[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 53.576609] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 53.923892] audit: type=1800 audit(1539188516.973:29): pid=5930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 55.179324] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 55.696337] random: sshd: uninitialized urandom read (32 bytes read) [ 57.731872] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts. [ 63.593679] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 16:22:08 fuzzer started [ 67.910776] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 16:22:13 dialing manager at 10.128.0.26:45337 2018/10/10 16:22:13 syscalls: 1 2018/10/10 16:22:13 code coverage: enabled 2018/10/10 16:22:13 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 16:22:13 setuid sandbox: enabled 2018/10/10 16:22:13 namespace sandbox: enabled 2018/10/10 16:22:13 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 16:22:13 fault injection: enabled 2018/10/10 16:22:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 16:22:13 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/10 16:22:13 net device setup: enabled [ 73.095985] random: crng init done 16:23:56 executing program 0: [ 174.307699] IPVS: ftp: loaded support on port[0] = 21 [ 175.522431] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.528959] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.537401] device bridge_slave_0 entered promiscuous mode [ 175.681535] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.688080] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.696557] device bridge_slave_1 entered promiscuous mode [ 175.825113] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 175.950596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 176.340325] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 176.472563] bond0: Enslaving bond_slave_1 as an active interface with an up link 16:24:00 executing program 1: [ 177.156349] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.164339] team0: Port device team_slave_0 added [ 177.416800] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.424931] team0: Port device team_slave_1 added [ 177.715534] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 177.723721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 177.732567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.940198] IPVS: ftp: loaded support on port[0] = 21 [ 177.954886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.090421] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.098107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.107114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.312263] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.319812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.328951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 180.031955] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.038432] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.046932] device bridge_slave_0 entered promiscuous mode [ 180.315612] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.322208] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.330458] device bridge_slave_1 entered promiscuous mode [ 180.388687] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.395225] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.402233] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.408684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.417352] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.628342] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.822739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.982554] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.379888] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.523365] bond0: Enslaving bond_slave_1 as an active interface with an up link 16:24:05 executing program 2: [ 182.778814] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.787341] team0: Port device team_slave_0 added [ 183.030923] IPVS: ftp: loaded support on port[0] = 21 [ 183.069330] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.077495] team0: Port device team_slave_1 added [ 183.390283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.397488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.406321] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.602363] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.609525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.618564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.868669] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.876333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.885189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.143591] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.151135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.160225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.461783] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.468241] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.476749] device bridge_slave_0 entered promiscuous mode [ 185.763952] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.770430] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.779069] device bridge_slave_1 entered promiscuous mode [ 186.041283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.289081] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.977622] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.102849] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.109447] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.116442] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.122960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.131459] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.172095] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.226032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.394520] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.427713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.639180] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.646544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.413184] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.421234] team0: Port device team_slave_0 added [ 188.703242] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.711193] team0: Port device team_slave_1 added [ 188.979875] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.987119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.996010] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.296877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.304179] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.312857] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 16:24:12 executing program 3: [ 189.613410] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.620988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.630227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.985670] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.993393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.002330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.846537] IPVS: ftp: loaded support on port[0] = 21 [ 191.301148] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.539349] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.738585] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.745139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.752137] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.758576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.767178] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.803005] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.809423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.817432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.857843] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.864390] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.872701] device bridge_slave_0 entered promiscuous mode [ 194.231866] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.250636] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.257399] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.265788] device bridge_slave_1 entered promiscuous mode [ 194.539125] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 194.834581] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 195.185396] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.670419] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 196.034036] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 196.381189] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 196.388506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.655260] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 196.663259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 197.576203] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 197.584464] team0: Port device team_slave_0 added [ 197.866110] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 197.874293] team0: Port device team_slave_1 added [ 198.124560] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 198.152379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.161143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.461547] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 198.468817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.477940] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 16:24:21 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000fd0000), 0xfffffffffffffd54, 0x20000800, &(0x7f0000deaff0)={0x2, 0x3, @local}, 0x10) [ 198.831371] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 198.839140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.848033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.193006] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 199.200608] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.209618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.440477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.463854] IPVS: ftp: loaded support on port[0] = 21 [ 201.913779] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 203.348059] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 203.354775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.362923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.393539] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.400024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.407122] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.413703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.422393] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 204.033789] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.040684] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.049180] device bridge_slave_0 entered promiscuous mode 16:24:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="ffff7f000a000200aaf4baaaaaaaaaaa1d440281961a4ad9a742a7eddd06a7ec6435cfb2ed9fc526c6ae5e20a22868878b623ec40d207ab3e4d04abd20facd7c264277fbc1dbb26ecff1e53a55b98bf2576410a90015f946000000000000000000"], 0x1}}, 0x0) [ 204.182169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.450449] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.457171] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.465528] device bridge_slave_1 entered promiscuous mode 16:24:27 executing program 0: r0 = memfd_create(&(0x7f0000000440)="7f000000000000000000000000000000015b7852d191b7770fef196b8bed11c4f9ff12da707378c54a2987498ed6dfb068ad9064502d3e1ceb92ac126f506681ff637d71c0e574d15092b1705f49c8e135927e391e942a90a2af24778f2e448cb9a3b5c37beb929fee71fb08ca61bb67633cf1e4a61bea4a86701d7df9b11fbf13c8cc93f759260f989176f88850", 0x6) ftruncate(r0, 0x1000000) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000040)={{0x3c, @empty, 0x4e24, 0x3, 'fo\x00', 0x2, 0x4, 0x6e}, {@remote, 0x4e20, 0x10001, 0x0, 0x6, 0x1}}, 0x44) read(r0, &(0x7f0000000000)=""/48, 0xfffffe18) ioctl$RTC_EPOCH_READ(r0, 0x8008700d, &(0x7f00000000c0)) [ 204.941842] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.967674] 8021q: adding VLAN 0 to HW filter on device team0 16:24:28 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)}], 0x1}, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='trusted.overlay.upper\x00', &(0x7f0000000200)={0x0, 0xfb, 0x2c, 0x2, 0x6, "8d6f3dc4c8468176f1a33be617510f2f", "d5b6764bdfcd7940794b393908cc8fbc0d64229b9c5674"}, 0x2c, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@ipx={0x4, 0x0, 0x0, "0950fe4adba7"}, 0xfffffffffffffe9e, &(0x7f0000000000), 0x51, &(0x7f0000000240)}, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x2b5) sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000000c0)=@in6={0x31100, 0x0, 0x5, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x329]}}, 0x80, &(0x7f0000000340), 0x3c1, &(0x7f0000000380)}, 0x0) [ 205.366629] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 16:24:28 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r2 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0) ioprio_get$pid(0x0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x77359400}}, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000080)="1601", 0x2}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) sendfile(r0, r2, &(0x7f00000023c0)=0x6, 0x7fffffff) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x4007) write(r0, &(0x7f0000000380), 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) [ 206.568585] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 206.940386] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.361174] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 207.368467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 16:24:30 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r2 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0) ioprio_get$pid(0x0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x77359400}}, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000080)="1601", 0x2}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) sendfile(r0, r2, &(0x7f00000023c0)=0x6, 0x7fffffff) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x4007) write(r0, &(0x7f0000000380), 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) [ 207.807794] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.815131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:24:32 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r2 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0) ioprio_get$pid(0x0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x77359400}}, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000080)="1601", 0x2}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) sendfile(r0, r2, &(0x7f00000023c0)=0x6, 0x7fffffff) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x4007) write(r0, &(0x7f0000000380), 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) [ 209.051853] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.060563] team0: Port device team_slave_0 added [ 209.214392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.562146] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.570218] team0: Port device team_slave_1 added [ 210.079274] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.086482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.095369] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 16:24:33 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x65, 0x90440) ioctl$EVIOCSREP(r0, 0x40084503, &(0x7f0000000040)=[0x5, 0x380]) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f0000000080)=0x8000) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f00000000c0)={0x5a88, 0x18, 0x3, 0x3, "5161f0c56f5e2f22e90a5d4432fb791985f527ccb7290bec59f1344defe72c9c"}) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000100)={0x1, 0x0, {0x7, 0x1e, 0x7, 0x12, 0x4, 0x7, 0x6, 0xe4, 0x1}}) clock_adjtime(0x3, &(0x7f0000000140)={0x85c6, 0x80000001, 0x800, 0x2, 0x160, 0x0, 0xca11, 0x3, 0x9, 0x80000001, 0x6, 0xffffffffffff8032, 0xfffffffffffffe00, 0x38e6, 0x0, 0x1, 0x3, 0xffffffff, 0x3, 0x39bd, 0x400, 0x80, 0xfff, 0x7fff, 0xfc51, 0x10001}) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x84, &(0x7f0000000240)=[@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x20}}, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e21, 0x6, @empty, 0x3}, @in6={0xa, 0x4e20, 0x6, @ipv4={[], [], @rand_addr=0x7fffffff}, 0x8}, @in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e23, 0x2, @remote, 0x7f}]}, &(0x7f0000000340)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000480)={r1, 0xdc, &(0x7f0000000380)=[@in6={0xa, 0x4e24, 0x4, @loopback, 0x3}, @in={0x2, 0x4e20, @multicast1}, @in6={0xa, 0x4e20, 0x0, @ipv4={[], [], @loopback}, 0x9}, @in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x4e24, 0xf1f4, @loopback, 0x8}, @in6={0xa, 0x4e24, 0x4, @local, 0x78}, @in={0x2, 0x4e23}, @in6={0xa, 0x4e20, 0x6, @empty, 0x4}, @in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e23, @multicast1}]}, &(0x7f00000004c0)=0x10) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000500), &(0x7f0000000540)=0x4) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x3) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f00000005c0)={0x0, r0}) write$FUSE_POLL(r0, &(0x7f0000000600)={0x18, 0x0, 0x1, {0x7fff}}, 0x18) execve(&(0x7f0000000640)='./file0\x00', &(0x7f0000000840)=[&(0x7f0000000680)='mime_typeuser\\', &(0x7f00000006c0)='proc$cgroupusernodev\x00', &(0x7f0000000700)='\x00', &(0x7f0000000740)='##/em0em0%\x00', &(0x7f0000000780)='/dev/bus/usb/00#/00#\x00', &(0x7f00000007c0)="657468306e6f64657665746831c27573657200", &(0x7f0000000800)='\x00'], &(0x7f0000000940)=[&(0x7f0000000880)='[nodev\x00', &(0x7f00000008c0)='/dev/bus/usb/00#/00#\x00', &(0x7f0000000900)='/dev/bus/usb/00#/00#\x00']) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000980)=0x7, 0x4) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f00000009c0)={'icmp\x00'}, &(0x7f0000000a00)=0x1e) write$FUSE_POLL(r0, &(0x7f0000000a40)={0x18, 0x0, 0x5, {0x42577dea}}, 0x18) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/sequencer2\x00', 0x6000, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000ac0)='/dev/rtc0\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000b00)={0x50, 0x0, 0x2, {0x7, 0x1b, 0x3, 0x2000, 0xffffffffffff7243, 0x7, 0x1, 0x8}}, 0x50) ioctl$RTC_PLL_GET(r3, 0x80207011, &(0x7f0000000b80)) setsockopt$inet6_dccp_int(r3, 0x21, 0x0, &(0x7f0000000bc0)=0x2, 0x4) mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000) sysfs$3(0x3) lstat(&(0x7f0000000c00)='./file1\x00', &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000cc0)='./file0\x00', &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000d80)={0x0, 0x0}, &(0x7f0000000dc0)=0xc) r7 = getgid() getresuid(&(0x7f0000000e00), &(0x7f0000000e40), &(0x7f0000000e80)=0x0) lstat(&(0x7f0000000ec0)='./file0\x00', &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000f80)='./file0\x00', &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r2, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f00000010c0)='./file0\x00', &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000001180), &(0x7f00000011c0), &(0x7f0000001200)=0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000001240)={0x340, 0x0, 0x5, [{{0x6, 0x1, 0x9, 0xb8f, 0x1f, 0xfffffffffffffff9, {0x3, 0x8, 0x74, 0x8000, 0x76, 0x0, 0x0, 0x80000001, 0x6, 0x9, 0x9, r4, r5, 0x9, 0x1b}}, {0x2, 0x6, 0xe, 0x3, 'mime_typeuser\\'}}, {{0x0, 0x0, 0x26, 0x6, 0x16, 0x8, {0x5, 0x1, 0x8, 0x101, 0x3, 0x20, 0x2744, 0x15, 0x6, 0x3, 0x2, r6, r7, 0x1, 0x5}}, {0x5, 0xff, 0x0, 0x6}}, {{0x1, 0x3, 0x436, 0x9, 0x200, 0x3, {0x0, 0xf7c, 0x0, 0x100000000, 0x9, 0x3, 0x4, 0xfffffffffffffffc, 0xffffffff, 0x80000001, 0x6, r8, r9, 0x1, 0x8}}, {0x2, 0xffffffffffffffff, 0x15, 0x4, '/dev/bus/usb/00#/00#\x00'}}, {{0x2, 0x1, 0x9, 0x6, 0xfffffffffffffff2, 0xed70, {0x6, 0x3f, 0x3f, 0x0, 0x1, 0x7, 0x5, 0x9, 0x3b80000000000, 0x6, 0x0, r10, r11, 0x0, 0x7}}, {0x1, 0x7fff, 0x3, 0xe3a, 'em1'}}, {{0x1, 0x2, 0x3, 0x7, 0x3, 0x2, {0x4, 0x7f, 0xffff, 0x8, 0x1, 0x5, 0x1ff, 0x4, 0xbbc, 0x3, 0x101, r12, r13, 0xffffffffffffffff, 0x2}}, {0x6, 0x756e, 0x8, 0x5, 'selinux$'}}]}, 0x340) 16:24:33 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r2 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0) ioprio_get$pid(0x0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x77359400}}, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000080)="1601", 0x2}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) sendfile(r0, r2, &(0x7f00000023c0)=0x6, 0x7fffffff) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x4007) write(r0, &(0x7f0000000380), 0x0) ioctl$LOOP_CLR_FD(r0, 0x4c01) [ 210.538426] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.545724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.554890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.709426] print_req_error: I/O error, dev loop0, sector 376 [ 210.730634] print_req_error: I/O error, dev loop0, sector 0 [ 210.942884] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 211.006578] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.014294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.023143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.355209] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.362945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.372093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.169090] IPVS: ftp: loaded support on port[0] = 21 [ 212.213631] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.220065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.228026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.452968] 8021q: adding VLAN 0 to HW filter on device team0 16:24:37 executing program 1: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}}, 0x14) r1 = socket(0xa, 0x2, 0x0) sendto$inet6(r1, &(0x7f0000000280), 0xfe09, 0x0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback={0x0, 0x8}}, 0x1c) [ 215.125022] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.131974] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.141045] device bridge_slave_0 entered promiscuous mode [ 215.169198] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.176142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.183632] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.190105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.198466] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 215.313221] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.319671] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.328836] device bridge_slave_1 entered promiscuous mode [ 215.463872] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 215.611931] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.838106] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.551182] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.777093] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.115271] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 217.122567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.319518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 217.326940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.106661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.143263] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.151276] team0: Port device team_slave_0 added [ 218.427412] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.435529] team0: Port device team_slave_1 added [ 218.734161] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.741272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.750325] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.969034] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.037568] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.044981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.053664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.335838] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.343572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.352543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.529628] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.539154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.548250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.022699] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.029128] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.037173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:24:43 executing program 2: [ 221.009287] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.232603] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.239080] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.246114] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.252596] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.260937] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 222.267749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.570708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.387401] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 16:24:48 executing program 3: [ 226.073117] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 226.079624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 226.087593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 226.588731] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.953281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.452094] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 16:24:53 executing program 4: 16:24:53 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r2 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0) ioprio_get$pid(0x0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x77359400}}, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000080)="1601", 0x2}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) sendfile(r0, r2, &(0x7f00000023c0)=0x6, 0x7fffffff) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x4007) write(r0, &(0x7f0000000380), 0x0) 16:24:53 executing program 1: 16:24:53 executing program 2: 16:24:53 executing program 3: [ 229.900118] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 229.906671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.914716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:24:53 executing program 3: 16:24:53 executing program 1: [ 231.007501] 8021q: adding VLAN 0 to HW filter on device team0 16:24:56 executing program 5: 16:24:56 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'lo\x00'}) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="140001000000000000008b54e52b0000000000010800080000010000"], 0x1}, 0x1, 0x0, 0x0, 0xffffffffffffffff}, 0x810) 16:24:56 executing program 3: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000140)=ANY=[@ANYBLOB='s'], 0x1) 16:24:56 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x800000000002) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$get_persistent(0x16, 0x0, r1) 16:24:56 executing program 1: r0 = socket$inet6(0xa, 0x40100000003, 0x87) sendto$inet6(r0, &(0x7f0000000080), 0xfc00, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0x0, 0x8}}, 0x1c) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000080), &(0x7f00000000c0)=0xb) 16:24:56 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r2 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0) ioprio_get$pid(0x0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x77359400}}, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000080)="1601", 0x2}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) sendfile(r0, r2, &(0x7f00000023c0)=0x6, 0x7fffffff) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x4007) 16:24:56 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'lo\x00'}) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="140001000000000000008b54e52b0000000000010800080000010000"], 0x1}, 0x1, 0x0, 0x0, 0xffffffffffffffff}, 0x810) 16:24:56 executing program 5: 16:24:56 executing program 3: 16:24:56 executing program 4: 16:24:56 executing program 5: 16:24:56 executing program 2: 16:24:56 executing program 1: 16:24:56 executing program 3: 16:24:56 executing program 4: 16:24:57 executing program 2: 16:24:57 executing program 5: 16:24:57 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r2 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0) ioprio_get$pid(0x0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x77359400}}, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000080)="1601", 0x2}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) sendfile(r0, r2, &(0x7f00000023c0)=0x6, 0x7fffffff) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) 16:24:57 executing program 1: 16:24:57 executing program 3: 16:24:57 executing program 4: 16:24:57 executing program 1: 16:24:57 executing program 2: 16:24:57 executing program 5: 16:24:57 executing program 3: 16:24:57 executing program 4: 16:24:58 executing program 1: 16:24:58 executing program 5: 16:24:58 executing program 2: 16:24:58 executing program 4: 16:24:58 executing program 1: 16:24:58 executing program 3: 16:24:58 executing program 5: 16:24:58 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r2 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0) ioprio_get$pid(0x0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x77359400}}, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000080)="1601", 0x2}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) sendfile(r0, r2, &(0x7f00000023c0)=0x6, 0x7fffffff) 16:24:58 executing program 2: 16:24:58 executing program 2: 16:24:58 executing program 4: 16:24:58 executing program 3: 16:24:58 executing program 1: 16:24:59 executing program 5: 16:24:59 executing program 2: 16:24:59 executing program 3: 16:24:59 executing program 1: 16:24:59 executing program 4: 16:24:59 executing program 2: 16:24:59 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r2 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0) ioprio_get$pid(0x0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x77359400}}, 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000080)="1601", 0x2}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2) 16:24:59 executing program 5: 16:24:59 executing program 1: 16:24:59 executing program 3: 16:24:59 executing program 4: 16:25:00 executing program 2: 16:25:00 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x8, 0x1b, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000100)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000140)=0x2) 16:25:00 executing program 5: migrate_pages(0x0, 0x7c, &(0x7f0000000200), &(0x7f0000000340)=0x3ff) 16:25:00 executing program 4: [ 237.373303] ================================================================== [ 237.380732] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 237.387848] CPU: 0 PID: 7752 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #66 [ 237.395048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.404410] Call Trace: [ 237.407023] dump_stack+0x306/0x460 [ 237.410763] ? vmap_page_range_noflush+0x975/0xed0 [ 237.415720] kmsan_report+0x1a2/0x2e0 [ 237.419555] __msan_warning+0x7c/0xe0 [ 237.423377] vmap_page_range_noflush+0x975/0xed0 [ 237.428179] map_vm_area+0x17d/0x1f0 [ 237.431912] kmsan_vmap+0xf2/0x180 [ 237.435456] vmap+0x3a1/0x510 [ 237.438558] ? ion_heap_map_kernel+0xa33/0xad0 [ 237.443144] ion_heap_map_kernel+0xa33/0xad0 [ 237.447559] ? ion_ioctl+0x690/0x690 [ 237.451270] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 237.456465] ? ion_dma_buf_release+0x430/0x430 [ 237.461043] dma_buf_ioctl+0x376/0x630 [ 237.464928] ? dma_buf_poll+0x1690/0x1690 [ 237.469074] do_vfs_ioctl+0xcf3/0x2810 [ 237.472983] ? security_file_ioctl+0x92/0x200 [ 237.477482] __se_sys_ioctl+0x1da/0x270 [ 237.481463] __x64_sys_ioctl+0x4a/0x70 [ 237.485345] do_syscall_64+0xbe/0x100 [ 237.489144] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 237.494337] RIP: 0033:0x457579 [ 237.497527] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 237.516433] RSP: 002b:00007fe7330eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 237.524139] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 237.531401] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000004 [ 237.538663] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 237.545925] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe7330eb6d4 [ 237.553185] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 237.560454] [ 237.562078] Uninit was created at: [ 237.565613] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 237.570708] kmsan_kmalloc+0xa4/0x120 [ 237.574500] __kmalloc+0x14b/0x440 [ 237.578030] kmsan_vmap+0x9b/0x180 [ 237.581566] vmap+0x3a1/0x510 [ 237.584668] ion_heap_map_kernel+0xa33/0xad0 [ 237.589072] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 237.594258] dma_buf_ioctl+0x376/0x630 [ 237.598138] do_vfs_ioctl+0xcf3/0x2810 [ 237.602020] __se_sys_ioctl+0x1da/0x270 [ 237.605989] __x64_sys_ioctl+0x4a/0x70 [ 237.609867] do_syscall_64+0xbe/0x100 [ 237.613668] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 237.618840] ================================================================== [ 237.626188] Disabling lock debugging due to kernel taint [ 237.631626] Kernel panic - not syncing: panic_on_warn set ... [ 237.631626] [ 237.638988] CPU: 0 PID: 7752 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #66 [ 237.647550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.656901] Call Trace: [ 237.659488] dump_stack+0x306/0x460 [ 237.663120] panic+0x54c/0xafa [ 237.666329] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 237.671773] kmsan_report+0x2d3/0x2e0 [ 237.675572] __msan_warning+0x7c/0xe0 [ 237.679369] vmap_page_range_noflush+0x975/0xed0 [ 237.684141] map_vm_area+0x17d/0x1f0 [ 237.687852] kmsan_vmap+0xf2/0x180 [ 237.691395] vmap+0x3a1/0x510 [ 237.694515] ? ion_heap_map_kernel+0xa33/0xad0 [ 237.699108] ion_heap_map_kernel+0xa33/0xad0 [ 237.703521] ? ion_ioctl+0x690/0x690 [ 237.707247] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 237.712443] ? ion_dma_buf_release+0x430/0x430 [ 237.717024] dma_buf_ioctl+0x376/0x630 [ 237.720920] ? dma_buf_poll+0x1690/0x1690 [ 237.725065] do_vfs_ioctl+0xcf3/0x2810 [ 237.728959] ? security_file_ioctl+0x92/0x200 [ 237.733459] __se_sys_ioctl+0x1da/0x270 [ 237.737431] __x64_sys_ioctl+0x4a/0x70 [ 237.741333] do_syscall_64+0xbe/0x100 [ 237.745130] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 237.750313] RIP: 0033:0x457579 [ 237.753499] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 237.772394] RSP: 002b:00007fe7330eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 237.780096] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 237.787357] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000004 [ 237.794619] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 237.801879] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe7330eb6d4 [ 237.809151] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 237.817561] Kernel Offset: disabled [ 237.821188] Rebooting in 86400 seconds..