_0 entered promiscuous mode [ 165.331742][ T7829] device hsr_slave_1 entered promiscuous mode 05:15:04 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x423, &(0x7f0000000cc0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x415, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}, "b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2cf2b08292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7014fc0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"}}}}}, 0x0) [ 165.584388][ T7844] chnl_net:caif_netlink_parms(): no params data found [ 165.600446][ T7834] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.609367][ T7834] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.617543][ T7834] device bridge_slave_0 entered promiscuous mode [ 165.625871][ T7834] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.633020][ T7834] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.640743][ T7834] device bridge_slave_1 entered promiscuous mode [ 165.683332][ T7835] chnl_net:caif_netlink_parms(): no params data found [ 165.702857][ T7834] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.713239][ T7834] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 165.739892][ T7834] team0: Port device team_slave_0 added [ 165.770731][ T7844] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.778094][ T7844] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.786136][ T7844] device bridge_slave_0 entered promiscuous mode [ 165.794970][ T7834] team0: Port device team_slave_1 added [ 165.800782][ T7844] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.810235][ T7844] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.819438][ T7844] device bridge_slave_1 entered promiscuous mode [ 165.851783][ T7829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.868741][ T7826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.919309][ T7844] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 165.936791][ T7829] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.004467][ T7834] device hsr_slave_0 entered promiscuous mode [ 166.031685][ T7834] device hsr_slave_1 entered promiscuous mode [ 166.081736][ T7835] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.088831][ T7835] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.097255][ T7835] device bridge_slave_0 entered promiscuous mode [ 166.106364][ T7844] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 166.124668][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.132865][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.145705][ T7826] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.160574][ T7835] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.168113][ T7835] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.176708][ T7835] device bridge_slave_1 entered promiscuous mode [ 166.204246][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 166.212085][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.219865][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.228608][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.237026][ T7828] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.244126][ T7828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.253095][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.261863][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.270289][ T7828] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.277386][ T7828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.299890][ T7835] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 166.310006][ T7844] team0: Port device team_slave_0 added [ 166.323769][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 166.332705][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.341617][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 166.350154][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.359182][ T7828] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.366380][ T7828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.374278][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.383238][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 166.391917][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.400286][ T7828] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.407404][ T7828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.426550][ T7835] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 166.443813][ T7844] team0: Port device team_slave_1 added [ 166.462698][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 166.470622][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 166.479357][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 166.488889][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 166.499078][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 166.507772][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 166.516351][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.525080][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 166.533561][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.542215][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 166.574619][ T7835] team0: Port device team_slave_0 added [ 166.615429][ T7844] device hsr_slave_0 entered promiscuous mode [ 166.681775][ T7844] device hsr_slave_1 entered promiscuous mode [ 166.734436][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 166.743062][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.756781][ T7835] team0: Port device team_slave_1 added [ 166.788577][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.835300][ T7835] device hsr_slave_0 entered promiscuous mode [ 166.901937][ T7835] device hsr_slave_1 entered promiscuous mode [ 167.003558][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.014327][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.023360][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.036901][ T7829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.069782][ T7826] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 167.080522][ T7826] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 167.105669][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.117338][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.139230][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.147937][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.157060][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.166300][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.175093][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.201075][ T7834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.317210][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.332582][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.369595][ T7826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.451886][ T7834] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.504306][ T7844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.519587][ T7835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 167.549870][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.564947][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.573900][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.582067][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.587502][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.600732][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.618726][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.625979][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.634810][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.643764][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.652976][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 167.669552][ T7844] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.694280][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.703270][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.711172][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.720074][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.728581][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.737326][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.746209][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 167.754815][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 167.763817][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.771623][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.779568][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 167.788279][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 167.796948][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 167.811947][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.820802][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.829476][ T2970] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.836607][ T2970] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.844779][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.854054][ T2970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.865223][ T2970] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.872410][ T2970] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.884294][ T7835] 8021q: adding VLAN 0 to HW filter on device team0 [ 167.902254][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 167.910210][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 167.919201][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.928123][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 167.937362][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.946212][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.955121][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.965678][ T7834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 167.979342][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.005509][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 168.014613][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 168.023913][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.031032][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.039115][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.047764][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.056218][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.064987][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 168.073544][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.080601][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.088342][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 168.097175][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 168.105941][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 168.115032][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.123998][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.143622][ T7844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 168.160093][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 168.169595][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 168.183760][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 168.205427][ T7835] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 168.216264][ T7835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 168.234335][ T7834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.242169][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 168.250878][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 168.259732][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 168.268057][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 168.276581][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 168.285356][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 168.293695][ T7828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 168.320245][ T7844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.337663][ T7835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.468549][ C1] hrtimer: interrupt took 66346 ns 05:15:07 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0xc112) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 05:15:07 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x423, &(0x7f0000000cc0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x415, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}, "b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2cf2b08292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7014fc0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"}}}}}, 0x0) [ 168.495344][ T24] kauditd_printk_skb: 3 callbacks suppressed [ 168.495358][ T24] audit: type=1800 audit(1554354907.742:31): pid=7885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16539 res=0 [ 168.678316][ T24] audit: type=1804 audit(1554354907.772:32): pid=7885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir103647605/syzkaller.B74Cne/0/file0" dev="sda1" ino=16539 res=1 05:15:08 executing program 4: r0 = socket$inet(0x10, 0x200000003, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="240000002c0007031dfffd946fa28300cee60a0009000000001d85680c1ba3a2ff030000", 0x24}], 0x1}, 0x0) 05:15:08 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000009c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(0x0, 0x0, &(0x7f00005f7ffa)='ramfs\x00', 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000400000/0x4000)=nil, 0x4000) mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x4) 05:15:08 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c64cd, &(0x7f0000000080)) 05:15:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x100000000805, 0x0) listen(r0, 0x200000003d) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x6d, &(0x7f0000745ffc), &(0x7f0000b96000)=0x35b) 05:15:08 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18}], 0x18}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) getpid() ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000180)={0x3}) sendfile(r2, r3, 0x0, 0x16300) 05:15:08 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18}], 0x18}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) getpid() ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000180)={0x3}) sendfile(r2, r3, 0x0, 0x16300) 05:15:08 executing program 4: r0 = socket$inet(0x10, 0x200000003, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="240000002c0007031dfffd946fa28300cee60a0009000000001d85680c1ba3a2ff030000", 0x24}], 0x1}, 0x0) 05:15:08 executing program 4: r0 = socket$inet(0x10, 0x200000003, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="240000002c0007031dfffd946fa28300cee60a0009000000001d85680c1ba3a2ff030000", 0x24}], 0x1}, 0x0) 05:15:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x100000000805, 0x0) listen(r0, 0x200000003d) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x6d, &(0x7f0000745ffc), &(0x7f0000b96000)=0x35b) 05:15:08 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000009c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(0x0, 0x0, &(0x7f00005f7ffa)='ramfs\x00', 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000400000/0x4000)=nil, 0x4000) mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x4) 05:15:08 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0xc112) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 05:15:08 executing program 4: syz_emit_ethernet(0x32, &(0x7f0000000000)={@link_local, @broadcast, [], {@arp={0x806, @generic={0x0, 0x0, 0x6, 0x0, 0x0, @link_local, "", @link_local, "d76115ddcf036d6384a0c4f9174c9d6f"}}}}, 0x0) 05:15:08 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18}], 0x18}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) getpid() ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000180)={0x3}) sendfile(r2, r3, 0x0, 0x16300) [ 168.833379][ T24] audit: type=1800 audit(1554354907.772:33): pid=7885 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16539 res=0 05:15:09 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18}], 0x18}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) getpid() ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000180)={0x3}) sendfile(r2, r3, 0x0, 0x16300) [ 168.902146][ T24] audit: type=1804 audit(1554354908.152:34): pid=7902 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir103647605/syzkaller.B74Cne/0/file0" dev="sda1" ino=16539 res=1 [ 168.927881][ T24] audit: type=1800 audit(1554354908.152:35): pid=7902 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16539 res=0 [ 169.045445][ T24] audit: type=1800 audit(1554354908.292:36): pid=7914 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16553 res=0 05:15:09 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$evdev(0x0, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000340)='nbd\x00') ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000300)) ioctl$VIDIOC_DBG_S_REGISTER(0xffffffffffffffff, 0x4038564f, &(0x7f0000000000)={{0x2, @name="254531ed3f2ea03f37aa09b769f8e6e0831eff12e61b92f9cfba8b3517ae619a"}, 0x8, 0x2, 0x5}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) setsockopt$inet_int(r0, 0x0, 0xa, &(0x7f0000000180)=0x10001, 0x4) r2 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x10000, 0x100) ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000100)={0x2, 0x1, 0x5f98e94f, 0x1, 0x12, 0x3f, 0x1, 0x401, 0x7fff, 0xf7f, 0x5b, 0x8ff}) getsockopt$sock_buf(r0, 0x1, 0x0, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0xf, &(0x7f000000e000/0x8000)=nil) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x10400, 0x0) write$P9_RVERSION(r3, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0xae, 0x8, '9P2000.L'}, 0x15) r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x10000000000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x4000, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000200)={'filter\x00'}, &(0x7f0000000280)=0x78) connect$llc(r4, &(0x7f0000000380)={0x1a, 0x0, 0x0, 0x5, 0x0, 0x0, @link_local}, 0x10) socket$caif_seqpacket(0x25, 0x5, 0x2) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) sendmmsg(r4, &(0x7f0000001380), 0x3c2, 0x0) [ 169.148682][ T24] audit: type=1804 audit(1554354908.332:37): pid=7914 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir103647605/syzkaller.B74Cne/1/file0" dev="sda1" ino=16553 res=1 [ 169.260350][ T24] audit: type=1800 audit(1554354908.332:38): pid=7914 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16553 res=0 [ 169.284504][ T24] audit: type=1800 audit(1554354908.472:39): pid=7926 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16554 res=0 [ 169.308006][ T24] audit: type=1804 audit(1554354908.472:40): pid=7926 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir505476740/syzkaller.HsMur8/2/file0" dev="sda1" ino=16554 res=1 05:15:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x100000000805, 0x0) listen(r0, 0x200000003d) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x6d, &(0x7f0000745ffc), &(0x7f0000b96000)=0x35b) 05:15:09 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000009c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(0x0, 0x0, &(0x7f00005f7ffa)='ramfs\x00', 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000400000/0x4000)=nil, 0x4000) mbind(&(0x7f000040a000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x4) 05:15:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x100000000805, 0x0) listen(r0, 0x200000003d) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x6d, &(0x7f0000745ffc), &(0x7f0000b96000)=0x35b) [ 170.273346][ T7957] llc_conn_state_process: llc_conn_service failed 05:15:09 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18}], 0x18}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) getpid() ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000180)={0x3}) sendfile(r2, r3, 0x0, 0x16300) 05:15:09 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18}], 0x18}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r2, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) getpid() ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000180)={0x3}) sendfile(r2, r3, 0x0, 0x16300) 05:15:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) r2 = accept4(r1, 0x0, &(0x7f0000000100), 0x800) accept4(r1, &(0x7f00000009c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4}}}, &(0x7f0000000180)=0x2bd, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000840)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x40000000013f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e21, 0x8000000000000000, @dev}, r4}}, 0x48) write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000180)={0x1, 0x10, 0xfa00, {&(0x7f0000000040), r4}}, 0x18) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x4000000000006}, &(0x7f00000002c0)=0x8) write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, &(0x7f0000000600)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18) [ 170.473749][ T7968] llc_conn_state_process: llc_conn_service failed [ 170.878791][ T7978] ================================================================== [ 170.887144][ T7978] BUG: KASAN: use-after-free in cma_check_port+0x8ce/0x8f0 [ 170.894358][ T7978] Read of size 8 at addr ffff8880a84fe588 by task syz-executor.0/7978 [ 170.902509][ T7978] [ 170.904871][ T7978] CPU: 0 PID: 7978 Comm: syz-executor.0 Not tainted 5.1.0-rc3-next-20190403 #17 [ 170.913898][ T7978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.923960][ T7978] Call Trace: [ 170.927310][ T7978] dump_stack+0x172/0x1f0 [ 170.931682][ T7978] ? cma_check_port+0x8ce/0x8f0 [ 170.936603][ T7978] print_address_description.cold+0x7c/0x20d [ 170.942605][ T7978] ? cma_check_port+0x8ce/0x8f0 [ 170.947473][ T7978] ? cma_check_port+0x8ce/0x8f0 [ 170.952343][ T7978] kasan_report.cold+0x1b/0x40 [ 170.957139][ T7978] ? __xa_insert+0x1d0/0x2a0 [ 170.961740][ T7978] ? cma_check_port+0x8ce/0x8f0 [ 170.966631][ T7978] __asan_report_load8_noabort+0x14/0x20 [ 170.972310][ T7978] cma_check_port+0x8ce/0x8f0 05:15:10 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0xc112) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 170.977010][ T7978] rdma_bind_addr+0x19c3/0x1f80 [ 170.982006][ T7978] ? lock_acquire+0x16f/0x3f0 [ 170.986713][ T7978] ? ucma_get_ctx+0x82/0x160 [ 170.991340][ T7978] ? find_held_lock+0x35/0x130 [ 170.996136][ T7978] ? cma_ndev_work_handler+0x1c0/0x1c0 [ 171.001620][ T7978] ? lock_downgrade+0x880/0x880 [ 171.006497][ T7978] rdma_resolve_addr+0x437/0x21f0 [ 171.011568][ T7978] ? kasan_check_write+0x14/0x20 [ 171.016541][ T7978] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 171.022191][ T7978] ? lock_downgrade+0x880/0x880 [ 171.027081][ T7978] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 171.033350][ T7978] ? rdma_bind_addr+0x1f80/0x1f80 [ 171.038384][ T7978] ucma_resolve_ip+0x153/0x210 [ 171.043140][ T7978] ? ucma_resolve_ip+0x153/0x210 [ 171.048068][ T7978] ? ucma_query+0x820/0x820 [ 171.052596][ T7978] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.058857][ T7978] ? _copy_from_user+0xdd/0x150 [ 171.063699][ T7978] ucma_write+0x2da/0x3c0 [ 171.068023][ T7978] ? ucma_query+0x820/0x820 [ 171.072549][ T7978] ? ucma_open+0x290/0x290 [ 171.076997][ T7978] ? apparmor_file_permission+0x25/0x30 [ 171.082569][ T7978] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.088917][ T7978] ? security_file_permission+0x94/0x380 [ 171.094581][ T7978] __vfs_write+0x8d/0x110 [ 171.098897][ T7978] ? ucma_open+0x290/0x290 [ 171.103310][ T7978] vfs_write+0x20c/0x580 [ 171.107570][ T7978] ksys_write+0xea/0x1f0 [ 171.111819][ T7978] ? __ia32_sys_read+0xb0/0xb0 [ 171.116686][ T7978] ? do_syscall_64+0x26/0x610 [ 171.121373][ T7978] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.127464][ T7978] ? do_syscall_64+0x26/0x610 [ 171.132152][ T7978] __x64_sys_write+0x73/0xb0 [ 171.136771][ T7978] do_syscall_64+0x103/0x610 [ 171.141368][ T7978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.147264][ T7978] RIP: 0033:0x4582b9 [ 171.151148][ T7978] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.170740][ T7978] RSP: 002b:00007fc7480e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 171.179136][ T7978] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 171.187203][ T7978] RDX: 0000000000000048 RSI: 00000000200001c0 RDI: 0000000000000008 [ 171.195171][ T7978] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 171.203157][ T7978] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc7480e76d4 [ 171.211154][ T7978] R13: 00000000004ce188 R14: 00000000004dd8c8 R15: 00000000ffffffff [ 171.219126][ T7978] [ 171.221464][ T7978] Allocated by task 7978: [ 171.225795][ T7978] save_stack+0x45/0xd0 [ 171.230039][ T7978] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 171.235658][ T7978] kasan_kmalloc+0x9/0x10 [ 171.239980][ T7978] kmem_cache_alloc_trace+0x151/0x760 [ 171.245427][ T7978] cma_alloc_port+0x4f/0x1a0 [ 171.250024][ T7978] rdma_bind_addr+0x1bc0/0x1f80 [ 171.254890][ T7978] rdma_resolve_addr+0x437/0x21f0 [ 171.259941][ T7978] ucma_resolve_ip+0x153/0x210 [ 171.264714][ T7978] ucma_write+0x2da/0x3c0 [ 171.269035][ T7978] __vfs_write+0x8d/0x110 [ 171.273363][ T7978] vfs_write+0x20c/0x580 [ 171.277596][ T7978] ksys_write+0xea/0x1f0 [ 171.281820][ T7978] __x64_sys_write+0x73/0xb0 [ 171.286400][ T7978] do_syscall_64+0x103/0x610 [ 171.290982][ T7978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.296850][ T7978] [ 171.299157][ T7978] Freed by task 7979: [ 171.303164][ T7978] save_stack+0x45/0xd0 [ 171.307331][ T7978] __kasan_slab_free+0x102/0x150 [ 171.312264][ T7978] kasan_slab_free+0xe/0x10 [ 171.316770][ T7978] kfree+0xcf/0x230 [ 171.320603][ T7978] rdma_destroy_id+0x7fc/0xaa0 [ 171.325478][ T7978] ucma_destroy_id+0x334/0x4a0 [ 171.336081][ T7978] ucma_write+0x2da/0x3c0 [ 171.340663][ T7978] __vfs_write+0x8d/0x110 [ 171.344982][ T7978] vfs_write+0x20c/0x580 [ 171.349209][ T7978] ksys_write+0xea/0x1f0 [ 171.353437][ T7978] __x64_sys_write+0x73/0xb0 [ 171.358015][ T7978] do_syscall_64+0x103/0x610 [ 171.362596][ T7978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.368467][ T7978] [ 171.370867][ T7978] The buggy address belongs to the object at ffff8880a84fe580 [ 171.370867][ T7978] which belongs to the cache kmalloc-32 of size 32 [ 171.384756][ T7978] The buggy address is located 8 bytes inside of [ 171.384756][ T7978] 32-byte region [ffff8880a84fe580, ffff8880a84fe5a0) [ 171.397847][ T7978] The buggy address belongs to the page: [ 171.403561][ T7978] page:ffffea0002a13f80 count:1 mapcount:0 mapping:ffff88812c3f01c0 index:0xffff8880a84fefc1 [ 171.413812][ T7978] flags: 0x1fffc0000000200(slab) [ 171.418737][ T7978] raw: 01fffc0000000200 ffffea0002a55848 ffffea00024c0308 ffff88812c3f01c0 [ 171.427316][ T7978] raw: ffff8880a84fefc1 ffff8880a84fe000 000000010000003f 0000000000000000 [ 171.435885][ T7978] page dumped because: kasan: bad access detected [ 171.442281][ T7978] [ 171.444689][ T7978] Memory state around the buggy address: [ 171.450330][ T7978] ffff8880a84fe480: fb fb fb fb fc fc fc fc 05 fc fc fc fc fc fc fc [ 171.458381][ T7978] ffff8880a84fe500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 171.466431][ T7978] >ffff8880a84fe580: fb fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc [ 171.474496][ T7978] ^ 05:15:10 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$evdev(0x0, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000340)='nbd\x00') ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000300)) ioctl$VIDIOC_DBG_S_REGISTER(0xffffffffffffffff, 0x4038564f, &(0x7f0000000000)={{0x2, @name="254531ed3f2ea03f37aa09b769f8e6e0831eff12e61b92f9cfba8b3517ae619a"}, 0x8, 0x2, 0x5}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) setsockopt$inet_int(r0, 0x0, 0xa, &(0x7f0000000180)=0x10001, 0x4) r2 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x10000, 0x100) ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000100)={0x2, 0x1, 0x5f98e94f, 0x1, 0x12, 0x3f, 0x1, 0x401, 0x7fff, 0xf7f, 0x5b, 0x8ff}) getsockopt$sock_buf(r0, 0x1, 0x0, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0xf, &(0x7f000000e000/0x8000)=nil) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x10400, 0x0) write$P9_RVERSION(r3, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0xae, 0x8, '9P2000.L'}, 0x15) r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x10000000000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x4000, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000200)={'filter\x00'}, &(0x7f0000000280)=0x78) connect$llc(r4, &(0x7f0000000380)={0x1a, 0x0, 0x0, 0x5, 0x0, 0x0, @link_local}, 0x10) socket$caif_seqpacket(0x25, 0x5, 0x2) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) sendmmsg(r4, &(0x7f0000001380), 0x3c2, 0x0) [ 171.478924][ T7978] ffff8880a84fe600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 171.486975][ T7978] ffff8880a84fe680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 171.495019][ T7978] ================================================================== [ 171.503066][ T7978] Disabling lock debugging due to kernel taint 05:15:10 executing program 5: socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$evdev(0x0, 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000340)='nbd\x00') ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000300)) ioctl$VIDIOC_DBG_S_REGISTER(0xffffffffffffffff, 0x4038564f, &(0x7f0000000000)={{0x2, @name="254531ed3f2ea03f37aa09b769f8e6e0831eff12e61b92f9cfba8b3517ae619a"}, 0x8, 0x2, 0x5}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) setsockopt$inet_int(r0, 0x0, 0xa, &(0x7f0000000180)=0x10001, 0x4) r2 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x10000, 0x100) ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000100)={0x2, 0x1, 0x5f98e94f, 0x1, 0x12, 0x3f, 0x1, 0x401, 0x7fff, 0xf7f, 0x5b, 0x8ff}) getsockopt$sock_buf(r0, 0x1, 0x0, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0xf, &(0x7f000000e000/0x8000)=nil) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x10400, 0x0) write$P9_RVERSION(r3, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0xae, 0x8, '9P2000.L'}, 0x15) r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x10000000000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x4000, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000200)={'filter\x00'}, &(0x7f0000000280)=0x78) connect$llc(r4, &(0x7f0000000380)={0x1a, 0x0, 0x0, 0x5, 0x0, 0x0, @link_local}, 0x10) socket$caif_seqpacket(0x25, 0x5, 0x2) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) sendmmsg(r4, &(0x7f0000001380), 0x3c2, 0x0) 05:15:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev}, 0x2d) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) listen(r0, 0x51) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4}, 0xb) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) recvmmsg(r1, &(0x7f0000004300)=[{{&(0x7f00000002c0)=@in, 0x80, &(0x7f00000027c0), 0x1, &(0x7f0000000080)=""/210, 0xfffffd94}}], 0x684, 0x0, &(0x7f0000004480)={0x0, r2+30000000}) [ 171.543726][ T7978] Kernel panic - not syncing: panic_on_warn set ... [ 171.550358][ T7978] CPU: 0 PID: 7978 Comm: syz-executor.0 Tainted: G B 5.1.0-rc3-next-20190403 #17 [ 171.560760][ T7978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.570829][ T7978] Call Trace: [ 171.574139][ T7978] dump_stack+0x172/0x1f0 [ 171.578487][ T7978] panic+0x2cb/0x65c [ 171.582410][ T7978] ? __warn_printk+0xf3/0xf3 [ 171.587004][ T7978] ? cma_check_port+0x8ce/0x8f0 [ 171.591851][ T7978] ? preempt_schedule+0x4b/0x60 [ 171.596783][ T7978] ? ___preempt_schedule+0x16/0x18 [ 171.601910][ T7978] ? trace_hardirqs_on+0x5e/0x230 [ 171.606960][ T7978] ? cma_check_port+0x8ce/0x8f0 [ 171.611817][ T7978] end_report+0x47/0x4f [ 171.615973][ T7978] ? cma_check_port+0x8ce/0x8f0 [ 171.620820][ T7978] kasan_report.cold+0xe/0x40 [ 171.625494][ T7978] ? __xa_insert+0x1d0/0x2a0 [ 171.630104][ T7978] ? cma_check_port+0x8ce/0x8f0 [ 171.634953][ T7978] __asan_report_load8_noabort+0x14/0x20 [ 171.640604][ T7978] cma_check_port+0x8ce/0x8f0 [ 171.645284][ T7978] rdma_bind_addr+0x19c3/0x1f80 [ 171.650224][ T7978] ? lock_acquire+0x16f/0x3f0 [ 171.654901][ T7978] ? ucma_get_ctx+0x82/0x160 [ 171.659485][ T7978] ? find_held_lock+0x35/0x130 [ 171.664250][ T7978] ? cma_ndev_work_handler+0x1c0/0x1c0 [ 171.669707][ T7978] ? lock_downgrade+0x880/0x880 [ 171.674563][ T7978] rdma_resolve_addr+0x437/0x21f0 [ 171.679589][ T7978] ? kasan_check_write+0x14/0x20 [ 171.684615][ T7978] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 171.690167][ T7978] ? lock_downgrade+0x880/0x880 [ 171.695012][ T7978] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 171.701248][ T7978] ? rdma_bind_addr+0x1f80/0x1f80 [ 171.706275][ T7978] ucma_resolve_ip+0x153/0x210 [ 171.711297][ T7978] ? ucma_resolve_ip+0x153/0x210 [ 171.716237][ T7978] ? ucma_query+0x820/0x820 [ 171.720740][ T7978] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.726978][ T7978] ? _copy_from_user+0xdd/0x150 [ 171.731912][ T7978] ucma_write+0x2da/0x3c0 [ 171.736240][ T7978] ? ucma_query+0x820/0x820 [ 171.740743][ T7978] ? ucma_open+0x290/0x290 [ 171.745348][ T7978] ? apparmor_file_permission+0x25/0x30 [ 171.750902][ T7978] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.757148][ T7978] ? security_file_permission+0x94/0x380 [ 171.762815][ T7978] __vfs_write+0x8d/0x110 [ 171.767144][ T7978] ? ucma_open+0x290/0x290 [ 171.771563][ T7978] vfs_write+0x20c/0x580 [ 171.775836][ T7978] ksys_write+0xea/0x1f0 [ 171.780081][ T7978] ? __ia32_sys_read+0xb0/0xb0 [ 171.784849][ T7978] ? do_syscall_64+0x26/0x610 [ 171.789529][ T7978] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.795601][ T7978] ? do_syscall_64+0x26/0x610 [ 171.800284][ T7978] __x64_sys_write+0x73/0xb0 [ 171.805160][ T7978] do_syscall_64+0x103/0x610 [ 171.809753][ T7978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.815652][ T7978] RIP: 0033:0x4582b9 [ 171.819556][ T7978] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.839159][ T7978] RSP: 002b:00007fc7480e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 171.847573][ T7978] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 171.855549][ T7978] RDX: 0000000000000048 RSI: 00000000200001c0 RDI: 0000000000000008 [ 171.863533][ T7978] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 171.871533][ T7978] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc7480e76d4 [ 171.879509][ T7978] R13: 00000000004ce188 R14: 00000000004dd8c8 R15: 00000000ffffffff [ 171.888325][ T7978] Kernel Offset: disabled [ 171.892731][ T7978] Rebooting in 86400 seconds..