[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.101722] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.394642] random: sshd: uninitialized urandom read (32 bytes read) [ 37.726243] random: sshd: uninitialized urandom read (32 bytes read) [ 38.381719] sshd (4414) used greatest stack depth: 17064 bytes left [ 38.401030] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. [ 43.980683] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/27 18:28:58 fuzzer started [ 45.327550] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/27 18:29:00 dialing manager at 10.128.0.26:42399 2018/08/27 18:29:08 syscalls: 1 2018/08/27 18:29:08 code coverage: enabled 2018/08/27 18:29:08 comparison tracing: enabled 2018/08/27 18:29:08 setuid sandbox: enabled 2018/08/27 18:29:08 namespace sandbox: enabled 2018/08/27 18:29:08 fault injection: enabled 2018/08/27 18:29:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/27 18:29:08 net packed injection: enabled 2018/08/27 18:29:08 net device setup: enabled [ 62.387593] random: crng init done 18:32:17 executing program 0: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x2000, 0x0) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000040)=""/41) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000080)={'nat\x00', 0xda, "c3118edc6d151dd5ed3744fdd36977642a4cac7f6d6d13312164bd0cc11a6179c6a98444a5f6dc4b103fc1d038889e9f0fe5eacf06d07d235c1b9d21da10ce5ee7386d5123e3099699f2bd2184ef08912a5cf2cf9a4d7cd37786dbe70059370779aaa57278bc57107c784fec7389e9b9f2629155b0074da71453a0d812b93f6fb552fc8b2d4a6ba54f6aa118543de28aa1aa184bb5bc6621a036475b481b4971e4496441137301d814b25b1850c56d797be6c51ccd958d3b3ab8aad4b50dd4cae7b6d4ab0da94dc9eb7ac073efb6344bf4c1179505e11962a6f7"}, &(0x7f0000000180)=0xfe) syz_mount_image$nfs4(&(0x7f00000001c0)='nfs4\x00', &(0x7f0000000200)='./file0\x00', 0xfff, 0x3, &(0x7f0000000480)=[{&(0x7f0000000240)="dc31448ea8615fcc23a6cdf0c597f0967ab7ab02126fa0d35ee922c19da0a257a3c37a11278eba3c6c7791b0be0b54a551533fbbf817d68e2e1c9e3c2bbb4f", 0x3f, 0x8}, {&(0x7f0000000280)="5d61fcec9fdb5b86dc2c3ffac1b6fa2b1e907c311e6af5e570b43fc8b68d8b03c7882ffb8c68151cca57ec9fcd34769bbe44e562cb677493b08207db7b46d1b3576a18989b9de34ca10b825276176b6273b7b2380ab5b191e772bd0f21ebba8c851e24d615621f63f804582484049ea81f20cd54d38a1f0d22269f33c4b3cfed558bfc387e3cdf8693ef05e02f863fb5dc1af57cb1c219f8c986d0eb69909d4e5977b291566a59856fab2c678998614d9e64b73ef6a273c91358a38b4e9e0c482363b9be1cd96d733ee6e01fe4296b49eef5f182743a64e128ea7319845d2b31a0aa1204d19b3ff543f586d7945f4e33", 0xf0, 0x7f}, {&(0x7f0000000380)="d41650bef27d0580506d2fb63ed058cd957e712f05ea41f0258875b1dbc7f8761334bfae8a27f8b58f1b30cbb20ca9349b59ddbb2da0f43f01a24c408a68d52a3aa04523e4ca08e012236f310e4bd4e2a7e1a36c988807ec14d031c11ce042d928ed1cc114464ff30013c69723dabc820e0bcfd9ad43c6cb5be3065c446786036c8f9d4be2a5888db0b14a2a46a3246d89f59d250facb429245c04a6def1b59bdda46b7d301bf9c99f960c580d06732045719b248c41a2578dc92c058ee298a3f014fa9708a2ec9e2f2906625742582f30", 0xd1, 0x8}], 0x10000, &(0x7f0000000500)='/proc/self/net/pfkey\x00') r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000540)='/dev/audio\x00', 0x40800, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x1) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r0, 0x111, 0x4, 0x0, 0x4) r2 = accept4$unix(r0, &(0x7f0000000580), &(0x7f0000000600)=0x6e, 0x800) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000640)=[{0x2, 0x4}, {0x8, 0x4}, {0x0, 0x256}, {0x6, 0xa58}, {0x2, 0x3}], 0x5) r3 = geteuid() r4 = getegid() fchown(r0, r3, r4) lgetxattr(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0)=@random={'btrfs.', 'posix_acl_access\x00'}, &(0x7f0000000700)=""/153, 0x99) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000007c0)=0x0) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000800)=r5) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$seccomp(0x16, 0x0, &(0x7f0000000880)={0x5, &(0x7f0000000840)=[{0x8000, 0x0, 0xfffffffffffffbff, 0x1}, {0x9141, 0x9, 0x6, 0x2}, {0x2a64, 0x2, 0x6, 0x9}, {0x1, 0x5c2, 0x10001, 0x10001}, {0x4, 0x7, 0x2}]}) write$FUSE_GETXATTR(r1, &(0x7f00000008c0)={0x18, 0x0, 0x8, {0xd9}}, 0x18) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000900)={0x0, 0x1b56}, &(0x7f0000000940)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000980)={r6, @in6={{0xa, 0x4e23, 0x4, @mcast1, 0x5}}, 0x9, 0x7eb, 0x9, 0x100, 0x4}, &(0x7f0000000a40)=0x98) ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000a80)) msgget(0x0, 0x10) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000b00)={0x1, &(0x7f0000000ac0)=[{0x0, 0x0, 0x0, @local}]}) syz_open_procfs$namespace(r5, &(0x7f0000000b40)='ns/pid\x00') fchown(r0, r3, r4) ioctl$KVM_X86_SET_MCE(r0, 0x4040ae9e, &(0x7f0000000b80)={0x4180000000000000, 0xd000, 0x9bb6, 0x0, 0x14}) write(r2, &(0x7f0000000bc0)="210c28e48f7e8047e9f1f0c942a66562dc2effd612290c7c0de4a8eeb0b22045951c242434fbbd0927c47d11e4d970f3f5786941cbbb99b734abb7f59dc2253cf82746138351ed5704f1280d82ce431a64dbd05eb93435ddbe8bcaccd5f22d8f057d0c869885186f817e9faf12f34ac56895b5cd06481998ed236d40f560e1bf616e3c460f93e80918bcb15fdb1b189f05878ce7bec546a33141c75f16aafa1f5d639a5188da4c5aa2046cc1d6f733b3176f52785551557f61fd08e90606e16a46cc26", 0xc3) recvmsg(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000cc0)=""/61, 0x3d}, {&(0x7f0000000d00)}, {&(0x7f0000000d40)=""/215, 0xd7}], 0x3, 0x0, 0x0, 0x7f}, 0x1) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f0000000ec0)=""/123, &(0x7f0000000f40)=0x7b) ioctl$ASHMEM_GET_SIZE(r1, 0x7704, 0x0) 18:32:17 executing program 3: 18:32:17 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = socket(0x200000000000011, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', 0x0}) bind$packet(r2, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x7, 0x4) io_setup(0x3, &(0x7f0000000240)=0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000040)={@mcast1}) io_submit(r4, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x235}]) 18:32:17 executing program 7: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r0, &(0x7f0000000100)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "8811e78754a539d39c2bd6a40fa8c8aa024d00000000ffffffff25fec2541e21ccf67e1d7b5510029e63000000e565aa9a9d325ebac7627ffe7a54cdbd77b3", 0x2b}, 0x60) listen(r0, 0x0) accept$packet(r0, &(0x7f0000001540), &(0x7f0000001580)=0x14) 18:32:17 executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'veth1_to_bond\x00', &(0x7f00000002c0)=@ethtool_dump={0x3b, 0x2, 0x0, 0x80000}}) 18:32:17 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="d50e1d0e4b793a11e28f41cdfb3d0a737c2ac98dcdd7ce40093c42271d793bb3ef501901b6846c0e875d06b230e8815deb00247d824039ada03fe74a71b4c6baf478f0340480d6fb3fd6a8f09815662799f42769511ea5207d68c31beafc611ebc40c348488e756c66f31826ee725badc4a2b7a192dd4eb1be7eab96061d53a49cb5f2c3420fab94fbbb61870830bd4f2eaf661f30ce256f4f8d77f2ce07c9d94e5a6448865c760d63c7e7ceb831c1dfbde8d1d1cf543b61acbb36b120a5ba00000000"], 0xc3) r0 = inotify_init1(0x80000) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/zero\x00', 0x1, 0x0) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000001480)={0x0, &(0x7f0000001440)}) ioctl$GIO_SCRNMAP(r2, 0x4b40, &(0x7f0000001400)=""/27) ptrace$setregs(0xf, r1, 0x0, &(0x7f0000000140)) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000c00)={0x20, 0x0, 0x2, {0x0, 0x0, 0x9, 0x2}}, 0x20) 18:32:17 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r2, &(0x7f0000000140)={0x12, 0x10, 0xfa00, {&(0x7f0000000100), r1, r0}}, 0x18) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000480)={0x1, 0x10, 0xfa00, {&(0x7f0000000440), r1}}, 0x18) 18:32:17 executing program 6: exit(0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) fchown(r2, 0x0, 0x0) [ 243.368638] IPVS: ftp: loaded support on port[0] = 21 [ 243.404498] IPVS: ftp: loaded support on port[0] = 21 [ 243.474634] IPVS: ftp: loaded support on port[0] = 21 [ 243.484094] IPVS: ftp: loaded support on port[0] = 21 [ 243.510550] IPVS: ftp: loaded support on port[0] = 21 [ 243.554189] IPVS: ftp: loaded support on port[0] = 21 [ 243.611441] IPVS: ftp: loaded support on port[0] = 21 [ 243.629819] IPVS: ftp: loaded support on port[0] = 21 [ 246.142508] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.149071] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.181855] device bridge_slave_0 entered promiscuous mode [ 246.205993] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.212524] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.225517] device bridge_slave_0 entered promiscuous mode [ 246.271980] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.278423] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.314554] device bridge_slave_0 entered promiscuous mode [ 246.328806] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.335216] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.346559] device bridge_slave_0 entered promiscuous mode [ 246.356170] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.362565] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.371609] device bridge_slave_1 entered promiscuous mode [ 246.380794] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.387215] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.402593] device bridge_slave_0 entered promiscuous mode [ 246.417042] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.423441] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.444122] device bridge_slave_1 entered promiscuous mode [ 246.450692] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.457111] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.468832] device bridge_slave_0 entered promiscuous mode [ 246.478536] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.484950] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.493996] device bridge_slave_1 entered promiscuous mode [ 246.503113] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.509523] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.518645] device bridge_slave_1 entered promiscuous mode [ 246.533960] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 246.542240] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.548874] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.566461] device bridge_slave_0 entered promiscuous mode [ 246.587443] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.593867] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.611281] device bridge_slave_1 entered promiscuous mode [ 246.637505] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 246.646513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 246.654622] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.661036] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.674318] device bridge_slave_1 entered promiscuous mode [ 246.686736] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 246.695644] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 246.706399] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.712855] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.755137] device bridge_slave_0 entered promiscuous mode [ 246.787277] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.793713] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.802421] device bridge_slave_1 entered promiscuous mode [ 246.811430] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 246.820500] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 246.829502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 246.838390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 246.865751] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 246.874204] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.880663] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.919071] device bridge_slave_1 entered promiscuous mode [ 246.942175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 246.989918] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 247.049544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 247.063934] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 247.117958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 247.214576] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.236400] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 247.311676] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.367882] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.380486] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 247.421332] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.454315] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.503419] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 247.524169] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 247.537539] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.584973] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 247.609571] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.623033] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 247.694377] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 247.701362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.720504] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 247.732155] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 247.739120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.759238] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 247.766202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.780299] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.789302] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 247.796174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.808066] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 247.816447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.856170] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 247.885201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 247.892092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.907516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 247.915801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.931553] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 247.939271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.970489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 247.982304] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 247.989210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 248.000314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 248.030323] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 248.039264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 248.062320] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 248.070626] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 248.079630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 248.236316] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 248.243243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 248.267239] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 248.305373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 248.359432] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.386306] team0: Port device team_slave_0 added [ 248.453282] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.468277] team0: Port device team_slave_0 added [ 248.488158] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.507131] team0: Port device team_slave_0 added [ 248.530101] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.541438] team0: Port device team_slave_0 added [ 248.562157] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 248.570934] team0: Port device team_slave_1 added [ 248.580579] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.595623] team0: Port device team_slave_0 added [ 248.601308] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.609707] team0: Port device team_slave_0 added [ 248.618960] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 248.632583] team0: Port device team_slave_1 added [ 248.669574] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 248.678333] team0: Port device team_slave_1 added [ 248.694540] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 248.706698] team0: Port device team_slave_1 added [ 248.734113] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 248.755947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 248.769001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.801175] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 248.812065] team0: Port device team_slave_1 added [ 248.835077] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 248.842485] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 248.853547] team0: Port device team_slave_1 added [ 248.873723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 248.881250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 248.901479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.928535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 248.941403] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.959860] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 248.976338] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.984431] team0: Port device team_slave_0 added [ 248.999182] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.006290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 249.022541] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.043438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.052027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.061147] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.069907] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.077143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.085324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.093294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.114610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.129384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 249.138628] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.146278] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 249.154324] team0: Port device team_slave_0 added [ 249.161043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.171514] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.179146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 249.187474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 249.205449] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.234509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.253440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.276337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.286473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.294341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.302317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.310221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 249.318018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.328704] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 249.336134] team0: Port device team_slave_1 added [ 249.341677] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.359108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.367324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.385504] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.395703] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.409595] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 249.426106] team0: Port device team_slave_1 added [ 249.438209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 249.445971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.467461] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.483481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.498083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.506276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 249.514246] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.522301] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.530471] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.538282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.548943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.563320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.579383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.598026] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 249.606681] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.617334] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.626498] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.635125] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.656635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 249.684921] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.709229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.725421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.736035] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.743853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.751587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.759514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.769507] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.781045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.789176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.801322] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.813965] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.822435] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.830511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.844131] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 249.872541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.904523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.928548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 249.941959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 249.951819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.959545] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.967580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.985150] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 249.994605] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 250.015246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 250.034982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 250.082277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.110152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.125883] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 250.133098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.141622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.163112] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 250.173257] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.182190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 250.709791] ip (5087) used greatest stack depth: 16456 bytes left [ 251.293639] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.300238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.307239] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.313673] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.353441] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.363092] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.412504] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.418944] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.425666] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.432080] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.513542] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.661930] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.668386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.675101] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.681511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.695275] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.731138] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.737552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.744255] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.750658] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.816609] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.830456] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.836861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.843605] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.850027] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.889669] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.899112] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.905521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.912229] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.918638] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.930281] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.952536] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.958960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.965664] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.972078] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.999222] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 252.006556] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.012975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.019667] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.026066] bridge0: port 1(bridge_slave_0) entered forwarding state [ 252.034208] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 252.384011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.396055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.434356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.459231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.466486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.474189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.481474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 257.726022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.824044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.982980] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.023602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.169720] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.209522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.230244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.253738] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.334001] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.426852] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.532483] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.635493] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.739823] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.770581] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.827610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.853895] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.941517] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 258.948073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.959394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.042055] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.048307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.061200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.166807] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.173114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.186492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.249649] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.255948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.276471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.336503] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.345146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.358628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.440684] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.447026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.458352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.490927] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.508058] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.515288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.552619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.584276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.605452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.656352] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.686177] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.914975] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.953547] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.978046] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.059286] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.087388] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.170816] 8021q: adding VLAN 0 to HW filter on device team0 18:32:37 executing program 3: symlink(&(0x7f0000006e40)='./file0\x00', &(0x7f0000000040)='./file1\x00') perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000340)='./file1\x00', r0, &(0x7f0000000100)='./file0\x00', 0x2) 18:32:37 executing program 0: socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x3, 0x0) futex(&(0x7f0000004000), 0xc, 0x0, &(0x7f0000000040), &(0x7f0000004000), 0x0) unshare(0x2000400) r0 = socket$inet6(0xa, 0x3, 0xcc) ioctl(r0, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") mount(&(0x7f0000000100)='./file0\x00', &(0x7f000002c000)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, &(0x7f0000000180)) r1 = socket$nl_generic(0x10, 0x3, 0x10) shutdown(r1, 0x0) listen(0xffffffffffffffff, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x20000003, &(0x7f0000000140), 0x1c) 18:32:37 executing program 3: 18:32:37 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = socket(0x200000000000011, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', 0x0}) bind$packet(r2, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x7, 0x4) io_setup(0x3, &(0x7f0000000240)=0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000040)={@mcast1}) io_submit(r4, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x235}]) 18:32:37 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = socket(0x200000000000011, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', 0x0}) bind$packet(r2, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x7, 0x4) io_setup(0x3, &(0x7f0000000240)=0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000040)={@mcast1}) io_submit(r4, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x235}]) 18:32:37 executing program 0: 18:32:37 executing program 2: [ 263.834947] hrtimer: interrupt took 67038 ns 18:32:38 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = socket(0x200000000000011, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', 0x0}) bind$packet(r2, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x7, 0x4) io_setup(0x3, &(0x7f0000000240)=0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000040)={@mcast1}) io_submit(r4, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000040), 0x235}]) [ 263.927470] [ 263.929145] ===================================== [ 263.933986] WARNING: bad unlock balance detected! [ 263.938831] 4.19.0-rc1+ #211 Not tainted [ 263.942886] ------------------------------------- [ 263.947748] syz-executor5/6543 is trying to release lock (&file->mut) at: [ 263.954849] [] ucma_destroy_id+0x2cb/0x550 [ 263.960649] but there are no more locks to release! [ 263.965662] [ 263.965662] other info that might help us debug this: [ 263.972341] 1 lock held by syz-executor5/6543: [ 263.976934] #0: 00000000ff2eeafd (&file->mut){+.+.}, at: ucma_destroy_id+0x26b/0x550 [ 263.984965] [ 263.984965] stack backtrace: [ 263.989481] CPU: 1 PID: 6543 Comm: syz-executor5 Not tainted 4.19.0-rc1+ #211 [ 263.996759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.006173] Call Trace: [ 264.008818] dump_stack+0x1c9/0x2b4 [ 264.012470] ? dump_stack_print_info.cold.2+0x52/0x52 [ 264.017679] ? vprintk_func+0x81/0x117 [ 264.021578] ? ucma_destroy_id+0x2cb/0x550 18:32:38 executing program 3: 18:32:38 executing program 2: 18:32:38 executing program 0: [ 264.025828] print_unlock_imbalance_bug.cold.49+0xcc/0xd8 [ 264.031376] lock_release+0x76e/0x9f0 [ 264.035212] ? ucma_destroy_id+0x2cb/0x550 [ 264.039472] ? lock_downgrade+0x8f0/0x8f0 [ 264.043678] ? radix_tree_descend+0x2e0/0x2e0 [ 264.048206] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 264.053758] ? node_tag_set+0xc4/0x160 [ 264.057725] __mutex_unlock_slowpath+0x102/0x8c0 [ 264.062501] ? wait_for_completion+0x8d0/0x8d0 [ 264.067090] ? radix_tree_delete_item+0x188/0x350 [ 264.071947] ? radix_tree_lookup+0x30/0x30 [ 264.076201] mutex_unlock+0xd/0x10 [ 264.079751] ucma_destroy_id+0x2cb/0x550 [ 264.083836] ? ucma_close+0x300/0x300 [ 264.087668] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 264.093215] ? _copy_from_user+0xdf/0x150 [ 264.097392] ? ucma_close+0x300/0x300 [ 264.101228] ucma_write+0x336/0x420 [ 264.104867] ? ucma_close_id+0x60/0x60 [ 264.108783] ? kasan_check_read+0x11/0x20 [ 264.112964] ? do_raw_spin_unlock+0xa7/0x2f0 [ 264.117385] __vfs_write+0x117/0x9d0 [ 264.121118] ? __fget_light+0x2f7/0x440 [ 264.125101] ? ucma_close_id+0x60/0x60 [ 264.128997] ? kernel_read+0x120/0x120 [ 264.132888] ? trace_hardirqs_on+0x2c0/0x2c0 [ 264.137308] ? kmem_cache_free+0xa0/0x280 [ 264.141462] ? kasan_check_read+0x11/0x20 [ 264.145636] ? rcu_is_watching+0x8c/0x150 [ 264.149790] ? trace_hardirqs_on+0xbd/0x2c0 [ 264.154119] ? rcu_pm_notify+0xc0/0xc0 [ 264.158024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 264.163575] ? security_file_permission+0x1c2/0x230 [ 264.168605] ? rw_verify_area+0x118/0x360 [ 264.172766] vfs_write+0x1fc/0x560 [ 264.176321] ksys_write+0x101/0x260 [ 264.179964] ? __ia32_sys_read+0xb0/0xb0 [ 264.184035] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 264.189157] __x64_sys_write+0x73/0xb0 [ 264.193043] do_syscall_64+0x1b9/0x820 [ 264.196944] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 264.202296] ? syscall_return_slowpath+0x5e0/0x5e0 [ 264.207210] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 264.212211] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 264.217215] ? recalc_sigpending_tsk+0x180/0x180 [ 264.221954] ? kasan_check_write+0x14/0x20 [ 264.226173] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 264.231004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.236175] RIP: 0033:0x457089 [ 264.239349] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.258237] RSP: 002b:00007f1d61296c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 264.265954] RAX: ffffffffffffffda RBX: 00007f1d612976d4 RCX: 0000000000457089 [ 264.273229] RDX: 0000000000000018 RSI: 0000000020000480 RDI: 0000000000000005 [ 264.280479] RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000 [ 264.287740] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 264.295026] R13: 00000000004d7470 R14: 00000000004c17a8 R15: 0000000000000001 [ 264.303394] ================================================================== [ 264.310786] BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x10f/0x8c0 [ 264.318070] Read of size 8 at addr ffff8801b1428c80 by task syz-executor5/6543 [ 264.325404] [ 264.327023] CPU: 1 PID: 6543 Comm: syz-executor5 Not tainted 4.19.0-rc1+ #211 [ 264.334278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.343609] Call Trace: [ 264.346183] dump_stack+0x1c9/0x2b4 [ 264.349805] ? dump_stack_print_info.cold.2+0x52/0x52 [ 264.354993] ? printk+0xa7/0xcf [ 264.358271] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 264.363016] ? __mutex_unlock_slowpath+0x10f/0x8c0 [ 264.367938] print_address_description+0x6c/0x20b [ 264.372777] ? __mutex_unlock_slowpath+0x10f/0x8c0 [ 264.377724] kasan_report.cold.7+0x242/0x30d [ 264.382135] check_memory_region+0x13e/0x1b0 [ 264.386527] kasan_check_read+0x11/0x20 [ 264.390507] __mutex_unlock_slowpath+0x10f/0x8c0 [ 264.395250] ? wait_for_completion+0x8d0/0x8d0 [ 264.399843] ? radix_tree_delete_item+0x188/0x350 [ 264.404706] ? radix_tree_lookup+0x30/0x30 [ 264.408943] mutex_unlock+0xd/0x10 [ 264.412480] ucma_destroy_id+0x2cb/0x550 [ 264.416540] ? ucma_close+0x300/0x300 [ 264.420336] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 264.425864] ? _copy_from_user+0xdf/0x150 [ 264.430011] ? ucma_close+0x300/0x300 [ 264.433807] ucma_write+0x336/0x420 [ 264.437444] ? ucma_close_id+0x60/0x60 [ 264.441329] ? kasan_check_read+0x11/0x20 [ 264.445485] ? do_raw_spin_unlock+0xa7/0x2f0 [ 264.449896] __vfs_write+0x117/0x9d0 [ 264.453608] ? __fget_light+0x2f7/0x440 [ 264.457568] ? ucma_close_id+0x60/0x60 [ 264.461445] ? kernel_read+0x120/0x120 [ 264.465316] ? trace_hardirqs_on+0x2c0/0x2c0 [ 264.469708] ? kmem_cache_free+0xa0/0x280 [ 264.473840] ? kasan_check_read+0x11/0x20 [ 264.477974] ? rcu_is_watching+0x8c/0x150 [ 264.482108] ? trace_hardirqs_on+0xbd/0x2c0 [ 264.486429] ? rcu_pm_notify+0xc0/0xc0 [ 264.490308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 264.495833] ? security_file_permission+0x1c2/0x230 [ 264.500852] ? rw_verify_area+0x118/0x360 [ 264.505029] vfs_write+0x1fc/0x560 [ 264.508570] ksys_write+0x101/0x260 [ 264.512199] ? __ia32_sys_read+0xb0/0xb0 [ 264.516246] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 264.521334] __x64_sys_write+0x73/0xb0 [ 264.525220] do_syscall_64+0x1b9/0x820 [ 264.529096] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 264.534445] ? syscall_return_slowpath+0x5e0/0x5e0 [ 264.539361] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 264.544371] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 264.549396] ? recalc_sigpending_tsk+0x180/0x180 [ 264.554149] ? kasan_check_write+0x14/0x20 [ 264.558390] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 264.563244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.568435] RIP: 0033:0x457089 [ 264.571613] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.590506] RSP: 002b:00007f1d61296c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 264.598215] RAX: ffffffffffffffda RBX: 00007f1d612976d4 RCX: 0000000000457089 [ 264.605468] RDX: 0000000000000018 RSI: 0000000020000480 RDI: 0000000000000005 [ 264.612729] RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000 [ 264.620530] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 264.627808] R13: 00000000004d7470 R14: 00000000004c17a8 R15: 0000000000000001 [ 264.635082] [ 264.636766] Allocated by task 6543: [ 264.640431] save_stack+0x43/0xd0 [ 264.643885] kasan_kmalloc+0xc4/0xe0 [ 264.647592] kmem_cache_alloc_trace+0x152/0x730 [ 264.652244] ucma_open+0xb5/0x3f0 [ 264.655690] misc_open+0x3ca/0x560 [ 264.659240] chrdev_open+0x25a/0x770 [ 264.662962] do_dentry_open+0x49c/0x1140 [ 264.667029] vfs_open+0xa0/0xd0 [ 264.670310] path_openat+0x12fb/0x5300 [ 264.674200] do_filp_open+0x255/0x380 [ 264.678002] do_sys_open+0x584/0x720 [ 264.681718] __x64_sys_openat+0x9d/0x100 [ 264.685790] do_syscall_64+0x1b9/0x820 [ 264.689695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.694882] [ 264.696524] Freed by task 6534: [ 264.699813] save_stack+0x43/0xd0 [ 264.703272] __kasan_slab_free+0x11a/0x170 [ 264.707527] kasan_slab_free+0xe/0x10 [ 264.711345] kfree+0xd9/0x210 [ 264.714491] ucma_close+0x26a/0x300 [ 264.718123] __fput+0x36e/0x8c0 [ 264.721403] ____fput+0x15/0x20 [ 264.724687] task_work_run+0x1e8/0x2a0 [ 264.728575] exit_to_usermode_loop+0x318/0x380 [ 264.733154] do_syscall_64+0x6be/0x820 [ 264.737047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.742228] [ 264.743856] The buggy address belongs to the object at ffff8801b1428c80 [ 264.743856] which belongs to the cache kmalloc-256 of size 256 [ 264.756516] The buggy address is located 0 bytes inside of [ 264.756516] 256-byte region [ffff8801b1428c80, ffff8801b1428d80) [ 264.768215] The buggy address belongs to the page: [ 264.773142] page:ffffea0006c50a00 count:1 mapcount:0 mapping:ffff8801dac007c0 index:0x0 [ 264.781284] flags: 0x2fffc0000000100(slab) [ 264.785525] raw: 02fffc0000000100 ffffea0006b95408 ffffea00072901c8 ffff8801dac007c0 [ 264.793428] raw: 0000000000000000 ffff8801b1428000 000000010000000c 0000000000000000 [ 264.801318] page dumped because: kasan: bad access detected [ 264.807018] [ 264.808639] Memory state around the buggy address: [ 264.813563] ffff8801b1428b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 264.820930] ffff8801b1428c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 264.828287] >ffff8801b1428c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 264.835637] ^ [ 264.838996] ffff8801b1428d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 264.846355] ffff8801b1428d80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 264.853703] ================================================================== [ 264.861152] Kernel panic - not syncing: panic_on_warn set ... [ 264.861152] [ 264.868539] CPU: 1 PID: 6543 Comm: syz-executor5 Tainted: G B 4.19.0-rc1+ #211 [ 264.877201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.886558] Call Trace: [ 264.889152] dump_stack+0x1c9/0x2b4 [ 264.892803] ? dump_stack_print_info.cold.2+0x52/0x52 [ 264.897999] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 264.902761] panic+0x238/0x4e7 [ 264.905961] ? add_taint.cold.5+0x16/0x16 [ 264.910117] ? trace_hardirqs_on+0xb4/0x2c0 [ 264.914449] ? __mutex_unlock_slowpath+0x10f/0x8c0 [ 264.919389] kasan_end_report+0x47/0x4f [ 264.923374] kasan_report.cold.7+0x76/0x30d [ 264.927701] check_memory_region+0x13e/0x1b0 [ 264.932127] kasan_check_read+0x11/0x20 [ 264.936115] __mutex_unlock_slowpath+0x10f/0x8c0 [ 264.940881] ? wait_for_completion+0x8d0/0x8d0 [ 264.945479] ? radix_tree_delete_item+0x188/0x350 [ 264.950324] ? radix_tree_lookup+0x30/0x30 [ 264.954592] mutex_unlock+0xd/0x10 [ 264.958145] ucma_destroy_id+0x2cb/0x550 [ 264.962209] ? ucma_close+0x300/0x300 [ 264.966023] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 264.971561] ? _copy_from_user+0xdf/0x150 [ 264.975723] ? ucma_close+0x300/0x300 [ 264.979538] ucma_write+0x336/0x420 [ 264.983196] ? ucma_close_id+0x60/0x60 [ 264.987097] ? kasan_check_read+0x11/0x20 [ 264.991251] ? do_raw_spin_unlock+0xa7/0x2f0 [ 264.995696] __vfs_write+0x117/0x9d0 [ 264.999420] ? __fget_light+0x2f7/0x440 [ 265.003394] ? ucma_close_id+0x60/0x60 [ 265.007288] ? kernel_read+0x120/0x120 [ 265.011189] ? trace_hardirqs_on+0x2c0/0x2c0 [ 265.015598] ? kmem_cache_free+0xa0/0x280 [ 265.019752] ? kasan_check_read+0x11/0x20 [ 265.023926] ? rcu_is_watching+0x8c/0x150 [ 265.028078] ? trace_hardirqs_on+0xbd/0x2c0 [ 265.032399] ? rcu_pm_notify+0xc0/0xc0 [ 265.036298] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 265.041841] ? security_file_permission+0x1c2/0x230 [ 265.046863] ? rw_verify_area+0x118/0x360 [ 265.051020] vfs_write+0x1fc/0x560 [ 265.054572] ksys_write+0x101/0x260 [ 265.058220] ? __ia32_sys_read+0xb0/0xb0 [ 265.062286] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 265.067430] __x64_sys_write+0x73/0xb0 [ 265.071349] do_syscall_64+0x1b9/0x820 [ 265.075254] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 265.080624] ? syscall_return_slowpath+0x5e0/0x5e0 [ 265.085562] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 265.090585] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 265.095615] ? recalc_sigpending_tsk+0x180/0x180 [ 265.100394] ? kasan_check_write+0x14/0x20 [ 265.104657] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 265.109511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.114701] RIP: 0033:0x457089 [ 265.117895] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 265.136823] RSP: 002b:00007f1d61296c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 265.144534] RAX: ffffffffffffffda RBX: 00007f1d612976d4 RCX: 0000000000457089 [ 265.151804] RDX: 0000000000000018 RSI: 0000000020000480 RDI: 0000000000000005 [ 265.159102] RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000 [ 265.166373] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 265.173644] R13: 00000000004d7470 R14: 00000000004c17a8 R15: 0000000000000001 [ 265.181242] Dumping ftrace buffer: [ 265.184777] (ftrace buffer empty) [ 265.188468] Kernel Offset: disabled [ 265.192086] Rebooting in 86400 seconds..