[ 36.738961][ T26] audit: type=1800 audit(1554217451.768:26): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 36.768027][ T26] audit: type=1800 audit(1554217451.768:27): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.791648][ T26] audit: type=1800 audit(1554217451.768:28): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.498844][ T26] audit: type=1800 audit(1554217452.548:29): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts. 2019/04/02 15:04:23 fuzzer started 2019/04/02 15:04:26 dialing manager at 10.128.0.26:39737 2019/04/02 15:04:26 syscalls: 2408 2019/04/02 15:04:26 code coverage: enabled 2019/04/02 15:04:26 comparison tracing: enabled 2019/04/02 15:04:26 extra coverage: extra coverage is not supported by the kernel 2019/04/02 15:04:26 setuid sandbox: enabled 2019/04/02 15:04:26 namespace sandbox: enabled 2019/04/02 15:04:26 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/02 15:04:26 fault injection: enabled 2019/04/02 15:04:26 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/02 15:04:26 net packet injection: enabled 2019/04/02 15:04:26 net device setup: enabled 15:06:38 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc8a72e5e24b0f4cebb39d979d72593ab6941148a730de1da498682b2ca654a6613b", 0x4c}], 0x1}, 0x0) syzkaller login: [ 183.980276][ T7812] IPVS: ftp: loaded support on port[0] = 21 15:06:39 executing program 1: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c62, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='coredump_filter\x00') setxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x0) exit(0x0) sendfile(r0, r0, 0x0, 0x1) [ 184.111151][ T7812] chnl_net:caif_netlink_parms(): no params data found [ 184.199365][ T7815] IPVS: ftp: loaded support on port[0] = 21 [ 184.208913][ T7812] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.217225][ T7812] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.226686][ T7812] device bridge_slave_0 entered promiscuous mode [ 184.235810][ T7812] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.242960][ T7812] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.252612][ T7812] device bridge_slave_1 entered promiscuous mode [ 184.283480][ T7812] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 184.295689][ T7812] bond0: Enslaving bond_slave_1 as an active interface with an up link 15:06:39 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, 0x0, 0x0) truncate(&(0x7f0000000240)='./bus\x00', 0x800) r2 = open(&(0x7f0000000540)='./bus\x00', 0x0, 0x0) lseek(r1, 0x0, 0x2) sendfile(r1, r2, 0x0, 0x8000ffffffff) creat(&(0x7f0000000700)='./bus\x00', 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) lseek(r3, 0x0, 0x3) [ 184.354740][ T7812] team0: Port device team_slave_0 added [ 184.388532][ T7812] team0: Port device team_slave_1 added [ 184.462213][ T7818] IPVS: ftp: loaded support on port[0] = 21 15:06:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c12a41d88b070") clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000280)='./file0\x00', 0x401041, 0x0) execve(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000080)='./file1\x00', &(0x7f0000000180)=[&(0x7f0000000140)='veth1TZ\x90\xd8H\xcd\xdb\xa2~\x00'], &(0x7f0000000400)=[&(0x7f00000001c0)='\x00', 0x0, &(0x7f0000000300)='\x00', &(0x7f0000000380)='wlan0\x00']) close(r3) read$FUSE(r2, &(0x7f0000001640), 0x1000) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'veth1TZ\x90\xd8H\xcd\xdb\xa2~\x00', 0x3802}) close(r1) open$dir(&(0x7f0000000000)='./file0\x00', 0x281, 0x0) [ 184.526784][ T7812] device hsr_slave_0 entered promiscuous mode [ 184.604184][ T7812] device hsr_slave_1 entered promiscuous mode [ 184.687516][ T7815] chnl_net:caif_netlink_parms(): no params data found [ 184.717886][ T7812] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.725236][ T7812] bridge0: port 2(bridge_slave_1) entered forwarding state 15:06:39 executing program 4: timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) clone(0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) [ 184.733059][ T7812] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.740300][ T7812] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.749960][ T7820] IPVS: ftp: loaded support on port[0] = 21 [ 184.927973][ T7823] IPVS: ftp: loaded support on port[0] = 21 [ 185.008542][ T7815] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.016272][ T7815] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.024698][ T7815] device bridge_slave_0 entered promiscuous mode [ 185.034752][ T7812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.057755][ T7818] chnl_net:caif_netlink_parms(): no params data found [ 185.069745][ T7815] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.078130][ T7815] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.086527][ T7815] device bridge_slave_1 entered promiscuous mode [ 185.116074][ T7812] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.139051][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.150849][ T7822] bridge0: port 1(bridge_slave_0) entered disabled state 15:06:40 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={'veth0\x00', 0x201e}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r2, 0x1, 0x6, @random="bb22a2d43293"}, 0x10) close(r1) [ 185.159752][ T7822] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.172732][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 185.270630][ T7815] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.284810][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.297092][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.305825][ T7822] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.312904][ T7822] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.322037][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.330645][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.339143][ T7822] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.346259][ T7822] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.374788][ T7815] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.397798][ T7818] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.404988][ T7818] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.412665][ T7818] device bridge_slave_0 entered promiscuous mode [ 185.422557][ T7818] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.429705][ T7818] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.437602][ T7818] device bridge_slave_1 entered promiscuous mode [ 185.454667][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.470519][ T7818] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.480522][ T7818] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.490414][ T7815] team0: Port device team_slave_0 added [ 185.497456][ T7820] chnl_net:caif_netlink_parms(): no params data found [ 185.527006][ T7815] team0: Port device team_slave_1 added [ 185.539485][ T7812] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 185.550164][ T7812] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 185.562972][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.571715][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.580178][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.588817][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.597369][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.606016][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.614490][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.622975][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.631359][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.639998][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.647961][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.671626][ T7828] IPVS: ftp: loaded support on port[0] = 21 [ 185.699381][ T7818] team0: Port device team_slave_0 added [ 185.731432][ T7820] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.742039][ T7820] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.753395][ T7820] device bridge_slave_0 entered promiscuous mode [ 185.765495][ T7818] team0: Port device team_slave_1 added [ 185.836625][ T7815] device hsr_slave_0 entered promiscuous mode [ 185.874610][ T7815] device hsr_slave_1 entered promiscuous mode [ 185.919333][ T7820] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.926803][ T7820] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.934710][ T7820] device bridge_slave_1 entered promiscuous mode [ 185.957043][ T7823] chnl_net:caif_netlink_parms(): no params data found [ 185.980027][ T7820] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.991003][ T7820] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.042546][ T7812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.071370][ T7820] team0: Port device team_slave_0 added [ 186.120372][ T7820] team0: Port device team_slave_1 added [ 186.146293][ T7834] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 186.155585][ T7834] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 186.177536][ T7818] device hsr_slave_0 entered promiscuous mode [ 186.215024][ T7818] device hsr_slave_1 entered promiscuous mode [ 186.268624][ T7823] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.275944][ T7823] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.283582][ T7823] device bridge_slave_0 entered promiscuous mode [ 186.291935][ T7823] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.299117][ T7823] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.307183][ T7823] device bridge_slave_1 entered promiscuous mode [ 186.320900][ T7834] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 186.329259][ T7834] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 15:06:41 executing program 0: 15:06:41 executing program 0: [ 186.372878][ T7823] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.386555][ T7823] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.410873][ T7815] 8021q: adding VLAN 0 to HW filter on device bond0 15:06:41 executing program 0: 15:06:41 executing program 0: 15:06:41 executing program 0: [ 186.456872][ T7820] device hsr_slave_0 entered promiscuous mode [ 186.484763][ T7820] device hsr_slave_1 entered promiscuous mode 15:06:41 executing program 0: 15:06:41 executing program 0: [ 186.551958][ T7815] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.567776][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.576608][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.667170][ T7823] team0: Port device team_slave_0 added [ 186.676002][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.684818][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.693087][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.700209][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.708511][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.717212][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.725656][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.732794][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.753780][ T7823] team0: Port device team_slave_1 added [ 186.760916][ T7828] chnl_net:caif_netlink_parms(): no params data found [ 186.796808][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.804910][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.875752][ T7823] device hsr_slave_0 entered promiscuous mode [ 186.924349][ T7823] device hsr_slave_1 entered promiscuous mode [ 186.992199][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.000816][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.009779][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.018580][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.027869][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.036499][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.061365][ T7820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.078893][ T7828] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.086367][ T7828] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.094889][ T7828] device bridge_slave_0 entered promiscuous mode [ 187.102566][ T7828] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.110517][ T7828] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.119030][ T7828] device bridge_slave_1 entered promiscuous mode [ 187.139271][ T7828] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.150548][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.159126][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.174510][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.182933][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.211307][ T7828] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.222425][ T7815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.233714][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.242811][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.265885][ T7828] team0: Port device team_slave_0 added [ 187.273101][ T7828] team0: Port device team_slave_1 added [ 187.296655][ T7820] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.376720][ T7828] device hsr_slave_0 entered promiscuous mode [ 187.426996][ T7828] device hsr_slave_1 entered promiscuous mode [ 187.466687][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.475496][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.483928][ T7825] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.490999][ T7825] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.500025][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.513734][ T7818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.524707][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.533360][ T7822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.545568][ T7822] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.552609][ T7822] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.587961][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.598135][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.605971][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.617184][ T7818] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.630856][ T7815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.650812][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.660689][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.672491][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.679631][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.687963][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.697024][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.718789][ T7823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.727647][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.745273][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.754971][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.767675][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.776594][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.785447][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.794565][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.811753][ T7820] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.827781][ T7820] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.839881][ T7831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.850056][ T7831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.858810][ T7831] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.865942][ T7831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.874534][ T7831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.883078][ T7831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.891483][ T7831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.900484][ T7831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.920615][ T7823] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.939092][ T7818] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 187.949828][ T7818] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.963184][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.972511][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.981693][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.989984][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.998665][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.007390][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.016530][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.025049][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.033399][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.041824][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.050627][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.058636][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.081724][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.090563][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.099077][ T7829] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.106156][ T7829] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.115509][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.139430][ T7818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.149330][ T7820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.161224][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.171776][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.180557][ T7825] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.187669][ T7825] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.214412][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.223630][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.266563][ T7828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.299992][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.322312][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.332210][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.341669][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.350555][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.359103][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.367691][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.376192][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.385329][ T7829] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.395714][ T7823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.430275][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.438959][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.461038][ T7828] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.481371][ T7823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.514316][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.522942][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.531778][ T7825] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.538880][ T7825] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.547967][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.557240][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.565698][ T7825] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.572835][ T7825] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.594627][ T7825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.624496][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 15:06:43 executing program 1: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c62, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='coredump_filter\x00') setxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x0) exit(0x0) sendfile(r0, r0, 0x0, 0x1) 15:06:43 executing program 0: [ 188.643261][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.700174][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.725682][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.748642][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.777249][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.791860][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 15:06:43 executing program 2: 15:06:43 executing program 0: [ 188.807687][ T7828] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.819454][ T7828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.884036][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.906123][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.935139][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.943627][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.972537][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.989951][ T7828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.035587][ T7893] device veth0 entered promiscuous mode [ 189.054127][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 189.060143][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 189.108523][ T7892] device veth0 left promiscuous mode 15:06:44 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_execute_func(&(0x7f00000001c0)="410f01f9c4e27d19e664ff0941c3d9ff470f41a48f54093d1166420fe2e33e0f1110c442019dcc0f18dc") sendmsg(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x4000001) 15:06:44 executing program 4: 15:06:44 executing program 3: 15:06:44 executing program 2: 15:06:44 executing program 0: syz_execute_func(&(0x7f0000000080)="410f01f964ff0981d90e46000041c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dccc6072a") r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ubi_ctrl\x00', 0x0, 0x0) fsetxattr$trusted_overlay_upper(r0, 0x0, 0x0, 0x386, 0xfffffffffffffffd) 15:06:44 executing program 1: syz_execute_func(&(0x7f0000000080)="410f01f964ff0981d90e46000041c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dccc6072a") getrlimit(0x0, 0x0) 15:06:44 executing program 2: syz_execute_func(&(0x7f00000001c0)="410f01f9c4e27d19e664ff0941c3d9ff470f41a48f54093d1166420fe2e33e0f1110c442019dcc0f18dc") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, 0x0, 0x0) 15:06:44 executing program 4: syz_execute_func(&(0x7f00000001c0)="410f01f9c4e27d19e664ff0941c3d9ff470f41a48f54093d1166420fe2e33e0f1110c442019dcc0f18dc") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0) 15:06:44 executing program 3: syz_execute_func(&(0x7f00000001c0)="410f01f9c4e27d19e664ff0941c3d9ff470f41a48f54093d1166420fe2e33e0f1110c442019dcc0f18dc") clone(0x84007bf7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) mknod(&(0x7f00000000c0)='./file0\x00', 0x1142, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) ptrace(0x10, r0) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, 0x0) ptrace(0x11, r0) 15:06:44 executing program 0: 15:06:44 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22}, 0x10) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000596000)=0x9, 0xfee9) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000100)=0xb, 0x4) bind$inet(r1, &(0x7f0000000140)={0x2, 0x4e22}, 0x10) 15:06:44 executing program 5: ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000800000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) 15:06:44 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000596000)=0x9, 0xfee9) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet(r1, &(0x7f0000000140), 0x10) dup2(r0, r1) 15:06:44 executing program 0: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={0x0, @local, @loopback}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f0000000100)=""/19) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$clear(0x7, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x519) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 15:06:44 executing program 1: syz_execute_func(&(0x7f00000006c0)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f1110c442019dcc6f") r0 = syz_open_procfs(0x0, &(0x7f0000000400)='\x00\x00\x00D\xde\x9b\x02\x16\a') r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x03\x00\x00\x00\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5\xfe\x13\x15\x14\xd7\xb8\xed\xf20\x1e\xc0\xc2\xedz?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7J\xbdX?\xc4\xf4BV\x1744`\xd1@\xb6T\xa6\x81\xb0\xfa\xc4RW\x01\x1f%\xd8\x01\xd0W\xc8\xb09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#\xf7a\xff\xff\xff\xff\xff\xff\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t\x00\x00\x0e\xa9\x04G*\xd4]\xc3\xcdp\xca+x\x93\xc0g.l\t\r\x1bE\xf3Y\xf0G4\xde\x970]\xa2\xf0\xc4\xb7\x19\xc5xe\xb5\xe2\v\xff\xe8i5I\x89\x9b\xcdZ\xb4\xcd\xa5|\xe2\xca\x88\xf8|\x99\xd09\xb4zc\x90g\xd8\xf1\x05\xefH\xb2\xf8ph\x04\xfb\x9e\x84\x84\x80\x17r\x1a\x88\x8fI\x9c\n\xba\x8c\x9a\x98\xee\xcc\n\x9c\xc2\xea\t\x18\xc8\xfbr\x9e*\xdeE\x80\x10\xd7\xee.\x9c\xed\x81aY:\x95\xd7&\x99\xa5\x80\x05\xec+}mu\x12\x98^\xeb\xfb\x00t?@\x81\x16\xb9\"}\x92k\x81CR\x94\xccIW5\xe6\x98\x9e\xb1\x91\xfe\xbe\xec\x17\x0f\"\xb9(5\x8aZ^\x10({A\x94.\x00\x00\x00', 0x0, 0x0) lseek(r1, 0xfffffffffffff239, 0x0) 15:06:44 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000001340)=[{&(0x7f0000000140)=""/49, 0x31}, {&(0x7f0000000180)=""/107, 0x6b}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/55, 0x37}, {&(0x7f0000001240)=""/251, 0xfb}], 0x5) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) unshare(0x4a000000) lsetxattr$security_selinux(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:run_init_exec_t:s0\x00', 0x25, 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8002, 0x2) 15:06:44 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = syz_open_procfs(0x0, &(0x7f0000000080)='coredump_filter\x00') write$P9_RMKNOD(r1, &(0x7f00000000c0)={0x14}, 0x14) 15:06:44 executing program 4: r0 = syz_open_dev$evdev(&(0x7f00000004c0)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000000)="6896"}) [ 189.585833][ C0] hrtimer: interrupt took 61841 ns 15:06:44 executing program 1: sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x519) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) 15:06:44 executing program 5: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2200080, 0x0) chdir(&(0x7f0000000240)='./file0\x00') r0 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) write$UHID_INPUT(r0, &(0x7f0000000c80)={0x8, "5f5539ae7383df635d7eb9f00cde999ef4e1d4fbae589edcbcd64ae9781d89f20a7c347bd734db9d80a3e9ee0d0f04fe5305dacf9e656dc623d0d8abb05b81ebf7fa83533ebfe364612ee7d5571be6e3af5eccf0e26370ff66a26e95f4b7b1206b9d9a70fe612b356ec5074716b0e71eb9f60ac1c5e653c9a7de0de9a5f8c8047f77ece27201fc36e2ca04338864356e123b3b96be97afa5d6698e6f08a657f7ad07b42df05dfca83247581434b575e2d4419e52f1103e9e3ddc440a98f9caeace71f8affb3cfc62e4b428403787ff063d2923a50c0410f191c7923b77c51fea54cc7f2b8adcd2a5e1f53495c168736a160f28435b70f6e40df8523c2deaef8b70f13bc408d1d6eb05dbcae35f0c12cb00b8d589c0dda912acf9315852e1cbb85857f9421cd623fc5046448db22eec3c07358c4778c73a2495bf3452b18d8e904ed88ae250a99edb20b78fc923ccc841847a4f6d514320309afe2f0a075e50096c7a8cd4da2d88791d01a10cea10a97d32e8bb05a5e2bf52be5fffa3fb26953a0fadac598644cf0297d01d5c1ed9f2123ba789fa650b0d140a478903cc23a5b5c2a2a52f19bdd40039ac0291f648f1f991e272c52669f7843e73b3be22103fe0a88d5d405b9ecea5d602be0b5466d18d8a971b69a8e80e48621103a6bc6ee3a7b70b199005241779f22fa2cc159988eaf2d53c858ec06ab56acc232b587ffee3a5cb29f5641b2189fb1617d1a652e42511fe2e447a2636f18ceabc261126200193eb9f309f80aa204a93883bf6fb247ade866685f300295f8735e18d1d81365dbd2bddfa1779c59effed803bbe0a68302b1ab0f0d00892138ad24d52d653d92897bd28c2f031a77eae54ef3ce9a1fc44ea41763b2d780a454f68ea1a297302b4fa6664923a818040f5a74e0db3ff24e940e97d4abff40af2d36f7bceb8a0c5e90dbefbc8ba496f6e42f11ce11fb20655138f9387938abc3aa3a742f749a8695d972c537127519f654945bac96f0a2ef9d6b24f2226ae677684e3eb63041d6b5105777a8e6aa41ff11366448c0af1ddf5e3f2a1d828b4c9ede3809eab736c9035f2a7032ce38b699dfdc3e158e1ce62d325441e1b05a3ba5f663f20b0cb703cb2960aad298177881aa6b52bf4ae112c5d2bb691ac34b0723be7ddcfff0015e578475db1f062c5a50b54bbcba2f591eb4d6de66f386b0d5dd3975229ad25ae95d82266dfb9c1a6f497ef54b6ac5ee81edae16c47e89f9a435377dfac411db459559ce483921251745b8b94f69d4815b009ea86aedc5a75a516ff2afaff9a418f73c2cacbcdf45dd02ba962399f9b81e149635c2b4c0bda790a6d72fc243f6fbc73d0a0636db51c03d93b44b42c07f2269b465231f953e6a45dc549e9b5ef05443da7820cd667f5b0ff47a13f0a3df630a6f98f72e09978b829389d6a11afb0a7a0988822bb95fcb50399e51295f464662118646d2996da0fa710b082036820ae0a60828479bad4489061244b74179cfec74ab273551190c0eb2ca95be86391b8e469454796d04b29646b8aaae49889ffd84e83e33fb0cd7b10d778e72422f474911897dbd4548d9658e9af23cfff0ad4a7d750ab59e0f8988082ab7ac8d27eeab1c5809de6694aba8ee6ff1ba23d422f38dc026a77933cb0fc916d22131f7f736e35c881c5551f13a5037f65b9090372bb8e73bb9cd686715afef6b40ff275a978078c1e1c7db358285e5caee5c53cb4a7b446db91e5c0615342265edd9f09a72002aae56c7ad4269a0513569db514ee852724cdcccb72e8836fc270f7aa03e03e65f4572c2909e6fb1b557e89c3b505ba2f2b10b545513758abdbdc5b3e5ec1fe4d6bd5947b354058eccb79f10e971a85bdafa5aa27224acc734d884f9282ed033fc540defa3181d451713565d940879cd70a1d704b9a390de509351d5129bff18051b0c7ca196a78d3b8d0c8f384c79ad637b2e1770fecfc980960ef403cbc6bb284792cd169133f35aea028d9ffdc1668572dd197db86a26cb6fe1bb822bb76968ef2cd3c384704b75d0f17a50bcce054a400edd3b2f2abf72d2d8a679fdc94216d2d7d43ca1e60aeb5a313f8104f8ae54e75beb6c106cf080b9ecc9a1f91508b37d9ede25a1bede738c3a7f3501391a7b1863fe120ea26c4ff13f1de4588b150f3f2c12a9b9d92e6a8610c788c4d449a91416307a313536e1779bef88028d65a9398c5d1492b729d5f08e34e64fa07507f64297a1f9305a2d68169f653d5c107c9860ca0d822916eb357c646c229e792b1a5da56b35ab971bb82e41581e11f24f9c6b26c019dd2f2f89f2a82b74bd856ed7b46a2d9c07b2856bc39e9a28f271c5bb06db5bfa04d21e37e778b3e03071d25da8bbc91543fe8909603ba92e3455cb0edfe1dc040f12c169a97a5b8fb09f97acda29ab8491e7c9f81320b1a9de5773078557a6a0bdc5a1bfd2d953c47b3e5ccc70d76dc4ba10c297d7591e2c2150b8235de09714fedcf23aedb0ec9586e52f6af6c299256ad5a0a4ce22666be48592977dc5ff5c5eea529b81df4510016240b8fc8489bf59c899bb75481220554d0b9aebf1660cb72b01dfc3ffaac27dc1d36247e86339c6d99fc3ca8edf585fdb236ecdffda1b99819f873367ee5d8fde5d596517f895c9154deab01ca26008edbeadecfe33cae750ff044469a1b3b104b35af0c04a35a48aecf54dd8844b598432b81f67ce232ad46a247cad103274cd7c206d890008b149aaa3310f9794243cc5e04d4bd3e66a5b01ef67044412eba507a20399856cd26fb6233ebc064aa7b5ba94198bc05301dd74d6875b6d3b4731c2a11f0656767a3e6ba0a3d6951a7f9385ff99876891b8150ac5257756ef92a6c3854ccba8f13bca3cd3e66fdc93feefc44c3eba570970e0a6921f1eef24713ed5a174b8e52a0bc1bd3b420bdd0e521835289d29267fca4512caeaf64d1adeba2457864801d30d37e4eea965f8cfdb314f62307d8a12084a65da330f800862cae3876cdffe8c77d982ce9527b069628f0d796c0ec1c1b423ab6eb248e176a9b201d4de572f7901d8d88ae3dc6c3f196a4e3fb81552f16f7a7b7b3a242824b0618a855fc150fe8d484c80b3e1ea6c42f165dcfa7b0b292f9c7f27179d32260d4f472385a8818f7d76133030cf1256153b4162c8c3a3629c01e9b8cb5a30b3d0068d7f0e3727d8159739386511746fad1cfcc98c7af05b489876432957c6d59c51f12ebb62acac90311e6b00cea58b355db5a36718dfb8140d23e64e41ef9d33969cae75ea3ef8f14ad8c9b2d0c8bd7bf4366b091b5992ffbd71800495c0484cbee4b5fffaede0808cdcfa2409227e6b96dd82481d6d00bfff72c29f860b7fa4fa9c3634d9a2e4f7a8ef240c997b749e0562514d5c2c5d66da75149dea37b1cbb347fa0df5be2b9a5ddf20a6d47936b3b55cedc64453e69413a89c8a9eaeda00fccc96281b4f29db0f3e45fa098c77ffe3c0488529ecfa801cdf7fe8a23f6a3aa04acaf4e300c44e6d873f43b9fd4b13cbed2411c97378e07c7a6799d272d36ac8964233130947ed88f727915fa58a4812ceacd6cc6a52bc7fcba5e57543e93d293d5a428c73b194f33ba752b0ebeb0262423e7a8f490707a220857f44e191304cffb93cfc75b217ca306292549c8742fe3aa62a464d40c666115015201c0fef3e9555615f91c3d15b6e1556a9b04febc2ae7e3d689ca5f58b51f2717ae8c5153f2c2a4df11ea8cafcc369327c2a0a6f7946daf09be323d59e4b0e42ebcdeca373a6d70a3286382f1405b7107af899da00dbd52324657870bd18ca26f3ef47e0e81cd335c827512e88f24202836e7a1b505f0d03a23d577430d971458a11ff42e36b2d2883b664d402eb7497a90ba1f94829b6d9c6b4c4f7e9dc49882520a6fd2590cb8b41328541b9076e43f6019c3da9084e57960478c268f4215bb98455fbd2981e7e37caf7aaf9008f87cfe196da930637c55da5a34e142a433494e6f92a5985d7e6fc0ec68d2ad25144919af6dc81afc88cd05f01b401730bccc3086c9dd06d38ed522e52e7ffae7671898fb91cec0821c061aaea6c47ae877d2d7f5ca1ecf159e0ea152ce713f652c116f62e12cad293331db922a5fed311ab22096d90fc17ccc53f84d46eae680def0b9949e0d9debff263d575e590941a5ce0b33548beb6dbc01104f6054da73cc349625adece6a54e092d8d740915b91d81df30374a78693d6b69724f05354d61ac0febff4a544b88954d11d3f4927895edf6ad755313227ac87f24f12d70a831df16bd45c4a03570fdf27d698fa5581fce2d002890a3f2059a6bfdf77f0aeee3ad8318449bc1b2d486b225b148a78e921c73a2c37256dfb1ad611e410d5436e0d31d00ab5177da7915a74ef3307927c23c764f5cf62c3e2db86284c9abb39045b625d507f5c8d440557b4dad2a39593fbb572cce25a364aae44134fdd97ef0148690881bee42b6bd929f12cdf07996597a2a8366b12841f8fb8dfc0ece651756637b95c6bdb92320302805b4a700e7d3dfb0b8878862f400f8437a6c153b5fab40d30af07e73cf4345cb6fa81574018a7bc0e8789fae8b8560f4b93d413fa8e0e0218527ccb82873fc9da6cc34b6197c1d8bd9223ab7c4efb1f8cf021450037f4576934d83116655c120062fc3b912176fd395ccc792d492f2730465f8b4c68155b6ceb52e80742d2970e24004171f4685cd78467a4e943a0fecff66dffff10922d69236460dc37c1df9b19dded1ecb932dd8dd2045d2f8e8d3dfb6a83a65d6623553a2aed7a12b78effeeaa58eec84cdefc84923177afb7bd04f6fc3d3332d63ed5c5d6fe8820b9853e7615407eb23962f5232db44bc0267e7f07e47b158de0732a974b80aeb00ffeeca83d26fe21e487ea4472cd9048f942155784af8f68006cdb4286480a7ffa1ba6e93fe7fdb33283359d28bf9311dee59899e0e77aa113fadda21526c8e2bd60f21e182b735a5b0177fb95e948857c6c4ae391b2b4950a35b129e7bf25b7eb2c0857290c55f5d28b78ca1f39f0cd676610805b0a378647ae958182b26de1ddbf80e80d7ab1d2476086ed192e98bee0969bc0e8765278cb5570ccc29ac6d7298821bff4f85895deffcf4ce54a69878cfb41eade0d8703cbcff02352733ace2d800ba68b0fdcc52b94247ecacddf80ad228cf76eb547d276d0f6402054e34c3569e2b53ea3cbc54e49e099372cde3acd1ba47f836a765f855763a175a58ec4d6cecc72375da2d8c956c2868e77bfdb697182b554f0b743d7095cf13a3ba1d19e7590c281bd09ce235898a9682aacb5633b4fa4c3bdd71139c20c518b6a7651a47df7658a5a7ed41b3e7e43543d68c1dd4a5d01ec7e42cabdd6963db84f0d69b5a471ff8b929a8774baee39b14ab325af2ea7756c656c0135a59568499208341333d6b896cf0cc10108970e20313df241d179bd2a4d2392b269e6aeb9d2570bba7e3c67f49e90cf95562f93077a5fb588225724d444fcd8da55921dcff7b0be49ac0171ae98209e729f65bcebe447ccc0a185719f3fd55d1ae263daac4a420da91d05cdfc85d48e5743483dbb6fe81e5c216948953d95d5e725db17df44f05a57c6cc425e55572f9163e536a6d2d51d5213c937f6ddba08fc1f90ec73088a766a685f2c0d43b80422d48eef23b2ea588ea26b8dffb4f0df0cf91d6ea8f14a663ba2b165e4427010742fe63905d62b9dcf2385dce09fe75e4746d5c9c402ee77bfc9f39a28eb9f2751a81b090a499706accafbf5ae1afa9af350fd7481bb", 0x1000}, 0x1006) sendfile(r0, r0, &(0x7f0000d83ff8), 0x2008000fffffffe) creat(&(0x7f0000000080)='./file0\x00', 0x0) [ 189.717970][ T7951] IPVS: ftp: loaded support on port[0] = 21 15:06:45 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x100000000000100, 0xba) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000500)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f00000000c0)={0x11, 0x800, r2, 0x1, 0x0, 0x6, @local}, 0x14) sendto$inet6(r0, &(0x7f0000000100)="1c0300000310600000c50100fff51b4202938207d9fb0380", 0x18, 0x0, 0x0, 0x0) 15:06:45 executing program 4: openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @remote, @loopback}, 0xc) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) 15:06:45 executing program 0: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={0x0, @local, @loopback}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f0000000100)=""/19) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$clear(0x7, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x519) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 15:06:45 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 15:06:45 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x20000, 0x0) msgget$private(0x0, 0x20) msgget(0x0, 0x98) msgget(0x3, 0x100) msgget(0x0, 0x250) msgget(0x0, 0x10) r0 = msgget(0x1, 0x8) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x410200, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000080)) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000340)=""/226) shmctl$IPC_RMID(0x0, 0x0) [ 190.307708][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 190.313878][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 190.412409][ T7956] IPVS: ftp: loaded support on port[0] = 21 15:06:45 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmdt(0x0) 15:06:45 executing program 3: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) request_key(&(0x7f0000000140)='id_legacy\x00', &(0x7f0000000200)={'syz'}, 0x0, 0xffffffffffffffff) 15:06:48 executing program 2: openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @remote, @loopback}, 0xc) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) 15:06:48 executing program 1: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r1 = socket(0xa, 0x400000001, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f00000001c0)={0x6, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_mreqn(r0, 0x0, 0x6, &(0x7f0000000740)={@remote, @initdev}, 0xc) 15:06:48 executing program 5: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000040)=0x72, 0x4) bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) setsockopt$sock_timeval(r2, 0x1, 0x15, &(0x7f00000000c0)={0x0, 0x2710}, 0x10) splice(r0, 0x0, r2, 0x0, 0xe212, 0x0) 15:06:48 executing program 0: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={0x0, @local, @loopback}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f0000000100)=""/19) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) keyctl$clear(0x7, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)=ANY=[], 0x519) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x17}) 15:06:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x80ffff, 0x201a7fa6, 0x5, 0x1, 0x18}]}, &(0x7f0000000100)='GPL\x00'}, 0x48) 15:06:48 executing program 4: openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$TIOCLINUX2(0xffffffffffffffff, 0x541c, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @remote, @loopback}, 0xc) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) 15:06:48 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000080)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xef\x00\x00\x03\xff\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000140)={{0x80, 0x6}, 'port0\x00'}) 15:06:48 executing program 3: socket$inet(0x2, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000180)={0xe, 0x3, 0xfa00, @id_resuseaddr={&(0x7f0000000480)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000004c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @mcast1}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000540)={0xe, 0x302, 0xfa00, @id_resuseaddr={&(0x7f00000002c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x6ee1f56b) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000003c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0fe]}}, r2}}, 0x48) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000240)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 15:06:48 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x98}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 15:06:48 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000080)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xef\x00\x00\x03\xff\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000140)={{0x80, 0x6}, 'port0\x00'}) 15:06:48 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000080)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xef\x00\x00\x03\xff\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000140)={{0x80, 0x6}, 'port0\x00'}) 15:06:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x8, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x1018}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 15:06:48 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000080)=""/40) 15:06:48 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000080)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xef\x00\x00\x03\xff\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000140)={{0x80, 0x6}, 'port0\x00'}) 15:06:48 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_robust_list(&(0x7f0000000100), 0x18) 15:06:48 executing program 3: socket$inet(0x2, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000180)={0xe, 0x3, 0xfa00, @id_resuseaddr={&(0x7f0000000480)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000004c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @mcast1}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000540)={0xe, 0x302, 0xfa00, @id_resuseaddr={&(0x7f00000002c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x6ee1f56b) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000003c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0fe]}}, r2}}, 0x48) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000240)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 15:06:48 executing program 4: socket$inet(0x2, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000180)={0xe, 0x3, 0xfa00, @id_resuseaddr={&(0x7f0000000480)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000004c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @mcast1}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000540)={0xe, 0x302, 0xfa00, @id_resuseaddr={&(0x7f00000002c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x6ee1f56b) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000003c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0fe]}}, r2}}, 0x48) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000240)={0x7, 0x8, 0xfa00, {r1}}, 0x10) 15:06:48 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000140)={{0x80, 0x6}, 'port0\x00'}) 15:06:48 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000080)=""/40) 15:06:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="fd0000000700000025000000000000009500005f00000000"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 15:06:49 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000140)={{0x80, 0x6}, 'port0\x00'}) [ 194.041065][ T8069] ================================================================== [ 194.049404][ T8069] BUG: KASAN: use-after-free in cma_check_port+0x8ce/0x8f0 [ 194.056614][ T8069] Read of size 8 at addr ffff88809ae1b8c8 by task syz-executor.3/8069 [ 194.064763][ T8069] [ 194.067113][ T8069] CPU: 0 PID: 8069 Comm: syz-executor.3 Not tainted 5.1.0-rc3-next-20190402 #16 [ 194.076145][ T8069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.086230][ T8069] Call Trace: [ 194.089534][ T8069] dump_stack+0x172/0x1f0 [ 194.094577][ T8069] ? cma_check_port+0x8ce/0x8f0 [ 194.099439][ T8069] print_address_description.cold+0x7c/0x20d [ 194.105437][ T8069] ? cma_check_port+0x8ce/0x8f0 [ 194.110310][ T8069] ? cma_check_port+0x8ce/0x8f0 [ 194.115260][ T8069] kasan_report.cold+0x1b/0x40 [ 194.115293][ T8069] ? __xa_insert+0x210/0x2a0 [ 194.115309][ T8069] ? cma_check_port+0x8ce/0x8f0 [ 194.115327][ T8069] __asan_report_load8_noabort+0x14/0x20 [ 194.115341][ T8069] cma_check_port+0x8ce/0x8f0 15:06:49 executing program 5: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc2ca) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=@known='com.apple.FinderInfo\x00') 15:06:49 executing program 0: syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) 15:06:49 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$negate(0xd, 0x0, 0x0, 0x0) [ 194.115366][ T8069] rdma_bind_addr+0x19c3/0x1f80 [ 194.115381][ T8069] ? lock_acquire+0x16f/0x3f0 [ 194.115395][ T8069] ? ucma_get_ctx+0x82/0x160 [ 194.115409][ T8069] ? find_held_lock+0x35/0x130 [ 194.115432][ T8069] ? cma_ndev_work_handler+0x1c0/0x1c0 [ 194.115450][ T8069] ? lock_downgrade+0x880/0x880 [ 194.115468][ T8069] rdma_resolve_addr+0x437/0x21f0 [ 194.115484][ T8069] ? kasan_check_write+0x14/0x20 [ 194.115497][ T8069] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 194.115507][ T8069] ? lock_downgrade+0x880/0x880 [ 194.115521][ T8069] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.125022][ T8069] ? rdma_bind_addr+0x1f80/0x1f80 [ 194.125051][ T8069] ucma_resolve_ip+0x153/0x210 [ 194.125070][ T8069] ? ucma_resolve_ip+0x153/0x210 [ 194.179274][ T8069] ? ucma_query+0x820/0x820 [ 194.215118][ T8069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.221413][ T8069] ? _copy_from_user+0xdd/0x150 [ 194.226290][ T8069] ucma_write+0x2da/0x3c0 [ 194.226304][ T8069] ? ucma_query+0x820/0x820 [ 194.226316][ T8069] ? ucma_open+0x290/0x290 [ 194.226334][ T8069] ? apparmor_file_permission+0x25/0x30 [ 194.226352][ T8069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.226370][ T8069] ? security_file_permission+0x94/0x380 [ 194.226392][ T8069] __vfs_write+0x8d/0x110 [ 194.226404][ T8069] ? ucma_open+0x290/0x290 [ 194.226422][ T8069] vfs_write+0x20c/0x580 [ 194.226441][ T8069] ksys_write+0xea/0x1f0 [ 194.226459][ T8069] ? __ia32_sys_read+0xb0/0xb0 [ 194.226476][ T8069] ? do_syscall_64+0x26/0x610 [ 194.226491][ T8069] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.226504][ T8069] ? do_syscall_64+0x26/0x610 [ 194.226521][ T8069] __x64_sys_write+0x73/0xb0 [ 194.226537][ T8069] do_syscall_64+0x103/0x610 [ 194.226554][ T8069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.226566][ T8069] RIP: 0033:0x4582b9 [ 194.226581][ T8069] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 15:06:49 executing program 0: syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) 15:06:49 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000140)={{0x80, 0x6}, 'port0\x00'}) 15:06:49 executing program 0: syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) [ 194.226589][ T8069] RSP: 002b:00007f10dcec4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 194.226603][ T8069] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 194.226612][ T8069] RDX: 0000000000000048 RSI: 00000000200003c0 RDI: 0000000000000003 [ 194.226620][ T8069] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 194.226630][ T8069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10dcec56d4 [ 194.226639][ T8069] R13: 00000000004ce188 R14: 00000000004dd8c8 R15: 00000000ffffffff [ 194.226660][ T8069] [ 194.226667][ T8069] Allocated by task 8028: [ 194.226684][ T8069] save_stack+0x45/0xd0 [ 194.226698][ T8069] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 194.226710][ T8069] kasan_kmalloc+0x9/0x10 [ 194.226725][ T8069] kmem_cache_alloc_trace+0x151/0x760 [ 194.226740][ T8069] cma_alloc_port+0x4f/0x1a0 [ 194.226754][ T8069] rdma_bind_addr+0x1bc0/0x1f80 [ 194.226769][ T8069] rdma_resolve_addr+0x437/0x21f0 [ 194.226779][ T8069] ucma_resolve_ip+0x153/0x210 [ 194.226789][ T8069] ucma_write+0x2da/0x3c0 [ 194.226802][ T8069] __vfs_write+0x8d/0x110 [ 194.226815][ T8069] vfs_write+0x20c/0x580 [ 194.226827][ T8069] ksys_write+0xea/0x1f0 [ 194.226841][ T8069] __x64_sys_write+0x73/0xb0 [ 194.226855][ T8069] do_syscall_64+0x103/0x610 [ 194.226868][ T8069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.226872][ T8069] [ 194.226879][ T8069] Freed by task 8023: [ 194.226893][ T8069] save_stack+0x45/0xd0 [ 194.226907][ T8069] __kasan_slab_free+0x102/0x150 [ 194.226921][ T8069] kasan_slab_free+0xe/0x10 [ 194.226934][ T8069] kfree+0xcf/0x230 [ 194.226947][ T8069] rdma_destroy_id+0x7fc/0xaa0 [ 194.226959][ T8069] ucma_close+0x115/0x320 [ 194.226969][ T8069] __fput+0x2e5/0x8d0 [ 194.226980][ T8069] ____fput+0x16/0x20 [ 194.226994][ T8069] task_work_run+0x14a/0x1c0 [ 194.227009][ T8069] exit_to_usermode_loop+0x273/0x2c0 [ 194.227021][ T8069] do_syscall_64+0x52d/0x610 [ 194.227034][ T8069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.227038][ T8069] [ 194.227048][ T8069] The buggy address belongs to the object at ffff88809ae1b8c0 [ 194.227048][ T8069] which belongs to the cache kmalloc-32 of size 32 [ 194.227061][ T8069] The buggy address is located 8 bytes inside of [ 194.227061][ T8069] 32-byte region [ffff88809ae1b8c0, ffff88809ae1b8e0) [ 194.227066][ T8069] The buggy address belongs to the page: [ 194.227080][ T8069] page:ffffea00026b86c0 count:1 mapcount:0 mapping:ffff88812c3f01c0 index:0xffff88809ae1bfc1 [ 194.227092][ T8069] flags: 0x1fffc0000000200(slab) [ 194.227111][ T8069] raw: 01fffc0000000200 ffffea00025f0288 ffffea00029ea9c8 ffff88812c3f01c0 [ 194.227128][ T8069] raw: ffff88809ae1bfc1 ffff88809ae1b000 000000010000003f 0000000000000000 [ 194.227134][ T8069] page dumped because: kasan: bad access detected [ 194.227137][ T8069] [ 194.227141][ T8069] Memory state around the buggy address: [ 194.227166][ T8069] ffff88809ae1b780: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 194.227178][ T8069] ffff88809ae1b800: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 194.227188][ T8069] >ffff88809ae1b880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 194.227200][ T8069] ^ [ 194.227212][ T8069] ffff88809ae1b900: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 194.227223][ T8069] ffff88809ae1b980: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 194.227227][ T8069] ================================================================== [ 194.227231][ T8069] Disabling lock debugging due to kernel taint [ 194.558059][ T8069] Kernel panic - not syncing: panic_on_warn set ... [ 194.579725][ T3878] kobject: 'loop2' (00000000a3f46d6c): kobject_uevent_env [ 194.580877][ T8069] CPU: 0 PID: 8069 Comm: syz-executor.3 Tainted: G B 5.1.0-rc3-next-20190402 #16 [ 194.589979][ T3878] kobject: 'loop2' (00000000a3f46d6c): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 194.595948][ T8069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.595954][ T8069] Call Trace: [ 194.595977][ T8069] dump_stack+0x172/0x1f0 [ 194.595994][ T8069] panic+0x2cb/0x65c [ 194.596007][ T8069] ? __warn_printk+0xf3/0xf3 [ 194.596031][ T8069] ? cma_check_port+0x8ce/0x8f0 [ 194.599849][ T3878] kobject: 'loop1' (00000000f73e6159): kobject_uevent_env [ 194.603982][ T8069] ? preempt_schedule+0x4b/0x60 [ 194.603996][ T8069] ? ___preempt_schedule+0x16/0x18 [ 194.604009][ T8069] ? trace_hardirqs_on+0x5e/0x230 [ 194.604025][ T8069] ? cma_check_port+0x8ce/0x8f0 [ 194.604037][ T8069] end_report+0x47/0x4f [ 194.604060][ T8069] ? cma_check_port+0x8ce/0x8f0 [ 194.612361][ T3878] kobject: 'loop1' (00000000f73e6159): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 194.620230][ T8069] kasan_report.cold+0xe/0x40 [ 194.620247][ T8069] ? __xa_insert+0x210/0x2a0 [ 194.620261][ T8069] ? cma_check_port+0x8ce/0x8f0 [ 194.620283][ T8069] __asan_report_load8_noabort+0x14/0x20 [ 194.630853][ T3878] kobject: 'loop1' (00000000f73e6159): kobject_uevent_env [ 194.635048][ T8069] cma_check_port+0x8ce/0x8f0 [ 194.635066][ T8069] rdma_bind_addr+0x19c3/0x1f80 [ 194.635079][ T8069] ? lock_acquire+0x16f/0x3f0 [ 194.635100][ T8069] ? ucma_get_ctx+0x82/0x160 [ 194.643344][ T3878] kobject: 'loop1' (00000000f73e6159): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 194.651236][ T8069] ? find_held_lock+0x35/0x130 [ 194.651254][ T8069] ? cma_ndev_work_handler+0x1c0/0x1c0 [ 194.651269][ T8069] ? lock_downgrade+0x880/0x880 [ 194.651285][ T8069] rdma_resolve_addr+0x437/0x21f0 [ 194.651308][ T8069] ? kasan_check_write+0x14/0x20 [ 194.661348][ T3878] kobject: 'loop2' (00000000a3f46d6c): kobject_uevent_env [ 194.665537][ T8069] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 194.665550][ T8069] ? lock_downgrade+0x880/0x880 [ 194.665563][ T8069] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.665579][ T8069] ? rdma_bind_addr+0x1f80/0x1f80 [ 194.665601][ T8069] ucma_resolve_ip+0x153/0x210 [ 194.672381][ T3878] kobject: 'loop2' (00000000a3f46d6c): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 194.679300][ T8069] ? ucma_resolve_ip+0x153/0x210 [ 194.679313][ T8069] ? ucma_query+0x820/0x820 [ 194.679330][ T8069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 194.679343][ T8069] ? _copy_from_user+0xdd/0x150 [ 194.679362][ T8069] ucma_write+0x2da/0x3c0 [ 194.926942][ T8069] ? ucma_query+0x820/0x820 [ 194.931422][ T8069] ? ucma_open+0x290/0x290 [ 194.935822][ T8069] ? apparmor_file_permission+0x25/0x30 [ 194.941356][ T8069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.947583][ T8069] ? security_file_permission+0x94/0x380 [ 194.953231][ T8069] __vfs_write+0x8d/0x110 [ 194.957630][ T8069] ? ucma_open+0x290/0x290 [ 194.962112][ T8069] vfs_write+0x20c/0x580 [ 194.966335][ T8069] ksys_write+0xea/0x1f0 [ 194.970556][ T8069] ? __ia32_sys_read+0xb0/0xb0 [ 194.975318][ T8069] ? do_syscall_64+0x26/0x610 [ 194.979993][ T8069] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.986085][ T8069] ? do_syscall_64+0x26/0x610 [ 194.991275][ T8069] __x64_sys_write+0x73/0xb0 [ 194.995869][ T8069] do_syscall_64+0x103/0x610 [ 195.000444][ T8069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.006317][ T8069] RIP: 0033:0x4582b9 [ 195.010217][ T8069] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.030035][ T8069] RSP: 002b:00007f10dcec4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 195.038431][ T8069] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9 [ 195.046385][ T8069] RDX: 0000000000000048 RSI: 00000000200003c0 RDI: 0000000000000003 [ 195.054350][ T8069] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 195.062347][ T8069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10dcec56d4 [ 195.070300][ T8069] R13: 00000000004ce188 R14: 00000000004dd8c8 R15: 00000000ffffffff [ 195.079016][ T8069] Kernel Offset: disabled [ 195.083342][ T8069] Rebooting in 86400 seconds..