[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 19.756747] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 21.556718] random: sshd: uninitialized urandom read (32 bytes read) [ 21.836718] random: sshd: uninitialized urandom read (32 bytes read) [ 22.510864] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. [ 28.075583] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/12 22:55:46 fuzzer started [ 29.134771] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/12 22:55:47 dialing manager at 10.128.0.26:36943 2018/08/12 22:55:53 syscalls: 1 2018/08/12 22:55:53 code coverage: enabled 2018/08/12 22:55:53 comparison tracing: enabled 2018/08/12 22:55:53 setuid sandbox: enabled 2018/08/12 22:55:53 namespace sandbox: enabled 2018/08/12 22:55:53 fault injection: enabled 2018/08/12 22:55:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/12 22:55:53 net packed injection: enabled 2018/08/12 22:55:53 net device setup: enabled [ 36.363542] random: crng init done 22:57:23 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)="6e65742f69676d703600c3") preadv(r0, &(0x7f00000006c0)=[{&(0x7f00000004c0)=""/234, 0xea}], 0x1, 0x0) 22:57:23 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000380)={0x8, 0x0, 0x1, 0x0, 0x0, [{r1}]}) 22:57:23 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) readahead(r0, 0x0, 0x5) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000040)=ANY=[@ANYBLOB="020300091000000002000000000000000200130002000000000000000000000805000600000000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000020000000005000500000000000a00000000030000000100000000000000000000000000010008000000000000"], 0x80}}, 0x0) 22:57:23 executing program 2: syz_emit_ethernet(0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60e82df77c002c00fe800000000000000000000000000000fe8000000000000000000000000000aa2c000000040190008345000000000000"], &(0x7f0000000000)) 22:57:23 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@max_read={'max_read'}}]}}) 22:57:23 executing program 4: sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x1) getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) pipe(&(0x7f00000034c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) dup3(r1, r0, 0x80000) 22:57:23 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x2000004, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r2 = syz_open_dev$sndtimer(&(0x7f00000002c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000013000)) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0505405, &(0x7f0000000040)={0x1}) dup2(r0, r2) dup3(r0, r1, 0x0) 22:57:23 executing program 6: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000380)={0x79}) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000040)={0x1, 0x0, [{0x0, 0x1, 0x0, 0x0, @msi}]}) [ 125.548313] IPVS: ftp: loaded support on port[0] = 21 [ 125.549144] IPVS: ftp: loaded support on port[0] = 21 [ 125.565742] IPVS: ftp: loaded support on port[0] = 21 [ 125.591770] IPVS: ftp: loaded support on port[0] = 21 [ 125.606156] IPVS: ftp: loaded support on port[0] = 21 [ 125.621375] IPVS: ftp: loaded support on port[0] = 21 [ 125.636831] IPVS: ftp: loaded support on port[0] = 21 [ 125.658229] IPVS: ftp: loaded support on port[0] = 21 [ 127.713476] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.720060] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.760244] device bridge_slave_0 entered promiscuous mode [ 127.847138] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.853593] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.894319] device bridge_slave_1 entered promiscuous mode [ 127.967598] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.974109] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.997896] device bridge_slave_0 entered promiscuous mode [ 128.033750] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.059069] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.065582] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.106280] device bridge_slave_0 entered promiscuous mode [ 128.123513] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.129922] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.144680] device bridge_slave_0 entered promiscuous mode [ 128.156731] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.163258] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.172577] device bridge_slave_0 entered promiscuous mode [ 128.183247] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.189648] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.206986] device bridge_slave_0 entered promiscuous mode [ 128.221718] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.230762] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.237165] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.262336] device bridge_slave_0 entered promiscuous mode [ 128.279123] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.285572] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.293530] device bridge_slave_1 entered promiscuous mode [ 128.302152] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.308591] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.321962] device bridge_slave_1 entered promiscuous mode [ 128.330419] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.336831] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.354987] device bridge_slave_1 entered promiscuous mode [ 128.363250] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.369659] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.378777] device bridge_slave_1 entered promiscuous mode [ 128.390208] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.396614] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.404805] device bridge_slave_1 entered promiscuous mode [ 128.413972] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.420434] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.443124] device bridge_slave_1 entered promiscuous mode [ 128.453426] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.461784] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.468209] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.477448] device bridge_slave_0 entered promiscuous mode [ 128.494096] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.501696] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.509638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.517623] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.573156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.630453] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.636899] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.652077] device bridge_slave_1 entered promiscuous mode [ 128.662573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.671638] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.687444] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 128.697009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.718010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.725666] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.799707] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.835104] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 128.905898] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.978779] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.035740] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.045412] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.136252] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.146760] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.177968] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.187333] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.218505] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.229083] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.236306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.280970] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.317846] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.334083] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.351155] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.358221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.379098] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.402960] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 129.416894] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.426211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.451433] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.458370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.497783] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.508135] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.515740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.535499] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 129.548051] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.555292] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.562750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.571289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.618985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.625899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.649933] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.656858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.671501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.705229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.724923] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.741783] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.748660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.763587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.797533] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 129.814506] team0: Port device team_slave_0 added [ 129.821772] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.835684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.909511] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 129.931839] team0: Port device team_slave_1 added [ 130.030669] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.064677] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.088687] team0: Port device team_slave_0 added [ 130.119778] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.138738] team0: Port device team_slave_0 added [ 130.148117] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.157435] team0: Port device team_slave_0 added [ 130.198623] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.208087] team0: Port device team_slave_0 added [ 130.224852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 130.250847] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.266366] team0: Port device team_slave_1 added [ 130.278089] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 130.291316] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.298922] team0: Port device team_slave_0 added [ 130.310984] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.333609] team0: Port device team_slave_0 added [ 130.346554] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.353936] team0: Port device team_slave_1 added [ 130.359447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.371671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 130.392258] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.400800] team0: Port device team_slave_1 added [ 130.410586] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.418624] team0: Port device team_slave_1 added [ 130.426491] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.435675] team0: Port device team_slave_1 added [ 130.443346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.450597] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 130.464764] team0: Port device team_slave_0 added [ 130.470619] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 130.477959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.496725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.523770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 130.546809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 130.558841] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.565866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.573747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.589758] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.598770] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.605793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.613814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.627189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.642725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.659623] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 130.666929] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.681915] team0: Port device team_slave_1 added [ 130.695651] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.703392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 130.720968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 130.740420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.755774] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.766352] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 130.777074] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 130.784997] team0: Port device team_slave_1 added [ 130.792827] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 130.801640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.811582] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 130.823309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 130.832396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 130.849742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 130.866072] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 130.883302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 130.891972] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 130.899470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 130.907542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 130.915972] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 130.923225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 130.931190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 130.941281] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 130.953519] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 130.965857] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 130.974806] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 130.985460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 130.999369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.006627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.057601] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.081503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 131.093427] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 131.101139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.109602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.117501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.125472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.133323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 131.140954] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.148531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.156426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.176515] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.184601] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.198404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.232701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.259571] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.270642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.278478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 131.288746] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.298227] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.319634] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.327775] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.344865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.373596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.390120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.398450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.407257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.419401] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.427387] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 131.438176] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.451079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.469216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.492735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 131.511630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 131.528837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.536722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.546772] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.555135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.563352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 131.577763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 131.590278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 131.601391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 132.486753] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.493282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.500243] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.506648] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.551046] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 132.557593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 132.708327] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.714741] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.721502] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.727895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.737334] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.011283] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.017705] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.024384] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.030876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.038810] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.048400] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.054794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.061508] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.067903] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.084710] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.096790] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.103207] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.109898] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.116291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.146157] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.160967] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.167378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.174123] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.180538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.211362] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.221758] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.228145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.234817] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.241205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.256275] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.281995] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.288430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.295173] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.301578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.362695] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 133.599254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.613581] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.632780] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.642888] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.649922] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.657578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 133.665220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 138.170933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.355125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.615694] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.646605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.679839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.697686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.723709] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.867962] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.894261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.912889] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.189913] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.199510] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.207208] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.215748] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.311383] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.317763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.330157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.369415] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.382910] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.389219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.401719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.440752] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.721701] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.727939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.739738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.753949] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.761625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.776642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.800137] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.811464] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.822314] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.833425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.859377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.873585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.893530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.942996] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.949345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.960520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 140.011325] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.047140] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 140.053360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 140.061704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 140.114085] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.333231] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.361682] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.462358] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.573082] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.604481] 8021q: adding VLAN 0 to HW filter on device team0 22:57:40 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080)) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(&(0x7f00000000c0)='./file0//ile0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000100), 0x12) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) accept$unix(r1, &(0x7f00000001c0), &(0x7f0000000000)=0x6e) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) ioctl$FIONREAD(r1, 0x5452, &(0x7f0000000340)) ioctl$FIONREAD(r3, 0x541b, &(0x7f0000000280)) dup2(r0, r2) 22:57:41 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x80000001, 0x2, 0xff, 0x3, 0x6, 0x1, 0x200}, 0x20) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000080)={@ipv4={[], [], @multicast1}, 0x2}, 0x20) 22:57:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x200200, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f0000000040)={0x66, ""/102}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = eventfd(0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000015c0)={r4, 0x0, 0x2, r3}) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000180)={r3, 0xfffffffffffffffb, 0x2, r3}) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000240)={r5, 0x0, 0x2, r3}) 22:57:41 executing program 1: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x20002, 0x0) getpeername$inet(r0, &(0x7f0000000040), &(0x7f00000000c0)=0x10) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 22:57:41 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='\x00'}, 0x10) ioctl$BLKRESETZONE(r1, 0x40101283, &(0x7f00000000c0)={0x3, 0x996}) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="161a8dde73085d263430a7c62787a2dab7", 0x11) r2 = accept$alg(r0, 0x0, 0x0) recvmsg(r2, &(0x7f0000000000)={&(0x7f0000f7ffa8)=@alg, 0x80, &(0x7f0000000140)=[{&(0x7f0000000200)=""/4096, 0x1000}], 0x1, &(0x7f0000fb3fa9)=""/87, 0x57}, 0x0) 22:57:41 executing program 2: r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x9, 0x2) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000100)={0x0, 0xe9, "d2ba48657533c99c82da92855a8d590c822eb68636274223d29f352e253a5068a50963c44575540bf3f96c00e0454108e0eb712402182b36aceb3a2c99a6d21923abb931165f3f457b6041171d233bd2607f8ddb3699f29cdfd16f310d971cc69e1564b2212839ffac09c4a32411a684648e055aeb3d247bdabc4c82976633b467327d4ef2a398fe16a8a05ddf408a18d62cac8d819cd2887244885855d5766ffb512fcc06b9efa2af25071c783e7237f3bc3de2442dffd04031be88c4fa03facf46ade6dc24a2f858ca4403ce4d40f1cf702903c50e29b16ce982f0c810d8972b8a90c1c1b1ad304b"}, &(0x7f0000000000)=0xf1) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000080)={r1, 0x8}, &(0x7f0000000200)=0x8) ioctl$int_in(r0, 0x80000000005008, &(0x7f0000000040)=0x1) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/net/pfkey\x00', 0x200, 0x0) getsockopt$inet_buf(r2, 0x0, 0x30, &(0x7f0000000280)=""/49, &(0x7f00000002c0)=0x31) 22:57:41 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="025cc80700145f8f764070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="38010000100013070000000000000000e00000020000000000000000000006000000003058260300000000000000000000000004000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="f0000000000000000000ffffffffffff000000003200000000000000000000000000ffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c2900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x138}}, 0x0) 22:57:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x200200, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f0000000040)={0x66, ""/102}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = eventfd(0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000015c0)={r4, 0x0, 0x2, r3}) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000180)={r3, 0xfffffffffffffffb, 0x2, r3}) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000240)={r5, 0x0, 0x2, r3}) 22:57:41 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000dfdfee)='/dev/input/event#\x00', 0x0, 0x2) r1 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x0, 0x0) readv(r1, &(0x7f0000001400)=[{&(0x7f0000000000)=""/46, 0x2e}], 0x1) ioctl$EVIOCGNAME(r2, 0x80404506, &(0x7f0000000140)=""/4096) lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=@random={'security.', '/dev/input/event#\x00'}) write$evdev(r0, &(0x7f000004d000)=[{{}, 0x0, 0x10000001}, {}], 0x30) 22:57:41 executing program 0: r0 = socket$inet6(0xa, 0x1001000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="1dc7cf00000000000000000000000000") r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x204000000) 22:57:41 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) readahead(r0, 0x0, 0x5) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000040)=ANY=[@ANYBLOB="020300091000000002000000000000000200130002000000000000000000000805000600000000000a000000000000000000000000000000000000000000000000000000000000000200010000000000000000020000000005000500000000000a00000000030000000100000000000000000000000000010008000000000000"], 0x80}}, 0x0) 22:57:41 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) arch_prctl(0x0, &(0x7f0000000180)="77989231fe696e8c223f2aa06ec1c14faee11ec12b0be359c3790b1f093792ee5e9c7aa21d94af8a8649613e065741f89a007d232fd548541d606e96bba1f4ba2272881d45097c41dcc91c8d81b39decf58bef42d2d135b674fc3377f1d20f9f42e32c017965feaa3e465df712898c2f827a512c") ioctl(r0, 0x8912, &(0x7f0000000000)="025cc80700145f8f764070") syz_emit_ethernet(0x66, &(0x7f0000000000)={@random="4300b5f88082", @remote, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff86, 0x0, 0x0, 0x0, [0x14, 0xf5ffffff], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3]}, @mcast2}}}}}}}, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_newrule={0x20, 0x20, 0x201}, 0x20}}, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 22:57:41 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RUNLINKAT(r1, &(0x7f0000000040)={0x7, 0x4d, 0xffffffffffffffff}, 0x7) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u='version=9p2000.u'}]}}) write$P9_RREADDIR(r1, &(0x7f0000000480)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000fe000000bc4f00000007002e2f66696c6530"], 0x2a) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000004c0)=0x0) write$P9_RGETLOCK(r1, &(0x7f0000000500)={0x23, 0x37, 0x1, {0x0, 0x2, 0x2, r2, 0x5, 'rfdno'}}, 0x23) openat$cgroup_ro(r0, &(0x7f00000002c0)='rdma.current\x00', 0x0, 0x0) write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000900)='9p\x00', 0x0, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}]}}) chdir(&(0x7f0000000540)='./file0/file0\x00') vmsplice(r0, &(0x7f0000000440)=[{&(0x7f0000000640)="ad2bb8c0df1f14bae6473b0ff3e8043d3ba2b766d05643f6e2e0b58a7941ac46e012d83c49a70362a4610b88c78ea0fff150245f1656d63a72f8ed4eca", 0x3d}], 0x1, 0x0) mknod$loop(&(0x7f0000000180)='./file0/file0\x00', 0x2000, 0xffffffffffffffff) r3 = geteuid() write$P9_RSYMLINK(r0, &(0x7f0000000300)={0x14, 0x11, 0x2, {0x2, 0x1, 0x6}}, 0x14) getresgid(&(0x7f00000000c0)=0x0, &(0x7f0000000140), &(0x7f00000001c0)) write$P9_RGETATTR(r1, &(0x7f0000000380)={0xa0, 0x19, 0x1, {0x10, {0x2, 0x1}, 0x2, r3, r4, 0x1, 0x3, 0x9, 0x0, 0x9, 0x5a, 0x7, 0x1ff768fb, 0x3f, 0x1ff, 0x80, 0x1ffe000000000000, 0x3, 0x80000000, 0x9}}, 0xa0) 22:57:41 executing program 0: r0 = socket$inet6(0xa, 0x1001000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="1dc7cf00000000000000000000000000") r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x204000000) [ 144.007119] BUG: unable to handle kernel paging request at ffffebe000000008 [ 144.014300] PGD 0 P4D 0 [ 144.017014] Oops: 0000 [#1] SMP KASAN [ 144.020837] CPU: 0 PID: 6587 Comm: syz-executor1 Not tainted 4.18.0-rc8+ #185 [ 144.028127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.037515] RIP: 0010:kfree+0xa0/0x260 [ 144.041414] Code: 82 cb 01 00 00 48 ba 00 00 00 80 ff 77 00 00 48 01 c2 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 <48> 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 49 63 75 74 [ 144.060720] RSP: 0018:ffff88019b3e7520 EFLAGS: 00010086 [ 144.066106] RAX: ffffea0000000000 RBX: 0000000000000282 RCX: 0000000000000000 [ 144.073415] RDX: ffffebe000000000 RSI: 0000000000000000 RDI: 0000000000000282 [ 144.080703] RBP: ffff88019b3e7540 R08: ffffed003b6046d7 R09: ffffed003b6046d6 [ 144.087991] R10: ffffed003b6046d6 R11: ffff8801db0236b3 R12: 0000000000000282 [ 144.095282] R13: ffffffff867ded2a R14: ffff88019b3e7690 R15: ffff880192fd1440 [ 144.102585] FS: 00007f57867a4700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000 [ 144.110835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.116718] CR2: ffffebe000000008 CR3: 00000001d37c7000 CR4: 00000000001406f0 [ 144.123986] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 144.131380] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 144.138638] Call Trace: [ 144.141264] p9_client_create+0xfea/0x1770 [ 144.145509] ? p9_client_read+0xc60/0xc60 [ 144.149651] ? find_held_lock+0x36/0x1c0 [ 144.153735] ? __lockdep_init_map+0x105/0x590 [ 144.158249] ? kasan_check_write+0x14/0x20 [ 144.162606] ? __init_rwsem+0x1cc/0x2a0 [ 144.166576] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 144.171591] ? rcu_read_lock_sched_held+0x108/0x120 [ 144.176605] ? __kmalloc_track_caller+0x5f5/0x760 [ 144.181440] ? save_stack+0xa9/0xd0 [ 144.185074] ? save_stack+0x43/0xd0 [ 144.188712] ? kasan_kmalloc+0xc4/0xe0 [ 144.192603] ? kmem_cache_alloc_trace+0x152/0x780 [ 144.197445] ? memcpy+0x45/0x50 [ 144.200734] v9fs_session_init+0x21a/0x1a80 [ 144.205066] ? find_held_lock+0x36/0x1c0 [ 144.209141] ? v9fs_show_options+0x7e0/0x7e0 [ 144.213568] ? kasan_check_read+0x11/0x20 [ 144.217721] ? rcu_is_watching+0x8c/0x150 [ 144.221860] ? rcu_pm_notify+0xc0/0xc0 [ 144.225740] ? v9fs_mount+0x61/0x900 [ 144.229462] ? rcu_read_lock_sched_held+0x108/0x120 [ 144.234483] ? kmem_cache_alloc_trace+0x616/0x780 [ 144.239325] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 144.244853] v9fs_mount+0x7c/0x900 [ 144.248391] mount_fs+0xae/0x328 [ 144.251857] vfs_kern_mount.part.34+0xdc/0x4e0 [ 144.256444] ? may_umount+0xb0/0xb0 [ 144.260094] ? _raw_read_unlock+0x22/0x30 [ 144.264260] ? __get_fs_type+0x97/0xc0 [ 144.268153] do_mount+0x581/0x30e0 [ 144.271687] ? do_raw_spin_unlock+0xa7/0x2f0 [ 144.276098] ? copy_mount_string+0x40/0x40 [ 144.280342] ? copy_mount_options+0x5f/0x380 [ 144.284744] ? rcu_read_lock_sched_held+0x108/0x120 [ 144.289753] ? kmem_cache_alloc_trace+0x616/0x780 [ 144.294593] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 144.300132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 144.305677] ? copy_mount_options+0x285/0x380 [ 144.310206] ksys_mount+0x12d/0x140 [ 144.313835] __x64_sys_mount+0xbe/0x150 [ 144.317802] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 144.322813] do_syscall_64+0x1b9/0x820 [ 144.326691] ? finish_task_switch+0x1d3/0x870 [ 144.331182] ? syscall_return_slowpath+0x5e0/0x5e0 [ 144.336135] ? syscall_return_slowpath+0x31d/0x5e0 [ 144.341083] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe [ 144.346443] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 144.351298] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 144.356494] RIP: 0033:0x457089 [ 144.359787] Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 144.378922] RSP: 002b:00007f57867a3c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 144.386629] RAX: ffffffffffffffda RBX: 00007f57867a46d4 RCX: 0000000000457089 [ 144.393901] RDX: 0000000020000340 RSI: 0000000020000080 RDI: 0000000000000000 [ 144.401262] RBP: 00000000009300a0 R08: 00000000200006c0 R09: 0000000000000000 [ 144.408600] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 144.415981] R13: 00000000004d2310 R14: 00000000004c7a36 R15: 0000000000000000 [ 144.423491] Modules linked in: [ 144.426693] Dumping ftrace buffer: [ 144.430233] (ftrace buffer empty) [ 144.434040] CR2: ffffebe000000008 [ 144.437511] ---[ end trace 44c41a13b09efd75 ]--- [ 144.442353] RIP: 0010:kfree+0xa0/0x260 [ 144.446346] Code: 82 cb 01 00 00 48 ba 00 00 00 80 ff 77 00 00 48 01 c2 48 89 df 48 b8 00 00 00 00 00 ea ff ff 48 c1 ea 0c 48 c1 e2 06 48 01 c2 <48> 8b 42 08 a8 01 48 8d 48 ff 48 0f 45 d1 4c 8b 6a 18 49 63 75 74 [ 144.465599] RSP: 0018:ffff88019b3e7520 EFLAGS: 00010086 [ 144.470956] RAX: ffffea0000000000 RBX: 0000000000000282 RCX: 0000000000000000 [ 144.478229] RDX: ffffebe000000000 RSI: 0000000000000000 RDI: 0000000000000282 [ 144.485489] RBP: ffff88019b3e7540 R08: ffffed003b6046d7 R09: ffffed003b6046d6 [ 144.492752] R10: ffffed003b6046d6 R11: ffff8801db0236b3 R12: 0000000000000282 [ 144.500018] R13: ffffffff867ded2a R14: ffff88019b3e7690 R15: ffff880192fd1440 [ 144.507295] FS: 00007f57867a4700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000 [ 144.515518] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.521402] CR2: ffffebe000000008 CR3: 00000001d37c7000 CR4: 00000000001406f0 [ 144.528670] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 144.535935] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 144.543215] Kernel panic - not syncing: Fatal exception [ 144.549248] Dumping ftrace buffer: [ 144.552786] (ftrace buffer empty) [ 144.556483] Kernel Offset: disabled [ 144.560099] Rebooting in 86400 seconds..