[ 64.183365] audit: type=1800 audit(1541748961.211:26): pid=6382 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 64.202801] audit: type=1800 audit(1541748961.231:27): pid=6382 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 66.439790] kauditd_printk_skb: 2 callbacks suppressed [ 66.439831] audit: type=1800 audit(1541748963.481:30): pid=6382 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. 2018/11/09 07:36:15 fuzzer started 2018/11/09 07:36:21 dialing manager at 10.128.0.26:38493 2018/11/09 07:36:21 syscalls: 1 2018/11/09 07:36:21 code coverage: enabled 2018/11/09 07:36:21 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/09 07:36:21 setuid sandbox: enabled 2018/11/09 07:36:21 namespace sandbox: enabled 2018/11/09 07:36:21 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/09 07:36:21 fault injection: enabled 2018/11/09 07:36:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/09 07:36:21 net packed injection: enabled 2018/11/09 07:36:21 net device setup: enabled 07:39:13 executing program 0: mlock2(&(0x7f000048e000/0x1000)=nil, 0x1000, 0x0) mbind(&(0x7f000048e000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000527ff8), 0x0, 0x0) mremap(&(0x7f00003f2000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000903000/0x4000)=nil) syzkaller login: [ 257.616061] IPVS: ftp: loaded support on port[0] = 21 [ 260.148977] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.155834] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.164845] device bridge_slave_0 entered promiscuous mode [ 260.313148] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.319727] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.328587] device bridge_slave_1 entered promiscuous mode [ 260.474792] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 260.619607] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 261.077050] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 261.232867] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 261.528156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 261.535360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:39:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000003c0)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000040)="3c0cc93222644dbc35d1b66112b7e5073da639042598b45d29243ab576bc1801315b32a8978c731377c19ad5fc1651a19fa129b753828a09d568f3312178aa1268cf441e027ea60b") mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x40000, &(0x7f0000000480)='posix_acl_accesswlan0keyring/nodev#*md5sumcgroup\x00') [ 262.050265] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 262.058747] team0: Port device team_slave_0 added [ 262.333169] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 262.341451] team0: Port device team_slave_1 added [ 262.432416] IPVS: ftp: loaded support on port[0] = 21 [ 262.569027] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 262.576341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 262.585404] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 262.738730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 262.745961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 262.755099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 262.935937] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 262.943719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 262.953276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 263.176668] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 263.184625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 263.194059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 263.994669] ip (6638) used greatest stack depth: 53216 bytes left [ 265.776702] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.783305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.790300] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.796954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.806111] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 266.228327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 266.457662] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.464424] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.473284] device bridge_slave_0 entered promiscuous mode [ 266.653077] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.659575] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.668455] device bridge_slave_1 entered promiscuous mode [ 266.897718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 267.080057] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 267.781435] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 267.997744] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 268.270284] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 268.279184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 268.512325] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 268.519388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:39:26 executing program 2: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x8000000000b, 0x5) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x10100}) [ 269.388310] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 269.396698] team0: Port device team_slave_0 added [ 269.736466] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 269.744969] team0: Port device team_slave_1 added [ 269.861146] IPVS: ftp: loaded support on port[0] = 21 [ 269.998637] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 270.005892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 270.015201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 270.266518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 270.274506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 270.283384] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 270.508435] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 270.516328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 270.525700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 270.816676] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 270.824807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 270.833920] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 274.197114] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.203795] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.210818] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.217440] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.226621] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 274.572475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 274.936223] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.942872] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.951562] device bridge_slave_0 entered promiscuous mode [ 275.275624] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.282280] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.290999] device bridge_slave_1 entered promiscuous mode [ 275.610888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 275.965062] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 276.788408] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 277.118974] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 277.459183] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 277.469883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.476495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 277.832115] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 277.839217] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:39:35 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg(r2, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="c43015f125be114cc79433346056373f33ccca627954a4ce977b3c0e32b0374b", 0x20}], 0x1, &(0x7f0000000380)}}, {{&(0x7f0000000d40)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000004880), 0x0, &(0x7f0000004940)}}], 0x2, 0x0) [ 278.629313] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 278.753825] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 278.762230] team0: Port device team_slave_0 added [ 279.123660] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 279.132122] team0: Port device team_slave_1 added [ 279.562136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 279.569232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 279.578299] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 279.819499] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 279.826042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 279.834094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 279.940813] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 279.948018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 279.954198] IPVS: ftp: loaded support on port[0] = 21 [ 279.957055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 280.284091] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 280.298522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 280.307787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 280.685193] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 280.692931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 280.702043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 281.321883] 8021q: adding VLAN 0 to HW filter on device team0 [ 284.775976] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.782605] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.789616] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.796343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.805441] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 285.202304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 286.148906] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.155563] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.164406] device bridge_slave_0 entered promiscuous mode [ 286.616117] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.622865] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.631342] device bridge_slave_1 entered promiscuous mode [ 287.040133] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 287.420512] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 288.518535] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 288.599395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.870299] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 289.173880] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 289.180941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 289.503041] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 289.510160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:39:47 executing program 0: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000140)={{}, {0x77359400}}, &(0x7f0000000080)) dup3(r0, r1, 0x0) [ 290.084311] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 07:39:47 executing program 0: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000140)={{}, {0x77359400}}, &(0x7f0000000080)) dup3(r0, r1, 0x0) [ 290.768467] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 290.776946] team0: Port device team_slave_0 added 07:39:47 executing program 0: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000140)={{}, {0x77359400}}, &(0x7f0000000080)) dup3(r0, r1, 0x0) 07:39:48 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") sendto$inet6(r1, &(0x7f0000000100), 0x8d2d601e8976aa5, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fffffff81004e220000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 291.225891] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 291.234281] team0: Port device team_slave_1 added 07:39:48 executing program 0: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000140)={{}, {0x77359400}}, &(0x7f0000000080)) dup3(r0, r1, 0x0) [ 291.646251] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 291.652835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 291.660603] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 291.755442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 291.762635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 291.771452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 07:39:49 executing program 0: clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x10040, 0x0) ioctl$KVM_GET_PIT(r2, 0xc048ae65, &(0x7f0000000180)) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000000040)={0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}, &(0x7f0000000080)={0x8000000000, 0x5, 0x0, 0x200000}, &(0x7f00000000c0)={r0, r1+10000000}, 0xffffffffffffffff) [ 292.288351] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 292.295691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 292.304512] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 07:39:49 executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) mremap(&(0x7f0000e6b000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0xf) mbind(&(0x7f0000189000/0xd000)=nil, 0xd000, 0x4003, &(0x7f0000000000)=0x3d32, 0x6, 0x0) madvise(&(0x7f00001be000/0x4000)=nil, 0x4000, 0xa) r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x10000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x2}) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) madvise(&(0x7f00000d9000/0x600000)=nil, 0x600000, 0x8) [ 292.478169] IPVS: ftp: loaded support on port[0] = 21 [ 292.732466] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 292.740127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 292.749146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 293.195800] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 293.203862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 293.213280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 07:39:50 executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) mremap(&(0x7f0000e6b000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0xf) mbind(&(0x7f0000189000/0xd000)=nil, 0xd000, 0x4003, &(0x7f0000000000)=0x3d32, 0x6, 0x0) madvise(&(0x7f00001be000/0x4000)=nil, 0x4000, 0xa) r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x10000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x2}) munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000) madvise(&(0x7f00000d9000/0x600000)=nil, 0x600000, 0x8) [ 293.440894] 8021q: adding VLAN 0 to HW filter on device team0 07:39:51 executing program 0: r0 = openat$cgroup_type(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2) r1 = syz_open_dev$vcsa(&(0x7f0000000440)='/dev/vcsa#\x00', 0x2, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000480)={0x4, 0x7, 0x302, 0x1, 0xd2a0}, 0x14) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/sequencer2\x00', 0x4000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000140)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, &(0x7f0000000400)={0x5, 0x10, 0xfa00, {&(0x7f0000000200), r4, 0x3}}, 0x18) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) ioctl$PIO_FONTRESET(r5, 0x4b6d, 0x0) clock_gettime(0xb, &(0x7f00000036c0)) [ 297.610928] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.617584] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.624798] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.631282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.640506] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 298.242617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 299.143075] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.149575] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.158493] device bridge_slave_0 entered promiscuous mode [ 299.538636] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.545335] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.554253] device bridge_slave_1 entered promiscuous mode [ 299.871300] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 300.063744] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 301.081515] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.160267] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 301.600062] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 301.986277] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 301.993537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 302.402204] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 302.409307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 302.615222] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 07:40:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000003c0)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000040)="3c0cc93222644dbc35d1b66112b7e5073da639042598b45d29243ab576bc1801315b32a8978c731377c19ad5fc1651a19fa129b753828a09d568f3312178aa1268cf441e027ea60b") mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x40000, &(0x7f0000000480)='posix_acl_accesswlan0keyring/nodev#*md5sumcgroup\x00') [ 303.656260] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 303.664492] team0: Port device team_slave_0 added [ 303.924777] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 303.933126] team0: Port device team_slave_1 added [ 304.036190] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 304.042780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 304.050563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 304.141662] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 304.148810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 304.157662] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 304.343559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 304.350631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 304.359677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 304.546393] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 304.554177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 304.563372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 304.840544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 304.848415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 304.857523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 305.082890] 8021q: adding VLAN 0 to HW filter on device team0 [ 307.302747] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.309252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 307.316380] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.322940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 307.331492] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 307.338252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 309.588931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 310.272972] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 07:40:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) pread64(0xffffffffffffffff, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000480)=0x60) fgetxattr(r0, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)=""/144, 0x90) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f0000001080)=[@iv={0x18}], 0xd4, 0x1}], 0x1, 0x4010) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000000c0)) syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip6_flowlabel\x00') r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x0, 0x0) dup2(r0, r2) syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) get_mempolicy(&(0x7f0000000000), &(0x7f0000000080), 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r3 = semget(0x3, 0x2, 0x2) semop(r3, &(0x7f0000000140)=[{0x7, 0xf4e, 0x1800}, {0x0, 0xee, 0x800}], 0x2) munmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) [ 310.845968] hrtimer: interrupt took 115284 ns [ 310.971580] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 311.420343] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 311.426981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 311.434926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 312.006620] 8021q: adding VLAN 0 to HW filter on device team0 [ 315.017979] 8021q: adding VLAN 0 to HW filter on device bond0 [ 315.030587] ip (7796) used greatest stack depth: 53072 bytes left 07:40:12 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r1 = socket$can_raw(0x1d, 0x3, 0x1) recvfrom(r1, &(0x7f00000007c0)=""/4096, 0x1000, 0x0, &(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @remote}, 0x80) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000000080)) tkill(r0, 0x15) 07:40:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000003c0)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000040)="3c0cc93222644dbc35d1b66112b7e5073da639042598b45d29243ab576bc1801315b32a8978c731377c19ad5fc1651a19fa129b753828a09d568f3312178aa1268cf441e027ea60b") mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x40000, &(0x7f0000000480)='posix_acl_accesswlan0keyring/nodev#*md5sumcgroup\x00') 07:40:12 executing program 0: perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xf2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x2710, &(0x7f0000000000)=""/13, &(0x7f000033bffc)=0x6) 07:40:12 executing program 5: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x8000, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f0000000040)={0x7, 0x0, 0x0, 0x100}) ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000080)={0x1, r1}) ioctl$VT_ACTIVATE(r0, 0x5606, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x9) ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, &(0x7f0000000100)={0x470a, 0xb20000}) ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000140)={0x1, r1}) uselib(&(0x7f0000000180)='./file0\x00') mount(&(0x7f00000001c0)=@sr0='/dev/sr0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='debugfs\x00', 0x100000, &(0x7f0000000280)='/dev/vsock\x00') r2 = accept4$packet(r0, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14, 0x800) getresuid(&(0x7f0000000380)=0x0, &(0x7f00000003c0), &(0x7f0000000400)) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000440)={{{@in=@loopback, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e24, 0xffffffffffff8001, 0x4e23, 0x0, 0xa, 0x20, 0x20, 0x2f, r3, r4}, {0x3, 0x7, 0x401, 0x5, 0x5, 0x1, 0x989e, 0x9}, {0xffffffffffff0001, 0x2, 0x4, 0x5b}, 0x2, 0x6e6bbc, 0x2, 0x1, 0x3}, {{@in6, 0x4d6, 0x7c}, 0xa, @in6=@remote, 0x3503, 0x2, 0x3, 0xfa000000000000, 0x0, 0x9, 0x537}}, 0xe8) pwrite64(r2, &(0x7f0000000540)="17a78543bcdab3ef7a9b6bd9ec5eed01d52f0786ecf46927568dd5845e56223a493d748ba53d90babeb207e10fd164842311deeff396a31e458b155bf16359c1253bf9c9380315d2cb2225433849160b754a81", 0x53, 0x0) ioctl$RTC_WIE_OFF(r0, 0x7010) mincore(&(0x7f0000ffd000/0x1000)=nil, 0x1000, &(0x7f00000005c0)=""/85) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000640)) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000006c0)={&(0x7f0000000680)=[0x0, 0x0], 0x2}) r5 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r5) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000700)={0x0}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000740)={r6, 0x1}) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000780)) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000007c0)={'team0\x00', {0x2, 0x4e24, @local}}) lsetxattr$trusted_overlay_upper(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='trusted.overlay.upper\x00', &(0x7f0000000880)={0x0, 0xfb, 0x27, 0x0, 0x5, "b299f2d62764dc5b44150870583cf6ea", "b6bd21a45525b5aaed96b287073bb724ef70"}, 0x27, 0x3) timer_create(0x5, &(0x7f00000008c0)={0x0, 0x10, 0x1}, &(0x7f0000000900)=0x0) timer_settime(r7, 0x1, &(0x7f0000000940)={{0x77359400}}, &(0x7f0000000980)) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f00000009c0)) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000a00)=r3) bind$inet(r0, &(0x7f0000000a40)={0x2, 0x4e21, @multicast1}, 0x10) accept4$unix(r0, &(0x7f0000000a80), &(0x7f0000000b00)=0x6e, 0x800) [ 315.650373] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 316.361097] IPVS: ftp: loaded support on port[0] = 21 [ 316.492914] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 316.499769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 316.507824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 317.127876] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.960908] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.967508] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.976294] device bridge_slave_0 entered promiscuous mode [ 319.127363] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.133945] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.143061] device bridge_slave_1 entered promiscuous mode [ 319.281347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 319.421302] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 319.859249] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 320.007510] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 320.292931] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 320.300006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 320.687026] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 320.694877] team0: Port device team_slave_0 added [ 320.843346] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 320.852466] team0: Port device team_slave_1 added [ 320.972946] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 321.070417] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 321.165800] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 321.173170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 321.182488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 321.276093] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 321.283646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 321.292629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 07:40:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r2, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") sendto$inet6(r1, &(0x7f0000000100), 0x8d2d601e8976aa5, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fffffff81004e220000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) 07:40:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000003c0)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000040)="3c0cc93222644dbc35d1b66112b7e5073da639042598b45d29243ab576bc1801315b32a8978c731377c19ad5fc1651a19fa129b753828a09d568f3312178aa1268cf441e027ea60b") mount(&(0x7f0000000100)=@md0='/dev/md0\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x40000, &(0x7f0000000480)='posix_acl_accesswlan0keyring/nodev#*md5sumcgroup\x00') 07:40:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) pread64(0xffffffffffffffff, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000480)=0x60) fgetxattr(r0, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)=""/144, 0x90) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f0000001080)=[@iv={0x18}], 0xd4, 0x1}], 0x1, 0x4010) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000000c0)) syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip6_flowlabel\x00') r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x0, 0x0) dup2(r0, r2) syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) get_mempolicy(&(0x7f0000000000), &(0x7f0000000080), 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r3 = semget(0x3, 0x2, 0x2) semop(r3, &(0x7f0000000140)=[{0x7, 0xf4e, 0x1800}, {0x0, 0xee, 0x800}], 0x2) munmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) 07:40:18 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000001c0)=""/246) ioctl$EVIOCGREP(r0, 0x40047451, 0xfffffffffffffffd) 07:40:18 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r1 = socket$can_raw(0x1d, 0x3, 0x1) recvfrom(r1, &(0x7f00000007c0)=""/4096, 0x1000, 0x0, &(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @remote}, 0x80) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000000080)) tkill(r0, 0x15) 07:40:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, [0x0, 0x404ffff8000]}) 07:40:19 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000240)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) r1 = dup(r0) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000011000/0x2000)=nil, &(0x7f0000013000/0x2000)=nil, 0x2000}) mlock(&(0x7f0000012000/0x1000)=nil, 0x1000) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f00000000c0)={&(0x7f0000015000/0x2000)=nil, 0x2000}) [ 322.423324] syz-executor0: vmalloc: allocation failure: 8631877568 bytes, mode:0x6080c0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 322.435624] syz-executor0 cpuset=syz0 mems_allowed=0 [ 322.440874] CPU: 0 PID: 8000 Comm: syz-executor0 Not tainted 4.19.0+ #80 [ 322.447768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.457179] Call Trace: [ 322.459797] ================================================================== [ 322.467215] BUG: KMSAN: uninit-value in get_stack_info+0x720/0x9d0 [ 322.473561] CPU: 0 PID: 8000 Comm: syz-executor0 Not tainted 4.19.0+ #80 [ 322.480418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.489785] Call Trace: [ 322.492402] dump_stack+0x419/0x480 [ 322.496060] ? _raw_spin_lock_irqsave+0x237/0x340 [ 322.500942] ? get_stack_info+0x720/0x9d0 [ 322.505189] kmsan_report+0x19f/0x300 [ 322.509050] __msan_warning+0x76/0xd0 [ 322.512897] get_stack_info+0x720/0x9d0 [ 322.516926] __unwind_start+0x7d/0xe0 [ 322.520766] show_trace_log_lvl+0x20e/0x11e0 [ 322.525232] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 322.530697] show_stack+0x12e/0x170 [ 322.534390] dump_stack+0x32d/0x480 [ 322.538076] warn_alloc+0x4e9/0x720 [ 322.541770] ? resched_curr+0x1b6/0x520 [ 322.545836] __vmalloc_node_range+0xd5a/0x12a0 [ 322.550460] ? __msan_get_context_state+0x9/0x30 [ 322.555269] __vmalloc_node_flags_caller+0x12b/0x140 [ 322.560401] ? kvm_arch_create_memslot+0x172/0xa40 [ 322.565358] ? kvm_arch_create_memslot+0x172/0xa40 [ 322.570364] kvmalloc_node+0x3a1/0x3e0 07:40:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) pread64(0xffffffffffffffff, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000480)=0x60) fgetxattr(r0, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)=""/144, 0x90) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f0000001080)=[@iv={0x18}], 0xd4, 0x1}], 0x1, 0x4010) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000000c0)) syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip6_flowlabel\x00') r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x0, 0x0) dup2(r0, r2) syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) get_mempolicy(&(0x7f0000000000), &(0x7f0000000080), 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r3 = semget(0x3, 0x2, 0x2) semop(r3, &(0x7f0000000140)=[{0x7, 0xf4e, 0x1800}, {0x0, 0xee, 0x800}], 0x2) munmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) [ 322.574311] kvm_arch_create_memslot+0x172/0xa40 [ 322.579127] __kvm_set_memory_region+0x11ff/0x2cf0 [ 322.584168] kvm_vm_ioctl+0x17f5/0x33f0 [ 322.588193] ? __msan_poison_alloca+0x1e0/0x2b0 [ 322.592916] ? do_vfs_ioctl+0x187/0x2d30 [ 322.597018] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 322.601893] do_vfs_ioctl+0xf77/0x2d30 [ 322.605841] ? security_file_ioctl+0x92/0x200 [ 322.610389] __se_sys_ioctl+0x1da/0x270 [ 322.614411] __x64_sys_ioctl+0x4a/0x70 [ 322.618338] do_syscall_64+0xcf/0x110 [ 322.622193] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 322.627419] RIP: 0033:0x457569 [ 322.630647] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 322.649581] RSP: 002b:00007fd482985c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 322.657316] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 322.664608] RDX: 0000000020000000 RSI: 000000004020ae46 RDI: 0000000000000004 [ 322.671907] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 322.679210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd4829866d4 [ 322.686502] R13: 00000000004bfec8 R14: 00000000004d01f0 R15: 00000000ffffffff [ 322.693814] [ 322.695474] Local variable description: ----state@show_trace_log_lvl [ 322.701976] Variable was created at: [ 322.705744] show_trace_log_lvl+0xb3/0x11e0 [ 322.710096] show_stack+0x12e/0x170 [ 322.713735] ================================================================== [ 322.721106] Disabling lock debugging due to kernel taint [ 322.726577] Kernel panic - not syncing: panic_on_warn set ... [ 322.726577] [ 322.733985] CPU: 0 PID: 8000 Comm: syz-executor0 Tainted: G B 4.19.0+ #80 [ 322.742239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.751628] Call Trace: [ 322.754244] dump_stack+0x419/0x480 [ 322.757935] panic+0x57e/0xb28 [ 322.761221] kmsan_report+0x300/0x300 [ 322.765066] __msan_warning+0x76/0xd0 [ 322.768923] get_stack_info+0x720/0x9d0 [ 322.772958] __unwind_start+0x7d/0xe0 [ 322.776794] show_trace_log_lvl+0x20e/0x11e0 [ 322.781256] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 322.786710] show_stack+0x12e/0x170 [ 322.790378] dump_stack+0x32d/0x480 [ 322.794062] warn_alloc+0x4e9/0x720 [ 322.797754] ? resched_curr+0x1b6/0x520 [ 322.801783] __vmalloc_node_range+0xd5a/0x12a0 [ 322.806411] ? __msan_get_context_state+0x9/0x30 [ 322.811247] __vmalloc_node_flags_caller+0x12b/0x140 [ 322.816406] ? kvm_arch_create_memslot+0x172/0xa40 [ 322.821361] ? kvm_arch_create_memslot+0x172/0xa40 [ 322.826326] kvmalloc_node+0x3a1/0x3e0 [ 322.830266] kvm_arch_create_memslot+0x172/0xa40 [ 322.835076] __kvm_set_memory_region+0x11ff/0x2cf0 [ 322.840108] kvm_vm_ioctl+0x17f5/0x33f0 [ 322.844137] ? __msan_poison_alloca+0x1e0/0x2b0 [ 322.848870] ? do_vfs_ioctl+0x187/0x2d30 [ 322.852969] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 322.857848] do_vfs_ioctl+0xf77/0x2d30 [ 322.861790] ? security_file_ioctl+0x92/0x200 [ 322.866322] __se_sys_ioctl+0x1da/0x270 [ 322.870337] __x64_sys_ioctl+0x4a/0x70 [ 322.874261] do_syscall_64+0xcf/0x110 [ 322.878096] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 322.883310] RIP: 0033:0x457569 [ 322.886536] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 322.905455] RSP: 002b:00007fd482985c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 322.913219] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 322.920510] RDX: 0000000020000000 RSI: 000000004020ae46 RDI: 0000000000000004 [ 322.927800] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 322.935102] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd4829866d4 [ 322.942407] R13: 00000000004bfec8 R14: 00000000004d01f0 R15: 00000000ffffffff [ 322.950718] Kernel Offset: disabled [ 322.954362] Rebooting in 86400 seconds..