[ 56.767315] audit: type=1800 audit(1538957556.800:27): pid=6133 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.344757] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 63.404452] random: sshd: uninitialized urandom read (32 bytes read) [ 63.839398] random: sshd: uninitialized urandom read (32 bytes read) [ 65.930287] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.117' (ECDSA) to the list of known hosts. [ 71.791211] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 00:12:53 fuzzer started [ 76.527361] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 00:12:59 dialing manager at 10.128.0.26:36867 2018/10/08 00:12:59 syscalls: 1 2018/10/08 00:12:59 code coverage: enabled 2018/10/08 00:12:59 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 00:12:59 setuid sandbox: enabled 2018/10/08 00:12:59 namespace sandbox: enabled 2018/10/08 00:12:59 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 00:12:59 fault injection: enabled 2018/10/08 00:12:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 00:12:59 net packed injection: enabled 2018/10/08 00:12:59 net device setup: enabled [ 81.854528] random: crng init done 00:14:57 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005", 0x5) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_elf32(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000f100"], 0x18) recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0x7ffff000}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) [ 197.824656] IPVS: ftp: loaded support on port[0] = 21 [ 200.334523] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.341020] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.349774] device bridge_slave_0 entered promiscuous mode [ 200.506789] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.513454] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.522028] device bridge_slave_1 entered promiscuous mode [ 200.659955] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 200.798762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:15:01 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)="2f67726f75702e7374619fd474002b044a7b09ab0b0274e10985a6fa15b35ba69421f204dec5668a06000000b90ff860e01f262bafac750a6d5ce259cb61ea0cd94458583eef2fc597ea93a7dec9b4168e468be0576d1d0ebf8bc4478f8ed85b547c6924880400000000000000901e428b98add1375f51e135848fea98c6e3574511e0c61ff22ff61f", 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000000)) [ 201.227930] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.497944] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.784684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 201.792029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.844518] IPVS: ftp: loaded support on port[0] = 21 [ 202.040632] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 202.047890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.727231] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 202.735450] team0: Port device team_slave_0 added [ 202.987117] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 202.995466] team0: Port device team_slave_1 added [ 203.206578] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 203.213831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.222908] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.495621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 203.502899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.512514] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.689360] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 203.697426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.706645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.973236] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 203.980835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.990010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.495589] ip (6415) used greatest stack depth: 53056 bytes left [ 205.670011] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.676675] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.685441] device bridge_slave_0 entered promiscuous mode [ 205.858334] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.865249] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.873900] device bridge_slave_1 entered promiscuous mode [ 206.013895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 206.254682] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:15:06 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) request_key(&(0x7f0000000180)='syzkaller\x00', &(0x7f00000001c0)={'syz'}, &(0x7f00000002c0)='syz', 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) request_key(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000003c0)="a4f55232edb6eefc1753920203171d", 0x0) [ 206.776597] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.783232] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.790270] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.796876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.806345] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 207.000346] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 207.336168] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.573746] IPVS: ftp: loaded support on port[0] = 21 [ 207.688985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 207.696240] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.772551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.960559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.967817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.769782] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.778187] team0: Port device team_slave_0 added [ 209.083603] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.091868] team0: Port device team_slave_1 added [ 209.400201] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 209.407459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.416363] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.679536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 209.686953] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.696069] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.009755] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.017832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.027120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.345421] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.353368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.362885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.390484] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.397067] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.405542] device bridge_slave_0 entered promiscuous mode [ 212.592906] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.599389] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.607986] device bridge_slave_1 entered promiscuous mode [ 212.898796] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.177046] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 213.809088] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.815637] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.822771] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.829228] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.838073] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.988454] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 214.004247] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.288613] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 214.498663] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.505859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.765489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 214.772815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:15:15 executing program 3: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0x3, &(0x7f0000346fc8), &(0x7f00000001c0)='GPL\x00', 0xfffffffffffffffc, 0xfb, &(0x7f0000000080)=""/251}, 0x48) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x78, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000389000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0x3, &(0x7f0000346fc8), &(0x7f00000001c0)='GPL\x00', 0xfffffffffffffffc, 0xfb, &(0x7f0000000080)=""/251}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) close(r1) [ 215.695973] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 215.704088] team0: Port device team_slave_0 added [ 215.998926] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 216.007199] team0: Port device team_slave_1 added [ 216.274090] IPVS: ftp: loaded support on port[0] = 21 [ 216.401269] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 216.408474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.417467] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 216.834210] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 216.841245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 216.850386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.188939] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 217.196778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.205967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.616851] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 217.624930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.633896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.174001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.542406] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 221.802908] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.809383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.817128] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.823718] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.832491] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 222.325747] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.332349] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.340800] device bridge_slave_0 entered promiscuous mode [ 222.504353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.730570] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.737213] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.745709] device bridge_slave_1 entered promiscuous mode [ 222.841533] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 222.848098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.856357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.119136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 223.407785] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 224.245374] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.514063] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.838141] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 225.107599] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 225.114817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.527600] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 225.534797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:15:25 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/wireless\x00') close(r0) [ 226.700309] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.708377] team0: Port device team_slave_0 added [ 227.154456] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 227.162574] team0: Port device team_slave_1 added [ 227.298952] IPVS: ftp: loaded support on port[0] = 21 [ 227.597779] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 227.605015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 227.613987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.988484] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 227.995805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 228.004714] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.384824] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 228.392610] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 228.401766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.887468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 228.895155] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.905455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.147389] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.713048] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 232.402847] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 232.409196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 232.417467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 233.769615] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.776176] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.783202] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.789689] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.798210] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 234.183619] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.190182] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.198974] device bridge_slave_0 entered promiscuous mode [ 234.262010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 00:15:34 executing program 0: sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x0, 0x40}, 0x0) msgrcv(0x0, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000900)) [ 234.362986] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.699590] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.706218] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.714968] device bridge_slave_1 entered promiscuous mode 00:15:34 executing program 0: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000840000/0x2000)=nil, 0x2000, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000480)='/dev/mixer\x00', 0x4282, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f00000004c0)={0x0, 0x8cd, 0x5, 'queue0\x00', 0x2}) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x100, 0x0) r2 = getpgid(0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r1, 0x1f, &(0x7f00000003c0)={0x0, 0x0}}, 0xfffffffffffffef4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={r2, r1, 0x0, 0x10, &(0x7f0000000200)='em1procselinux-\x00', r3}, 0x30) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x2) setsockopt$inet6_tcp_buf(r1, 0x6, 0x1f, &(0x7f0000000180)="aed6a7837f08e674caf39af884ff", 0xe) r4 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0x1d, r4, &(0x7f0000000340)='pkcs7_test\x00', 0x0) mbind(&(0x7f0000126000/0x3000)=nil, 0x3000, 0x0, &(0x7f000016e000), 0x6, 0x0) ioctl$BLKFRASET(r1, 0x1264, &(0x7f00000001c0)=0x100000000) mbind(&(0x7f00007d2000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000000)=0x7f4b8703, 0x8, 0x0) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000380), &(0x7f0000000440)=0x4) modify_ldt$read_default(0x2, &(0x7f0000000040)=""/209, 0xd1) 00:15:35 executing program 0: prctl$getreaper(0x1b, &(0x7f0000000180)) r0 = epoll_create(0xffffffff) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x8000, 0x0) ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f0000000100)) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x1, 0x5, 0x3}) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='trusted.overlay.redirect\x00') [ 235.205904] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 00:15:35 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) r1 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000040)=0x1c, 0x800) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=0x0, &(0x7f0000000180)=0x4) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000001c0)=@assoc_value={r2, 0x1f}, &(0x7f0000000200)=0x8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000100)=0x4, 0x4) sendto$inet(r0, &(0x7f0000000000), 0xff6c, 0x1, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) [ 235.656565] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:15:36 executing program 0: r0 = socket$inet(0x15, 0x5, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x20, @local}, 0x10) getsockopt$inet_mreqsrc(r0, 0x0, 0x2f, &(0x7f0000000180)={@empty, @multicast2, @local}, &(0x7f00000001c0)=0xc) r1 = socket$inet(0x2, 0x80006, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0x5, 0x800) r3 = dup(r0) r4 = accept$inet6(r2, 0x0, &(0x7f0000000000)) getsockopt$inet6_udp_int(r4, 0x11, 0x65, &(0x7f0000000040), &(0x7f00000000c0)=0x4) write(r0, &(0x7f0000000200)="93e3fa97e30d05c908663cfd9f43b077388b15d3f0278596997cb8c0dfa5e908f4c30dae08fdc2d5dd97d88c9b0d0eb33f", 0x31) ioctl$BLKBSZGET(r2, 0x80081270, &(0x7f0000000380)) bind$inet(r1, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0x2, 0x4) r5 = semget$private(0x0, 0x3, 0x80) semctl$SEM_INFO(r5, 0x3, 0x13, &(0x7f00000002c0)=""/7) connect$inet(r1, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$TUNSETTXFILTER(r6, 0x400454d1, &(0x7f0000000240)={0x1, 0x3, [@local, @broadcast, @random="81bcd7c90d23"]}) getsockopt$inet_tcp_int(r3, 0x6, 0x8, &(0x7f0000000300), &(0x7f0000000340)=0x4) [ 236.771990] bond0: Enslaving bond_slave_0 as an active interface with an up link 00:15:37 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0xa, &(0x7f0000000100)=0x0) close(r1) socket$inet(0x2, 0x2, 0x4) io_submit(r2, 0x1400, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000008, 0x0, r1, &(0x7f0000000140), 0x700000000000}]) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) ptrace$peekuser(0x3, r3, 0x191a) [ 237.230595] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 237.687077] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 237.694262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 00:15:37 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000000)=@ethtool_cmd={0x26, 0x100}}) r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x2, 0x2100) ioctl$NBD_CLEAR_QUE(r1, 0xab05) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'yam0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="4500000039d30000070069f0f8ec0000040000000084000000"]}) [ 238.125050] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 238.132307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:15:38 executing program 0: unshare(0x8020000) msgget$private(0x0, 0x0) msgsnd(0x0, &(0x7f0000000140)={0x1}, 0x8, 0x0) msgsnd(0x0, &(0x7f00000003c0)={0x3}, 0x8, 0x0) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') setns(r0, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x2080, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e22, 0x0, @local, 0x80}, @in6={0xa, 0x4e23, 0x8b6, @mcast2, 0x3ff}, @in6={0xa, 0x4e22, 0x6, @local, 0x7}], 0x64) [ 238.874301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.423255] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 239.431284] team0: Port device team_slave_0 added [ 239.748657] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 239.756878] team0: Port device team_slave_1 added [ 240.052931] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 240.059940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.068898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.156552] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.404879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 240.412632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 240.423744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.750318] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 240.758299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.767337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.053480] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 241.061062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.070909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 241.347733] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.354328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.362456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.444055] 8021q: adding VLAN 0 to HW filter on device team0 00:15:42 executing program 1: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r0 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bpq0\x00'}) [ 244.023810] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.030278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.037307] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.043841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.052443] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 244.058978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 246.399706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.214640] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 00:15:47 executing program 2: clone(0x200, &(0x7f0000000080), &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000280)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000600)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000280)=""/11, 0x10158) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = creat(&(0x7f0000000080)="e91f7189591e9233614b00", 0x10a) r2 = dup2(r0, r1) execve(&(0x7f00000000c0)="e91f7189591e9233614b00", &(0x7f0000000140), &(0x7f0000001580)) ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f00000001c0)=ANY=[]) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, &(0x7f0000000300), 0xffffffffffffffff) execve(&(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000400), &(0x7f0000000b40)) ioctl$BLKSECDISCARD(r1, 0x127d, &(0x7f0000000100)) [ 248.001159] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 248.007682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 248.015805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 248.639387] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.506808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.991129] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 00:15:52 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x5) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0a5c2d023c126285718070") r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6(0xa, 0x100000002, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000380)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x3}]}, 0x10) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) sendto$inet6(r2, &(0x7f0000000300), 0xfd90, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendto$inet6(r2, &(0x7f00000001c0), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c) [ 252.503195] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 252.509824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 252.517815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 252.823514] 8021q: adding VLAN 0 to HW filter on device team0 00:15:54 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000080)="00000600000000000000", 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f0000000280), &(0x7f0000000500), 0x1100) 00:15:54 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f000000bfd4)={0x1, 0x3, 0x2, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r0, &(0x7f0000000080), &(0x7f0000000080)}, 0x20) userfaultfd(0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000010c0)={r0, &(0x7f0000000040)="da", &(0x7f00000000c0)=""/4096}, 0x18) 00:15:54 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) r1 = socket$bt_rfcomm(0x1f, 0x3, 0x3) recvmmsg(r1, &(0x7f0000000280)=[{{&(0x7f0000000040)=@ipx, 0x80, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/110, 0x6e}, {&(0x7f0000000140)=""/120, 0x78}, {&(0x7f00000001c0)=""/121, 0x79}], 0x3, 0x0, 0x0, 0x3ff}, 0x5}], 0x1, 0x20, &(0x7f00000002c0)={0x77359400}) ioctl$void(r1, 0xc0045878) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000300)={0x7f, {{0xa, 0x4e23, 0x9, @mcast1, 0x200}}, {{0xa, 0x4e24, 0x7, @mcast2, 0x8}}}, 0x108) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000440)=0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000480)={0xa245, {{0xa, 0x4e23, 0x294, @loopback, 0x1f}}, {{0xa, 0x4e21, 0x4, @mcast1, 0x6}}}, 0x108) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000005c0)=0x5, 0x4) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000600)='/dev/sequencer\x00', 0x2, 0x0) name_to_handle_at(r3, &(0x7f0000000640)='./file0\x00', &(0x7f0000000680)={0xe0, 0x9, "85dd78263c0398ffaef22e0e687d6a145bc31b631497c2b1cd7de6229124a94c5d36c761de4f3af305528070ccc749a4d34472c7e48e3b3c91c86c73961774ac184ab39da37136f0690520b9a79b19f85edeb43fbc30cbbf6d00025fbd7c7e19cbaab98895f3566dfee4e184760d8f4329085f75366ea7f83acc29cdedf581c69d24cdd9cf0111e2daa01a56156a90e9d426c985993db2d4c6f753191b199ab58160d53d9940c31971b383785f8a18e9615d856f071e1e02ddf83005758119db0fb82b995d1dd598ddba828ea95c3e06ef7dea81996dfbed"}, &(0x7f0000000780), 0x0) getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f00000007c0)=""/33, &(0x7f0000000800)=0x21) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000840), &(0x7f0000000880)=0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f00000008c0)) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000940)={r0, r3}) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000009c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000c00)={&(0x7f0000000980), 0xc, &(0x7f0000000bc0)={&(0x7f0000000a00)={0x184, r4, 0x0, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x38, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xff}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3f}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x74}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x9}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x28}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x7}}]}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6b}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x4e5}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syz_tun\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x184}, 0x1, 0x0, 0x0, 0x4000010}, 0x4008000) syz_emit_ethernet(0xe8, &(0x7f0000000c40)={@local, @broadcast, [], {@x25={0x805, {0x2, 0x9, 0x27, "7a6edbdbd6c0874ad7bf1788faf7e3fe35c5748708a0eefe18f3f4abd23f2c70bd513331f3a68c8d285d23f7bb4e3727e06afe0052efb6766518b5b2fa70e7f9fbd0f15b1dad721b140018d39e1bb4085f8bdafd2898e409ce162eac67aa1fa32c5c4c1696722644729f529a944ddc28da23ea42ae8dbf4783ac1ebaa2cf6313fa16f16ba441f48e150c154ae680fd24845141498a8d2ea24c8b245de467addd0714bad1b5c0f2f8ce919b3e09bed6c858c085f912bbd2885f4a2b28109c3157a3f1a48e80b3b1f9e246d614ddb202982828c1ccf635af"}}}}, &(0x7f0000000d40)={0x1, 0x2, [0xd2c, 0x34c, 0x314, 0xe95]}) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000dc0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000d80)={0xffffffffffffffff}, 0x0, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r3, &(0x7f0000000e00)={0x9, 0x108, 0xfa00, {r5, 0xd1, "1d3584", "6a071f74ab7226c9b14b4e6031165cb6a39a995ae5f92386575277c45be1878f202c3210cf47de47d6b11be5ce58cf3a25f0d0bf1a886128a0d3e8ea5d5912a0c5e216a60db87f314527c50406b65b7f78bb78a2bcbdf4f8f67d2295707574a4be5e7618fc9993037b0dacea63eabdcde7e4cb19aaf79e4516a5784e6a4f54df56fc4bd4cc044115518087f60c229b30c5e248de9d92cda5270c9d6a661e5b7b93fd103e67b57c2cdba97e5b3bf5646140f54a441d925aabcdd39607bbeaed91b46ec0f8cb30ce0c3a323ef03dd4446c3e830802d98e946d9e0f8be86efa97c5bbad0d70ff234da4b94c372774c85b4cebf33fa50dc818ab555f79270aef6a72"}}, 0x110) fsetxattr$security_ima(r0, &(0x7f0000000f40)='security.ima\x00', &(0x7f0000000f80)=@v2={0x0, 0x1, 0x7, 0xfffffffffffffff9, 0x7f, "7059e230d0e29edf4d6fa859164d03a734d2ffcd5fd23b81845b123f16206d56e3774ba7b1be4b988e362285397c9fc634065d831d98e6f72136eb00b12b71d3d92615d8d2f411ca1b3d4979d5ff7ebc870efd0667aa322775560a0716191afe7a3d3fee6a3d97b139c52b932a78c999aad9941487ee340c23575a1f1db122"}, 0x89, 0x1) getsockopt$bt_hci(r2, 0x0, 0x3, &(0x7f0000001040)=""/230, &(0x7f0000001140)=0xe6) r6 = open$dir(&(0x7f0000001180)='./file0\x00', 0x2101, 0x80) getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f00000011c0)={'TPROXY\x00'}, &(0x7f0000001200)=0x1e) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000001240)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000001340)=0xe8) write$P9_RXATTRWALK(r0, &(0x7f0000001380)={0xf, 0x1f, 0x1, 0x7fffffff}, 0xf) ioctl$DRM_IOCTL_AGP_INFO(r3, 0x80386433, &(0x7f00000013c0)=""/126) statx(r6, &(0x7f0000001440)='./file0\x00', 0x1100, 0x7ff, &(0x7f0000001480)) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x140000000000000) quotactl(0x7, &(0x7f0000001580)='./file0\x00', r7, &(0x7f00000015c0)="47b755c60a2ebf1f385f2947888f761ed108f62cb0cd5655dc4d3e5c4d0d44afd9413c0aebbd94c6a0170a107f9c971f3d34f05adf3fb7911346cd15fa10290db59e966d9bd34347c7249e57") 00:15:54 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000dfdfee)='/dev/input/event#\x00', 0x0, 0x0) close(r0) 00:15:54 executing program 2: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000080)="00000600000000000000", 0x0) write$binfmt_elf32(r0, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3f, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20, 0x2}, [{}]}, 0x58) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f0000000280), &(0x7f0000000500), 0x1100) 00:15:54 executing program 3: r0 = gettid() r1 = syz_open_dev$sndtimer(&(0x7f0000000180)='/dev/snd/timer\x00', 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={&(0x7f0000000040), &(0x7f00000001c0)}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x9}}, &(0x7f0000000000)) readv(r1, &(0x7f0000001480)=[{&(0x7f00000002c0)=""/182, 0xb6}], 0x1) close(r1) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/net/pfkey\x00', 0x0, 0x0) tkill(r0, 0x1000000000016) 00:15:55 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af300200f5abfb9845f9e19859c9693206f2c60b0000000719e1d66e970123d893d974e5b9c3285677b2139823e5500c92ab5b94da3a7de19f063bb765b02bd5b660fb7fa898c6f5c6369c3f363068d10af833f6475bbe8b7967255b177607ba100f6c4654718232dbda64aa1f69cf9ab5b3ea3ed63452b7ebd37c9dae664e322e08ad8f6029fe8fd0b34c7117480471aeca0a3fc9eceb28509ca8a83e4f8b85131808bc5cfb4cc24e1901769c084c082712b470666b6dddf74ced693973ba1ded8b") preadv(r1, &(0x7f00000001c0)=[{&(0x7f0000006200)=""/220, 0xdc}, {&(0x7f0000000000)=""/90, 0x5a}, {&(0x7f0000006400)=""/4096, 0x1000}], 0x3, 0x0) 00:15:55 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") clock_gettime(0x0, &(0x7f0000000100)={0x0}) recvmmsg(r0, &(0x7f0000001cc0), 0x40000000000014f, 0x10102, &(0x7f0000001540)={r2}) sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x14, 0x1a, 0x201}, 0x14}}, 0x0) 00:15:55 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) listen(r0, 0x0) 00:15:55 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x0) close(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000040)=""/11, 0xfffffe0c) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f00000001c0)=""/142) 00:15:55 executing program 1: open(&(0x7f0000000140)='./file0\x00', 0x14104a, 0x0) 00:15:55 executing program 0: prctl$seccomp(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffff9}]}) fchmodat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x0) [ 255.652382] kauditd_printk_skb: 3 callbacks suppressed [ 255.652417] audit: type=1326 audit(1538957755.680:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7716 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 00:15:55 executing program 1: r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000100)="ad", 0x1, 0xfffffffffffffffc) keyctl$revoke(0x3, r0) 00:15:55 executing program 3: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000004c0)}}, 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x100, 0x0, 0x0, 0x1f, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffff9c, 0x50, &(0x7f0000000540)}, 0x10) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0xc04e27d3b503e3df}) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000140)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) [ 255.921704] hrtimer: interrupt took 225361 ns [ 256.426172] audit: type=1326 audit(1538957756.470:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7716 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 256.501036] IPVS: ftp: loaded support on port[0] = 21 [ 259.257433] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.264204] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.272746] device bridge_slave_0 entered promiscuous mode [ 259.348405] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.354996] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.363389] device bridge_slave_1 entered promiscuous mode [ 259.438021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 259.513379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 259.742213] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 259.822490] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 260.191726] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 260.199265] team0: Port device team_slave_0 added [ 260.284336] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 260.292265] team0: Port device team_slave_1 added [ 260.369548] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 260.450183] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 260.526034] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 260.533470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 260.542292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 260.620630] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 260.627967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 260.637246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 261.487194] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.493738] bridge0: port 2(bridge_slave_1) entered forwarding state [ 261.500455] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.506983] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.514777] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 261.521351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 264.579744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.899170] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 265.176888] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 265.183185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 265.190772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 265.478301] 8021q: adding VLAN 0 to HW filter on device team0 00:16:07 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x4ffe}) r2 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x2007fff) sendfile(r0, r2, &(0x7f0000d83ff8), 0x8000fffffffe) 00:16:07 executing program 4: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/88, 0x58) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f0000000180)) r1 = gettid() ppoll(&(0x7f00000002c0)=[{r0}], 0x1, &(0x7f0000000300), &(0x7f0000000340), 0x8) tkill(r1, 0xd) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000000000)) tkill(r2, 0x15) 00:16:07 executing program 1: r0 = syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) clone(0x3102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000003c0), 0xffffffffffffffff) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000000)={0x7, 0x8, 0xffffffffffffffff, 0x7, 0x8, 0x6}) 00:16:07 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000000)="62637366300000000000130011000013") 00:16:07 executing program 0: futex(&(0x7f000000cffc), 0x80000000008b, 0x0, &(0x7f0000000100)={0x77359400}, &(0x7f0000000180), 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x6, 0x100000000000031, 0xffffffffffffffff, 0x0) tkill(r0, 0x1000000000016) 00:16:07 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) clock_gettime(0x0, &(0x7f0000000180)) ppoll(&(0x7f0000000140)=[{r1, 0x400}, {0xffffffffffffffff, 0x40}, {}], 0x3, &(0x7f00000001c0), &(0x7f0000000240), 0x8) ioctl$VT_DISALLOCATE(0xffffffffffffffff, 0x5608) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000600)) ioctl$TIOCEXCL(r1, 0x540c) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00') pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x1, 0x1, 0x7, &(0x7f0000000300)) preadv(r2, &(0x7f0000000700), 0x31f, 0x10400003) vmsplice(r2, &(0x7f00000002c0)=[{&(0x7f00000000c0)="7222914efbd987049528d8fc81c97d2ce8fb59e55c708b9ee075f5ea131ec2194feaceee9815b4c9", 0x28}], 0x1, 0x1) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000900)={{{@in6=@dev, @in6=@remote}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f0000000740)=0xff9b) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000340)=""/220, 0xdc, 0x63, &(0x7f0000000580)={0x11, 0x0, 0x0, 0x1, 0x9, 0x6, @local}, 0x14) 00:16:07 executing program 1: futex(&(0x7f0000000000), 0x7, 0x0, &(0x7f0000000140), &(0x7f0000000180), 0x0) 00:16:07 executing program 0: add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280), &(0x7f00000002c0), 0x0, 0x0) 00:16:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x23, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000000f630c40020000000000000000000000126348", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0xa2, 0x0, &(0x7f0000000680)="42894def88ab56cbde4b592a98a1fd862f9c8ec39e6ff4f05c618cb75a74c92560e8fbb8f057abae9497a94d558075c611f7be565a0e87b4719517bde8527fc4a200e2d3c02a7f2cf8c34a9507845dc7953c9b5f142fd8965f1db43129d1d616b6ddb670bb0f131b3155841b643d3d9fd168b1e73080784f73ac93016d5b2d6eb0e796fce05225d42d877e20af589a575efc17c401311eedb517f884900000000000"}) 00:16:08 executing program 4: syz_open_dev$evdev(&(0x7f0000dfdfee)='/dev/input/event#\x00', 0x0, 0x0) 00:16:08 executing program 2: timer_create(0x3, &(0x7f0000000080)={0x0, 0x3a, 0x0, @thr={&(0x7f0000000000), &(0x7f00000001c0)}}, &(0x7f00000000c0)) timer_delete(0x0) [ 268.048941] binder: 8038:8040 unknown command 0 [ 268.054014] binder: 8038:8040 ioctl c0306201 20000080 returned -22 [ 268.106617] binder: 8038:8041 unknown command 0 [ 268.111434] binder: 8038:8041 ioctl c0306201 20000080 returned -22 00:16:08 executing program 1: syz_genetlink_get_family_id$ipvs(&(0x7f0000000340)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=0x0], 0x2}, 0x1, 0x0, 0x0, 0x200000c1}, 0x40) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f0000000180)={{0x2, 0x4e20, @multicast2}, {0x1, @random="a0e222c4743c"}, 0x42, {0x2, 0x4e24, @multicast1}, 'vcan0\x00'}) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0x20000000000002, &(0x7f00007b1000)=0x81, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty, 0x1}, 0x1c) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000240)={0x0}) ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f0000000280)={r2, 0x171499e98024c9ce}) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='dctcp\x00', 0x6) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000002c0)='cgroup.subtree_control\x00', 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, &(0x7f0000000200)='ip6gretap0\x00') setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='scalable\x00', 0x9) ftruncate(r3, 0x7fff) sendfile(r1, r3, &(0x7f0000d83ff8), 0x8000fffffffe) 00:16:08 executing program 5: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)) 00:16:08 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x1000002, 0x40800000000031, 0xffffffffffffffff, 0x0) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000000)) [ 268.398476] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 00:16:08 executing program 4: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x4ffe}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) sendfile(r0, r3, &(0x7f0000d83ff8), 0x8000fffffffe) 00:16:08 executing program 5: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f00000005c0)='user\x00', 0x0) write$P9_RRENAME(r0, &(0x7f0000000140)={0x7}, 0x7) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) 00:16:08 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)) [ 268.724059] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 268.730883] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 268.850521] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 00:16:09 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0x800000000002, 0x0) close(r0) r1 = socket$kcm(0x11, 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x1, 0x8f, 0x200, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x106, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffffffff8000, 0x0, 0x1ff, 0x0, 0xffffffff, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f00000003c0)}, 0x0, 0x3}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f0000000080), 0x4) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r3 = perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open$cgroup(&(0x7f0000000900)={0x0, 0x70, 0x600000000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x637, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80000001, 0xebef, 0xc52, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000000, 0x0, 0x0, 0x0, @perf_config_ext={0x7b5f}, 0x0, 0x0, 0x0, 0x0, 0xf5ee}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) close(r3) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8912, &(0x7f0000000080)='trustedu\x00Pp\x00') 00:16:09 executing program 0: clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x251, &(0x7f0000000040)=@raw=[@jmp], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xfffffffffffffe0f, &(0x7f000000cf3d)=""/195}, 0x48) 00:16:09 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x100, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000240)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x0, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0xc04e27d3b503e3df, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000140)=0x2) 00:16:09 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100), 0x1c) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, &(0x7f0000000440), 0xffffffffffffffba, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) recvfrom$inet6(r2, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x0, &(0x7f0000001880), 0x1c) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'lo\x00'}) io_setup(0x38b9, &(0x7f0000000180)=0x0) io_destroy(r4) 00:16:09 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xe, 0x4, 0x4, 0x10070}, 0x2c) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000000200)={'icmp6\x00'}, &(0x7f0000000240)=0x1e) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r0}) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x4}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000140)={r2, 0x8, 0x10, 0x5, 0x2}, &(0x7f00000001c0)=0x18) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000180)="62637366300000000000000011000013") ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000002500)={r0}) ioctl$sock_bt_hidp_HIDPCONNDEL(r3, 0x400448c9, &(0x7f0000002540)={{0x70000000000, 0x100, 0xdb, 0x20, 0x0, 0xff}, 0xffffffff}) 00:16:09 executing program 5: [ 269.437159] ion_buffer_destroy: buffer still mapped in the kernel 00:16:09 executing program 3: 00:16:09 executing program 1: 00:16:09 executing program 5: 00:16:09 executing program 0: 00:16:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB, @ANYRES64], 0xa2, 0x0, &(0x7f0000000680)="42894def88ab56cbde4b592a98a1fd862f9c8ec39e6ff4f05c618cb75a74c92560e8fbb8f057abae9497a94d558075c611f7be565a0e87b4719517bde8527fc4a200e2d3c02a7f2cf8c34a9507845dc7953c9b5f142fd8965f1db43129d1d616b6ddb670bb0f131b3155841b643d3d9fd168b1e73080784f73ac93016d5b2d6eb0e796fce05225d42d877e20af589a575efc17c401311eedb517f884900000000000"}) 00:16:10 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x34, &(0x7f00000002c0)={@random="d174971509ee", @random="1b207f5c5eeb", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @local}, @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {}, {}, {0xffffca88}}}}}}, &(0x7f0000000000)) 00:16:10 executing program 5: 00:16:10 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xe, 0x4, 0x4, 0x10070}, 0x2c) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000000200)={'icmp6\x00'}, &(0x7f0000000240)=0x1e) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f00000000c0)='bcsf0\x00') ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r0}) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x4}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000140)={r2, 0x8, 0x10, 0x5, 0x2}, &(0x7f00000001c0)=0x18) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000180)="62637366300000000000000011000013") ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000002500)={r0}) ioctl$sock_bt_hidp_HIDPCONNDEL(r3, 0x400448c9, &(0x7f0000002540)={{0x70000000000, 0x100, 0xdb, 0x20, 0x0, 0xff}, 0xffffffff}) 00:16:10 executing program 0: 00:16:10 executing program 1: 00:16:10 executing program 3: 00:16:10 executing program 5: 00:16:10 executing program 2: 00:16:10 executing program 4: 00:16:10 executing program 1: [ 270.772668] Not allocated shadow for addr ffff880133d71b98 (page ffffea0007370a60) [ 270.780428] Attempted to access 8 bytes [ 270.784454] ------------[ cut here ]------------ [ 270.789235] kernel BUG at mm/kmsan/kmsan.c:1075! [ 270.794022] invalid opcode: 0000 [#1] SMP [ 270.798212] CPU: 0 PID: 6886 Comm: syz-executor4 Not tainted 4.19.0-rc4+ #63 [ 270.805415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 270.814801] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 270.820442] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 270.839358] RSP: 0018:ffff880150d6f758 EFLAGS: 00010046 [ 270.844743] RAX: 000000000000001b RBX: 0000000000000000 RCX: a9db47489e17bf00 [ 270.846736] Not allocated shadow for addr ffff880133d71ba8 (page ffffea0007370a60) [ 270.852027] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 270.859772] ------------[ cut here ]------------ [ 270.867022] RBP: ffff880150d6f788 R08: 0000000000000000 R09: ffff88021fc38f50 [ 270.871779] kernel BUG at mm/kmsan/kmsan.c:1075! [ 270.879051] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 270.891060] R13: ffff880133d71b98 R14: 0000000000000001 R15: 0000000000000008 [ 270.898350] FS: 0000000001219940(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 270.906600] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 270.912492] CR2: 0000000000706158 CR3: 000000014a033000 CR4: 00000000001406f0 [ 270.919769] Call Trace: [ 270.922379] kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 270.927591] kmsan_unpoison_shadow+0x72/0xd0 [ 270.932025] vunmap_page_range+0x828/0xc20 [ 270.936311] remove_vm_area+0x39b/0x450 [ 270.940313] __vunmap+0x34c/0x5d0 [ 270.943805] vfree+0x79/0x170 [ 270.946931] do_ipt_get_ctl+0x10a9/0x1130 [ 270.951127] ? compat_do_ipt_set_ctl+0x3c40/0x3c40 [ 270.956072] nf_getsockopt+0x481/0x4e0 [ 270.959993] ip_getsockopt+0x2b1/0x470 [ 270.963907] ? compat_ip_setsockopt+0x380/0x380 [ 270.968590] tcp_getsockopt+0x1c6/0x1f0 [ 270.972585] ? tcp_get_timestamping_opt_stats+0x1810/0x1810 [ 270.978318] sock_common_getsockopt+0x13f/0x180 [ 270.983012] ? sock_recv_errqueue+0x990/0x990 [ 270.987531] __sys_getsockopt+0x48c/0x550 [ 270.991719] __se_sys_getsockopt+0xe1/0x100 [ 270.996069] __x64_sys_getsockopt+0x62/0x80 [ 271.000427] do_syscall_64+0xbe/0x100 [ 271.004247] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 271.009447] RIP: 0033:0x45a0aa [ 271.012648] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 88 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 88 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 271.031570] RSP: 002b:0000000000a3f608 EFLAGS: 00000202 ORIG_RAX: 0000000000000037 [ 271.039297] RAX: ffffffffffffffda RBX: 0000000000a3f630 RCX: 000000000045a0aa [ 271.046576] RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003 [ 271.053874] RBP: 000000000070be80 R08: 0000000000a3f62c R09: 0000000000004000 [ 271.061179] R10: 0000000000a3f730 R11: 0000000000000202 R12: 0000000000000003 [ 271.068483] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000070b100 [ 271.075792] Modules linked in: [ 271.079020] ---[ end trace 022331f6cd6d4134 ]--- [ 271.079035] invalid opcode: 0000 [#2] SMP [ 271.079062] CPU: 1 PID: 6351 Comm: syz-executor1 Tainted: G D 4.19.0-rc4+ #63 [ 271.083809] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 271.087958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.096530] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 271.102145] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 271.111489] RSP: 0018:ffff880150d6f758 EFLAGS: 00010046 [ 271.130408] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 271.141383] RSP: 0018:ffff880163abf780 EFLAGS: 00010002 [ 271.160271] RAX: 000000000000001b RBX: 0000000000000000 RCX: a9db47489e17bf00 [ 271.165647] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 271.172917] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0fde88460662a200 [ 271.180182] RBP: ffff880150d6f788 R08: 0000000000000000 R09: ffff88021fc38f50 [ 271.187449] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88021fd36afc [ 271.194712] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 271.201983] RBP: ffff880163abf7b0 R08: 0000000000000000 R09: ffff88021fd38f50 [ 271.209252] R13: ffff880133d71b98 R14: 0000000000000001 R15: 0000000000000008 [ 271.216541] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 271.223844] FS: 0000000001219940(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 271.231096] R13: ffff880133d71ba8 R14: 0000000000000001 R15: 0000000000000008 [ 271.231119] FS: 00000000013db940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 271.239365] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 271.246637] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 271.255321] CR2: 0000000000706158 CR3: 000000014a033000 CR4: 00000000001406f0 [ 271.261212] CR2: 0000000000706158 CR3: 0000000163a9d000 CR4: 00000000001406e0 [ 271.267079] Kernel panic - not syncing: Fatal exception [ 271.274348] Call Trace: [ 271.289604] kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 271.294826] kmsan_unpoison_shadow+0x72/0xd0 [ 271.299256] vunmap_page_range+0x828/0xc20 [ 271.303550] remove_vm_area+0x39b/0x450 [ 271.307557] __vunmap+0x34c/0x5d0 [ 271.311040] vfree+0x79/0x170 [ 271.314166] do_arpt_get_ctl+0xddb/0xe80 [ 271.318268] ? compat_do_arpt_set_ctl+0x2e90/0x2e90 [ 271.323316] nf_getsockopt+0x481/0x4e0 [ 271.327238] ip_getsockopt+0x2b1/0x470 [ 271.331151] ? compat_ip_setsockopt+0x380/0x380 [ 271.335835] tcp_getsockopt+0x1c6/0x1f0 [ 271.339834] ? tcp_get_timestamping_opt_stats+0x1810/0x1810 [ 271.345556] sock_common_getsockopt+0x13f/0x180 [ 271.350249] ? sock_recv_errqueue+0x990/0x990 [ 271.354762] __sys_getsockopt+0x48c/0x550 [ 271.359468] __se_sys_getsockopt+0xe1/0x100 [ 271.363824] __x64_sys_getsockopt+0x62/0x80 [ 271.368168] do_syscall_64+0xbe/0x100 [ 271.371991] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 271.377212] RIP: 0033:0x45a0aa [ 271.380423] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 88 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 88 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 271.399340] RSP: 002b:0000000000a3f648 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 [ 271.407063] RAX: ffffffffffffffda RBX: 0000000000a3f750 RCX: 000000000045a0aa [ 271.414345] RDX: 0000000000000061 RSI: 0000000000000000 RDI: 0000000000000003 [ 271.421619] RBP: 0000000000000003 R08: 0000000000a3f65c R09: 000000000000000a [ 271.428893] R10: 0000000000a3f750 R11: 0000000000000212 R12: 0000000000000000 [ 271.436171] R13: 0000000000042130 R14: 000000000000000b R15: 0000000000000001 [ 271.443464] Modules linked in: [ 271.446696] ---[ end trace 022331f6cd6d4135 ]--- [ 271.451468] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 271.457099] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 271.476013] RSP: 0018:ffff880150d6f758 EFLAGS: 00010046 [ 271.481390] RAX: 000000000000001b RBX: 0000000000000000 RCX: a9db47489e17bf00 [ 271.488664] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 271.495946] RBP: ffff880150d6f788 R08: 0000000000000000 R09: ffff88021fc38f50 [ 271.503225] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 271.510514] R13: ffff880133d71b98 R14: 0000000000000001 R15: 0000000000000008 [ 271.517800] FS: 00000000013db940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 271.526039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 271.531924] CR2: 0000000000706158 CR3: 0000000163a9d000 CR4: 00000000001406e0 [ 272.864158] Shutting down cpus with NMI [ 272.868263] ------------[ cut here ]------------ [ 272.873032] kernel BUG at mm/kmsan/kmsan_entry.c:81! [ 272.878157] invalid opcode: 0000 [#3] SMP [ 272.882321] CPU: 1 PID: 6351 Comm: syz-executor1 Tainted: G D 4.19.0-rc4+ #63 [ 272.885441] Kernel Offset: disabled [ [ 2 72722..88994545373]7] R eRbeobootoitnigng iinn 886644000 0s secoencodsnd.s... Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [[ 22772.2.90907792912]1] CoCoddee:: 0000 774 4 227 7 665 5 88bb 0 044 2 52 5 440 0 8f8f 0033 00 ff c0 83 f8 08 7d 28 65 89 04 25 40 8f 03 00 65 c6 04 25 d5 6c 0b 00 ff c3 0f 0b 66 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e [ 272.931251] RSP: 0018:fffffe0000049ea8 EFLAGS: 00010046 [ 272.936667] RAX: 0000000080000000 RBX: 0000000000000001 RCX: 00000000c0000101 [ 272.943942] RDX: 00000000ffff8802 RSI: ffffffff8ac011a8 RDI: ffff88021fd39f00 [ 272.951213] RBP: fffffe0000049ef9 R08: 0000000000000000 R09: 0000000000000000 [ 272.958487] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 272.965780] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 272.973062] FS: 00000000013db940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 272.981295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 272.987176] CR2: 0000000000706158 CR3: 0000000163a9d000 CR4: 00000000001406e0 [ 272.994458] Call Trace: [ 272.997044] [ 272.999207] ? end_repeat_nmi+0x19/0x58 [ 273.003198] ? end_repeat_nmi+0x7/0x58 [ 273.007127] ? panic_smp_self_stop+0xe/0xd0 [ 273.011469] ? panic_smp_self_stop+0x12/0xd0 [ 273.015892] ? panic_smp_self_stop+0x12/0xd0 [ 273.020316] ? panic_smp_self_stop+0x12/0xd0 [ 273.024725] [ 273.026976] ? panic+0x324/0xafa [ 273.030381] ? __show_regs+0xf8d/0x1310 [ 273.034381] ? oops_end+0x2cc/0x2d0 [ 273.038042] ? die+0x124/0x140 [ 273.041252] ? do_trap+0x686/0x710 [ 273.044826] ? do_error_trap+0x63c/0x6e0 [ 273.048923] ? kmsan_get_shadow_address+0x2d6/0x3d0 [ 273.053962] ? kmsan_get_shadow_address+0x2d6/0x3d0 [ 273.059004] ? do_invalid_op+0x98/0xb0 [ 273.062907] ? invalid_op+0x14/0x20 [ 273.066553] ? write_ext_msg+0x890/0x890 [ 273.070637] ? kmsan_get_shadow_address+0x2d6/0x3d0 [ 273.075670] ? kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 273.081050] ? kmsan_unpoison_shadow+0x72/0xd0 [ 273.085659] ? vunmap_page_range+0x828/0xc20 [ 273.090113] ? remove_vm_area+0x39b/0x450 [ 273.094285] ? __vunmap+0x34c/0x5d0 [ 273.097943] ? vfree+0x79/0x170 [ 273.101242] ? do_arpt_get_ctl+0xddb/0xe80 [ 273.105509] ? compat_do_arpt_set_ctl+0x2e90/0x2e90 [ 273.110548] ? nf_getsockopt+0x481/0x4e0 [ 273.114642] ? ip_getsockopt+0x2b1/0x470 [ 273.118733] ? compat_ip_setsockopt+0x380/0x380 [ 273.123409] ? tcp_getsockopt+0x1c6/0x1f0 [ 273.127575] ? tcp_get_timestamping_opt_stats+0x1810/0x1810 [ 273.133304] ? sock_common_getsockopt+0x13f/0x180 [ 273.138168] ? sock_recv_errqueue+0x990/0x990 [ 273.142684] ? __sys_getsockopt+0x48c/0x550 [ 273.147058] ? __se_sys_getsockopt+0xe1/0x100 [ 273.151582] ? __x64_sys_getsockopt+0x62/0x80 [ 273.156108] ? do_syscall_64+0xbe/0x100 [ 273.160111] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 273.165489] Modules linked in: [ 273.168704] ---[ end trace 022331f6cd6d4136 ]--- [ 273.173467] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 273.179100] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 273.198006] RSP: 0018:ffff880150d6f758 EFLAGS: 00010046 [ 273.203375] RAX: 000000000000001b RBX: 0000000000000000 RCX: a9db47489e17bf00 [ 273.210645] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 273.217921] RBP: ffff880150d6f788 R08: 0000000000000000 R09: ffff88021fc38f50 [ 273.225197] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 273.232494] R13: ffff880133d71b98 R14: 0000000000000001 R15: 0000000000000008 [ 273.239796] FS: 00000000013db940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 273.248028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 273.254221] CR2: 0000000000706158 CR3: 0000000163a9d000 CR4: 00000000001406e0