[ 57.062201] audit: type=1800 audit(1539146541.096:27): pid=6067 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.699899] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 59.527733] random: sshd: uninitialized urandom read (32 bytes read) [ 60.024327] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.806467] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. [ 67.615086] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 04:42:33 fuzzer started [ 72.353036] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 04:42:38 dialing manager at 10.128.0.26:44001 2018/10/10 04:42:38 syscalls: 1 2018/10/10 04:42:38 code coverage: enabled 2018/10/10 04:42:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 04:42:38 setuid sandbox: enabled 2018/10/10 04:42:38 namespace sandbox: enabled 2018/10/10 04:42:38 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 04:42:38 fault injection: enabled 2018/10/10 04:42:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 04:42:38 net packed injection: enabled 2018/10/10 04:42:38 net device setup: enabled [ 78.010556] random: crng init done 04:44:28 executing program 0: r0 = socket$inet6(0xa, 0x1000000000005, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r1 = socket$inet6(0x10, 0x2, 0x0) sendmsg(r1, &(0x7f0000000100)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000200)=[{&(0x7f0000000180)="5500000018007f7000fe01b2a4a280930a60050000a84302910000003900050023000c000b0000000d0005000b0000000000c78b80082314e9030b9d566885b16732009b1400b1df136ef75afb0000000000000000", 0x55}], 0x1, &(0x7f0000000400)}, 0x0) [ 185.226741] IPVS: ftp: loaded support on port[0] = 21 [ 187.755983] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.762814] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.771494] device bridge_slave_0 entered promiscuous mode [ 187.930826] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.937512] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.946112] device bridge_slave_1 entered promiscuous mode [ 188.089612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.231838] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:44:32 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0) [ 188.747515] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.891448] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.211766] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.219088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.456923] IPVS: ftp: loaded support on port[0] = 21 [ 189.926119] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.934520] team0: Port device team_slave_0 added [ 190.159332] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.167657] team0: Port device team_slave_1 added [ 190.426460] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 190.433634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.442840] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.619305] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.626615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.635667] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.868841] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.876554] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.885978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.097918] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.105606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.114860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.385490] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.392090] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.400482] device bridge_slave_0 entered promiscuous mode [ 193.573250] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.579750] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.588311] device bridge_slave_1 entered promiscuous mode [ 193.737595] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 04:44:37 executing program 2: mknod$loop(&(0x7f0000000040)='./file1\x00', 0x6000, 0x0) quotactl(0x0, &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f00000003c0)) [ 193.916236] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.922805] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.929710] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.936293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.945136] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.972638] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 194.266670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.819099] IPVS: ftp: loaded support on port[0] = 21 [ 194.943600] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.247757] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.518343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 195.525589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.738470] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 195.745726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.428183] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 196.436397] team0: Port device team_slave_0 added [ 196.701549] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 196.709659] team0: Port device team_slave_1 added [ 197.048247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 197.055433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.064203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.349203] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 197.356354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.365409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.577695] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 197.585458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.594462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.798655] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 197.806515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.815618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.441252] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.447939] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.456616] device bridge_slave_0 entered promiscuous mode [ 199.737167] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.743840] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.752517] device bridge_slave_1 entered promiscuous mode [ 200.117649] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 200.304843] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 200.888270] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.894860] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.901761] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.908382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.917144] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 201.288470] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.464148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.571546] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:44:45 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00003c1000)="0a0775b0d5e383e5b3c06639d476a0bf", 0x10) r2 = accept(r0, 0x0, &(0x7f0000000500)=0xfffffffffffffdcb) r3 = dup(r2) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="330000000603000000e38ec0460000000000000000000000b7dd2023d09c6a230a0000000000004ce1a5e8344ff6d07329000004b9c2ca6d6126f321d5a2ea55dff49ea0252cc27fa55b27a388f8c9b570932274a1ab263ede9479f4e7e35c24cfe2cbf32a32caeae236dd8dc747a127b2f7e06840"], 0x75) [ 201.943830] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 201.950893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.353352] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 202.360438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.028296] IPVS: ftp: loaded support on port[0] = 21 [ 203.331313] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 203.339485] team0: Port device team_slave_0 added [ 203.709683] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 203.717963] team0: Port device team_slave_1 added [ 204.147203] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.154408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.163344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.544686] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.551719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.560772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.908450] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 204.916290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.925325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.303595] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 205.311169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.320460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.800162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.881071] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.887649] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.896174] device bridge_slave_0 entered promiscuous mode [ 209.220533] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.280619] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.287322] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.295922] device bridge_slave_1 entered promiscuous mode [ 209.352006] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.358451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.365481] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.372015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.380781] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 209.716305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.091796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.102421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.510641] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 210.517125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.525207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.256507] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.605916] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:44:56 executing program 4: r0 = socket$inet6(0xa, 0x6, 0x39e) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000)) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x7}}, &(0x7f000004afe0)) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f0000000340), 0x0, 0x100000020000008, &(0x7f00008d4fe4)={0xa, 0x4e20}, 0x1c) r4 = open(&(0x7f00000001c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r4, 0x280080) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0x7, &(0x7f0000000240)=0x100003, 0x4) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendfile(r2, r4, &(0x7f0000d83ff8), 0x200800900000002) [ 211.970683] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.987745] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.994968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.441827] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.449061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.514493] IPVS: ftp: loaded support on port[0] = 21 [ 213.681456] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.689670] team0: Port device team_slave_0 added [ 214.098315] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 214.106530] team0: Port device team_slave_1 added [ 214.523932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.531338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.540394] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.918977] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.926268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.935291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.372769] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 215.380393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.389472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.752178] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 215.760710] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.770095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.899949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.401372] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.138274] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 219.144726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.153015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.482018] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.488506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.495537] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.502070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.510939] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.664846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.834933] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.918018] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.924820] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.933501] device bridge_slave_0 entered promiscuous mode [ 221.339003] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.345730] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.354304] device bridge_slave_1 entered promiscuous mode [ 221.815406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 222.221466] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:45:06 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x76, 0xb4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000280), 0x4) write$binfmt_aout(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="07011f05b3030000e200000002000000cf0300000000008000001a000000000094c6824c77c51eb0d5a1b9185544f4d7d5a5d5396f5f2e722ca821a9700cd57298004e511a5aadcc2f38ca9a26b9998acf8248a97709e4c115ce4c0d7b58f8b489fd4d2327d1cd2e6cf5b4aa539835bffa2bb8cd39bb8a37615bcc28cc233a86920b33b32bc63c8d894abf332cb9a8c7ae79cfd7fea93c222471de2444b4f997f0671e80bf82f2adcfc72d38986da4aba2f04d424fe65f6a79c90c690630e2abbe1bc46c7dcb4bdbd54a9900000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000150000000000000000000000000000080000000000000000000200000000000000000000000000000022ac000000000000000000000000000000000000000000000000000000000000000000"], 0x27d) sendmsg(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000100)="e4", 0x1}], 0x1, &(0x7f0000000d80)}, 0x48011) write$binfmt_aout(r0, &(0x7f0000000440)={{0xcc}, "30c4413eef2be4e38b09fafed25dcb2fbd731b6da4e5bd9b466393d09e9669b688a7f01a03410284f2c0f4c0c7fed68ef5bf95235faba47bfc94c1e14fc9709acc7847a9814751bc48fbc9"}, 0x6b) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f00000002c0)=""/20, 0x14}, 0x100) 04:45:06 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000100), 0xffffffffffffffd6, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = socket$inet(0x10, 0x3, 0x4) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000000c0)={0xffffffffffffffff}, 0x117, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r3, &(0x7f0000000140)={0xf, 0x8, 0xfa00, {r4, 0x6}}, 0x10) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x220900, 0x0) r5 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000480)=ANY=[@ANYBLOB="0b00000000000020000000000100000000000000"]) ioctl$EVIOCGRAB(r5, 0x40044590, &(0x7f00000002c0)=0x5) socket$pppoe(0x18, 0x1, 0x0) ioctl$EVIOCGABS2F(r5, 0x8018456f, &(0x7f0000000380)=""/126) ioctl$DRM_IOCTL_RES_CTX(r5, 0xc0106426, &(0x7f0000000400)={0x4, &(0x7f0000000340)=[{0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_RM_CTX(r5, 0xc0086421, &(0x7f0000000440)={r6, 0x3}) ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000240)={0x1ff, 0x10001, 0x1, 0x2, 0x2, 0x8, 0x10000, 0x80000001, 0x1ff, 0x81, 0x0, 0x21}) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0)) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="4c0000001200ff09fffefd956fa264b724a6007e00000000000000683540150024001d001fc41180b598be593ab6821148a730bb1aa49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) modify_ldt$write(0x1, &(0x7f0000000300)={0x2, 0x1000, 0xffffffffffffffff, 0x8000, 0xf49, 0x401, 0x6, 0x3f, 0x2, 0x7}, 0x10) [ 223.086295] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 223.444650] bond0: Enslaving bond_slave_0 as an active interface with an up link 04:45:07 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x2, 0x410000) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000080)={0x4, {0x2, 0x4e22, @loopback}, {0x2, 0x4e20, @local}, {0x2, 0x4e22, @remote}, 0x8, 0xffffffffffffffff, 0xffffffffffffff19, 0x1, 0x7f, &(0x7f0000000040)='bcsf0\x00', 0xff, 0x9, 0x2}) socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$SG_GET_LOW_DMA(r0, 0x227a, &(0x7f0000000140)) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, &(0x7f0000000180)={0x40, 0x51, 0xfff, 0x4f1842d7b106161c}) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f00000001c0)={0x0, 0xfff, 0x6, 0x400000000000000, 0x8, 0x3a, 0x100, 0x3, {0x0, @in6={{0xa, 0x4e23, 0x3f, @ipv4={[], [], @broadcast}, 0x8}}, 0x7, 0x4, 0x3, 0x7fff, 0x8}}, &(0x7f0000000280)=0xb0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000002c0)={0x100, 0x3c, 0x200, 0x8, 0x6b42, 0x10001, 0x80000001, 0xc497, r3}, &(0x7f0000000300)=0x20) r5 = fcntl$dupfd(r0, 0x406, r1) ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f0000000340)={0xb, 0xa, 0x15, 0x8, 0xa, 0xffffffff, 0x4, 0x15a}) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vga_arbiter\x00', 0x204000, 0x0) ioctl$RTC_ALM_SET(r5, 0x40247007, &(0x7f00000003c0)={0x2f, 0x1e, 0xe, 0x7, 0x4, 0x3, 0x0, 0x165, 0xffffffffffffffff}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000400)=0xfffffffffffffffe) ioctl$PPPOEIOCSFWD(r5, 0x4008b100, &(0x7f0000000440)={0x18, 0x0, {0x0, @remote, 'veth1_to_bridge\x00'}}) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r6, 0x84, 0x19, &(0x7f0000000480)={r4, 0x9}, 0x8) ioctl$sock_inet_udp_SIOCOUTQ(r6, 0x5411, &(0x7f00000004c0)) setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000500)={r3, 0xb2, 0x4000000000, 0x40}, 0x10) ioctl$UI_SET_FFBIT(r5, 0x4004556b, 0xe) getsockopt$ARPT_SO_GET_REVISION_TARGET(r6, 0x0, 0x63, &(0x7f0000000540)={'icmp\x00'}, &(0x7f0000000580)=0x1e) prctl$intptr(0x6, 0xfffffffffffffffe) setsockopt$inet6_int(r5, 0x29, 0xdf, &(0x7f00000005c0)=0xfffffffffffffffc, 0x4) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000600)={r4, @in={{0x2, 0x4e20, @rand_addr=0x3}}, 0x10000, 0xfff}, 0x90) ioctl$SCSI_IOCTL_GET_PCI(r6, 0x5387, &(0x7f00000006c0)) connect(r5, &(0x7f0000000700)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x4e24, @broadcast}, 0x2, 0x3, 0x4, 0x3}}, 0x80) ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f0000000780)={0x38, 0x1, 0x9, 0x8, 0x3, 0x3f, 0x5, 0x4d, 0xffffffffffffffff}) ioctl$DRM_IOCTL_AGP_ENABLE(r6, 0x40086432, &(0x7f00000007c0)=0x40) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000800)={0x1, 0x3, 0x400, 0x2, 0x280000000000}) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000840)={0x1, 0x3, 0x6000000000000000, 0x2, 0x1}) setxattr$trusted_overlay_origin(&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)='trusted.overlay.origin\x00', &(0x7f0000000900)='y\x00', 0x2, 0x3) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000940)={r2, 0x401}, &(0x7f0000000980)=0x8) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f00000009c0)) [ 223.878441] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:45:08 executing program 0: [ 224.254530] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 224.261578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 04:45:08 executing program 0: [ 224.601322] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 224.608468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:45:08 executing program 0: 04:45:09 executing program 0: [ 225.456185] IPVS: ftp: loaded support on port[0] = 21 04:45:09 executing program 0: [ 225.997876] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.006162] team0: Port device team_slave_0 added [ 226.379912] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 226.388222] team0: Port device team_slave_1 added [ 226.523878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.752260] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 226.759386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 226.768170] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.148220] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 227.155376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 227.164030] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 227.482128] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 227.489735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 227.498646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 227.842070] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 227.849721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 227.858674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.934728] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 229.391614] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 229.398124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.406089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:45:14 executing program 1: [ 230.758784] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.327437] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.334083] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.342585] device bridge_slave_0 entered promiscuous mode [ 231.560589] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.567275] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.575870] device bridge_slave_1 entered promiscuous mode [ 231.842078] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.848587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.855700] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.862321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.870738] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 231.888624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 232.142001] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 232.472945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 232.854334] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 233.126044] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 233.740584] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 233.747781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 234.497997] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 234.506836] team0: Port device team_slave_0 added [ 234.748863] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 234.757201] team0: Port device team_slave_1 added [ 235.127482] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 235.134720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.143767] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.357451] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 235.364735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 235.373611] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 235.619670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.637480] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 235.645225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.654485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.894056] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 235.901679] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 235.911354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.891268] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 04:45:21 executing program 2: clone(0xfffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r0 = getpid() pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000012c0), 0x1000005e7) ptrace(0x4206, r0) [ 237.983338] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 237.989722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.997822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.011266] ptrace attach of "/root/syz-executor2"[7458] was attempted by "/root/syz-executor2"[7460] [ 238.754252] ptrace attach of "/root/syz-executor2"[7481] was attempted by "/root/syz-executor2"[7482] [ 239.021104] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.027648] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.034684] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.041133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.049729] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.056439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.100820] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.147792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.038594] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 243.850723] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.857315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.865287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:45:28 executing program 0: [ 244.732543] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.811363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.370310] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 247.936159] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 247.943782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.951539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 248.315028] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 248.419372] 8021q: adding VLAN 0 to HW filter on device team0 04:45:32 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000300)={0x0, 0xb841}, &(0x7f0000000440)=0x8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000280)=0xc) r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000001c0)={{0x80}, "706f72ff070000000000000000000000000b000000000000000000001f0000ffffff03000000ef000003ff02000000000012000000000000004000000600", 0xc7, 0x80003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) mount(&(0x7f0000000540)=ANY=[], &(0x7f0000000340)='./file0\x00', &(0x7f0000000480)='adfs\x00', 0x0, &(0x7f00000004c0)='\\/-selfmime_typevmnet0md5sum-losystem\x00') r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x2000000080003, 0x0) close(r1) 04:45:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f0000000240), 0xc, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x20, 0x10, 0xc362e63b3f31ba5f}, 0x20}}, 0x0) 04:45:32 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000040), 0x7ffff000) 04:45:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) shutdown(r0, 0x1) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f00000003c0), 0x4) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x0, 0x0, 0x70bd2d}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0xc000) 04:45:34 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000300)={0x0, 0xb841}, &(0x7f0000000440)=0x8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000280)=0xc) r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000001c0)={{0x80}, "706f72ff070000000000000000000000000b000000000000000000001f0000ffffff03000000ef000003ff02000000000012000000000000004000000600", 0xc7, 0x80003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) mount(&(0x7f0000000540)=ANY=[], &(0x7f0000000340)='./file0\x00', &(0x7f0000000480)='adfs\x00', 0x0, &(0x7f00000004c0)='\\/-selfmime_typevmnet0md5sum-losystem\x00') r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x2000000080003, 0x0) close(r1) 04:45:34 executing program 4: r0 = socket$inet6(0xa, 0x6, 0x39e) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000)) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x7}}, &(0x7f000004afe0)) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, &(0x7f0000000340), 0x0, 0x100000020000008, &(0x7f00008d4fe4)={0xa, 0x4e20}, 0x1c) r4 = open(&(0x7f00000001c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r4, 0x280080) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0x7, &(0x7f0000000240)=0x100003, 0x4) setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendfile(r2, r4, &(0x7f0000d83ff8), 0x200800900000002) 04:45:34 executing program 1: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x8c) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x13}}}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000001000)=ANY=[@ANYBLOB="7b1af8ff0000000069a2b9ffffffffffffff00000000000095"], &(0x7f0000000100)='GPL\x00'}, 0x48) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r2 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) bind$packet(r2, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r2, 0x107, 0x5, &(0x7f0000001000), 0xc5) r3 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0xc9}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) 04:45:34 executing program 5: 04:45:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000300)={0x0, 0xb841}, &(0x7f0000000440)=0x8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000280)=0xc) r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000001c0)={{0x80}, "706f72ff070000000000000000000000000b000000000000000000001f0000ffffff03000000ef000003ff02000000000012000000000000004000000600", 0xc7, 0x80003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) mount(&(0x7f0000000540)=ANY=[], &(0x7f0000000340)='./file0\x00', &(0x7f0000000480)='adfs\x00', 0x0, &(0x7f00000004c0)='\\/-selfmime_typevmnet0md5sum-losystem\x00') r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x2000000080003, 0x0) close(r1) 04:45:35 executing program 2: 04:45:35 executing program 3: 04:45:35 executing program 5: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x8c) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x13}}}, 0x1c) r2 = openat$vsock(0xffffffffffffff9c, 0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000001000)=ANY=[@ANYBLOB="7b1af8ff0000000069a2b9ffffffffffffff00000000000095"], &(0x7f0000000100)='GPL\x00'}, 0x48) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r3 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) bind$packet(r3, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) mq_timedsend(r2, &(0x7f00000002c0)="473db3ced16d", 0x6, 0x6, &(0x7f0000000300)={0x0, 0x989680}) setsockopt(r3, 0x107, 0x5, &(0x7f0000001000), 0xc5) r4 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x0) sendmmsg(r4, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0xc9, 0x2900}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) 04:45:35 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0x9, 0x8001}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 04:45:35 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000300000000000000000000009500020000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4) write$binfmt_aout(r0, &(0x7f0000000040)=ANY=[@ANYRES64], 0x4e4) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000000)={r0, r1}) close(r2) 04:45:35 executing program 3: 04:45:35 executing program 1: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x8c) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x13}}}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000001000)=ANY=[@ANYBLOB="7b1af8ff0000000069a2b9ffffffffffffff00000000000095"], &(0x7f0000000100)='GPL\x00'}, 0x48) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r2 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) bind$packet(r2, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r2, 0x107, 0x5, &(0x7f0000001000), 0xc5) r3 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0xc9}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) [ 251.743980] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 251.787035] Not allocated shadow for addr ffff88013d6dd830 (page ffffea00077092e0) [ 251.794789] Attempted to access 8 bytes [ 251.798818] ------------[ cut here ]------------ [ 251.803587] kernel BUG at mm/kmsan/kmsan.c:1091! [ 251.808375] invalid opcode: 0000 [#1] SMP [ 251.812544] CPU: 1 PID: 6288 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #65 [ 251.815718] Not allocated shadow for addr ffff88013d6dd860 (page ffffea00077092e0) [ 251.819750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.827506] ------------[ cut here ]------------ [ 251.836837] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 251.841571] kernel BUG at mm/kmsan/kmsan.c:1091! [ 251.847199] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c [ 251.870842] RSP: 0018:ffff880167b7f780 EFLAGS: 00010046 [ 251.876232] RAX: 000000000000001b RBX: 0000000000000000 RCX: 45519244f14fad00 [ 251.883511] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 251.890793] RBP: ffff880167b7f7b0 R08: 0000000000000000 R09: ffff88021fd38f50 [ 251.898074] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001 [ 251.905353] R13: ffff88013d6dd830 R14: 0000000000000001 R15: 0000000000000008 [ 251.912642] FS: 000000000209f940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 251.920879] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 251.926770] CR2: 0000000000706158 CR3: 0000000167b3b000 CR4: 00000000001406e0 [ 251.934055] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 251.941335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 251.948615] Call Trace: [ 251.951244] kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 251.956461] kmsan_unpoison_shadow+0x72/0xd0 [ 251.960892] vunmap_page_range+0x828/0xc20 [ 251.965182] remove_vm_area+0x39b/0x450 [ 251.969196] __vunmap+0x34c/0x5d0 [ 251.972690] vfree+0x79/0x170 [ 251.975821] do_arpt_get_ctl+0xddb/0xe80 [ 251.979927] ? compat_do_arpt_set_ctl+0x2e90/0x2e90 [ 251.984964] nf_getsockopt+0x481/0x4e0 [ 251.988886] ip_getsockopt+0x2b1/0x470 [ 251.992820] ? compat_ip_setsockopt+0x380/0x380 [ 251.997506] tcp_getsockopt+0x1c6/0x1f0 [ 252.001510] ? tcp_get_timestamping_opt_stats+0x1810/0x1810 [ 252.007248] sock_common_getsockopt+0x13f/0x180 [ 252.011961] ? sock_recv_errqueue+0x990/0x990 [ 252.016480] __sys_getsockopt+0x48c/0x550 [ 252.020664] __se_sys_getsockopt+0xe1/0x100 [ 252.025021] __x64_sys_getsockopt+0x62/0x80 [ 252.029360] do_syscall_64+0xbe/0x100 [ 252.033184] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 252.038396] RIP: 0033:0x45a0aa [ 252.041608] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 88 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 88 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 252.060523] RSP: 002b:0000000000a3f648 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 [ 252.068258] RAX: ffffffffffffffda RBX: 0000000000a3f750 RCX: 000000000045a0aa [ 252.075540] RDX: 0000000000000061 RSI: 0000000000000000 RDI: 0000000000000003 [ 252.082819] RBP: 0000000000000003 R08: 0000000000a3f65c R09: 000000000000000a [ 252.090101] R10: 0000000000a3f750 R11: 0000000000000212 R12: 0000000000000000 [ 252.097383] R13: 000000000003d3ff R14: 0000000000000004 R15: 0000000000000001 [ 252.104702] Modules linked in: [ 252.107950] ---[ end trace e5af4de9b9fbf637 ]--- [ 252.107965] invalid opcode: 0000 [#2] SMP [ 252.107992] CPU: 0 PID: 7865 Comm: syz-executor2 Tainted: G D 4.19.0-rc4+ #65 [ 252.112751] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 252.116891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 252.125467] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c [ 252.131085] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 252.140432] RSP: 0018:ffff880167b7f780 EFLAGS: 00010046 [ 252.159341] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c [ 252.170311] RSP: 0018:ffff88013d66f5c8 EFLAGS: 00010002 [ 252.189204] RAX: 000000000000001b RBX: 0000000000000000 RCX: 45519244f14fad00 [ 252.194590] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 252.201859] RAX: 0000000000000046 RBX: 0000000000000000 RCX: a284cf66546be200 [ 252.209122] RBP: ffff880167b7f7b0 R08: 0000000000000000 R09: ffff88021fd38f50 [ 252.216387] RDX: 0000000000000000 RSI: 0000000000027c17 RDI: 0000000000027c18 [ 252.223651] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001 [ 252.230916] RBP: ffff88013d66f5f8 R08: 0000000000000000 R09: ffff88021fc38f50 [ 252.238179] R13: ffff88013d6dd830 R14: 0000000000000001 R15: 0000000000000008 [ 252.245449] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001 [ 252.252718] FS: 000000000209f940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 252.259999] R13: ffff88013d6dd860 R14: 0000000000000001 R15: 0000000000000008 [ 252.268240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 252.275516] FS: 00007fcfe242d700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 252.281388] CR2: 0000000000706158 CR3: 0000000167b3b000 CR4: 00000000001406e0 [ 252.289607] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 252.296871] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 252.302753] CR2: 0000000000930000 CR3: 000000013f34b000 CR4: 00000000001406f0 [ 252.310020] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 252.317288] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 252.324552] Kernel panic - not syncing: Fatal exception [ 252.331820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 252.344608] Call Trace: [ 252.347239] kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 252.352457] kmsan_unpoison_shadow+0x72/0xd0 [ 252.356893] vunmap_page_range+0x828/0xc20 [ 252.361188] remove_vm_area+0x39b/0x450 [ 252.365207] __vunmap+0x34c/0x5d0 [ 252.368707] vfree+0x79/0x170 [ 252.371842] bpf_prog_calc_tag+0x929/0x9d0 [ 252.376125] bpf_check+0x9a4/0xd0c0 [ 252.379787] ? task_kmsan_context_state+0x6b/0x120 [ 252.384742] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 252.390124] ? task_kmsan_context_state+0x6b/0x120 [ 252.395078] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 252.400471] ? vmalloc_to_page+0x57d/0x6b0 [ 252.404735] ? kmsan_set_origin+0x83/0x140 [ 252.409004] __do_sys_bpf+0xd528/0xf970 [ 252.413016] ? __msan_poison_alloca+0x17a/0x210 [ 252.418177] ? prepare_exit_to_usermode+0x53/0x470 [ 252.423150] ? syscall_return_slowpath+0x112/0x880 [ 252.428097] ? put_timespec64+0x162/0x220 [ 252.432291] __se_sys_bpf+0x8e/0xa0 [ 252.435940] __x64_sys_bpf+0x4a/0x70 [ 252.439690] do_syscall_64+0xbe/0x100 [ 252.443512] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 252.448719] RIP: 0033:0x457579 [ 252.451924] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 252.470863] RSP: 002b:00007fcfe242cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 252.478597] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 252.485878] RDX: 0000000000000048 RSI: 0000000020000340 RDI: 0000000000000005 [ 252.493157] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 252.500442] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcfe242d6d4 [ 252.507724] R13: 00000000004bd990 R14: 00000000004cc328 R15: 00000000ffffffff [ 252.515024] Modules linked in: [ 252.518255] ---[ end trace e5af4de9b9fbf638 ]--- [ 252.523039] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 252.528675] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c [ 252.547765] RSP: 0018:ffff880167b7f780 EFLAGS: 00010046 [ 252.553146] RAX: 000000000000001b RBX: 0000000000000000 RCX: 45519244f14fad00 [ 252.560426] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 252.567707] RBP: ffff880167b7f7b0 R08: 0000000000000000 R09: ffff88021fd38f50 [ 252.575003] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001 [ 252.582284] R13: ffff88013d6dd830 R14: 0000000000000001 R15: 0000000000000008 [ 252.589570] FS: 00007fcfe242d700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 252.597806] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 252.603694] CR2: 0000000000930000 CR3: 000000013f34b000 CR4: 00000000001406f0 [ 252.610975] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 252.618262] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 253.890312] Shutting down cpus with NMI [ 253.894399] ------------[ cut here ]------------ [ 253.899199] kernel BUG at mm/kmsan/kmsan_entry.c:81! [ 253.904343] invalid opcode: 0000 [#3] SMP [ 253.908508] CPU: 0 PID: 7865 Comm: syz-executor2 Tainted: G D 4.19.0-rc4+ #65 [ 253.911239] Kernel Offset: disabled [ [2 5325.932.907220972]9 R]e Rboebotoointign ig ni n86 480604 0s0 ecseoncdonsd.s. .. C ompute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.934110] RIP: 0010:kmsan_nmi_enter+0x42/0x70 [ 253.938799] Code: 00 74 27 65 8b 04 25 40 8f 03 00 ff c0 83 f8 08 7d 28 65 89 04 25 40 8f 03 00 65 c6 04 25 d5 6c 0b 00 ff c3 0f 0b 66 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e [ 253.957716] RSP: 0018:fffffe000000eea8 EFLAGS: 00010046 [ 253.963099] RAX: 0000000080000000 RBX: 0000000000000001 RCX: 00000000c0000101 [ 253.970377] RDX: 00000000ffff8802 RSI: ffffffff8ac011a8 RDI: 0000000000040000 [ 253.977654] RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000 [ 253.984936] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 253.992228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 253.999523] FS: 00007fcfe242d700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 254.007762] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 254.013657] CR2: 0000000000930000 CR3: 000000013f34b000 CR4: 00000000001406f0 [ 254.020941] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 254.028218] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 254.035510] Call Trace: [ 254.038100] [ 254.040278] ? end_repeat_nmi+0x19/0x58 [ 254.044277] ? end_repeat_nmi+0x7/0x58 [ 254.048197] ? panic_smp_self_stop+0xe/0xd0 [ 254.052549] ? panic_smp_self_stop+0x12/0xd0 [ 254.056977] ? panic_smp_self_stop+0x12/0xd0 [ 254.061409] ? panic_smp_self_stop+0x12/0xd0 [ 254.065824] [ 254.068075] ? panic+0x324/0xafa [ 254.071486] ? __show_regs+0xf8d/0x1310 [ 254.075490] ? oops_end+0x2cc/0x2d0 [ 254.079141] ? die+0x124/0x140 [ 254.082357] ? do_trap+0x686/0x710 [ 254.085941] ? do_error_trap+0x63c/0x6e0 [ 254.090016] ? kmsan_get_shadow_address+0x2d6/0x3d0 [ 254.095055] ? kmsan_get_shadow_address+0x2d6/0x3d0 [ 254.100107] ? do_invalid_op+0x98/0xb0 [ 254.104020] ? invalid_op+0x14/0x20 [ 254.107673] ? write_ext_msg+0x890/0x890 [ 254.111756] ? kmsan_get_shadow_address+0x2d6/0x3d0 [ 254.116790] ? kmsan_get_shadow_address+0x2f6/0x3d0 [ 254.121830] ? kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 254.127215] ? kmsan_unpoison_shadow+0x72/0xd0 [ 254.131836] ? vunmap_page_range+0x828/0xc20 [ 254.136314] ? remove_vm_area+0x39b/0x450 [ 254.140492] ? __vunmap+0x34c/0x5d0 [ 254.144162] ? vfree+0x79/0x170 [ 254.147465] ? bpf_prog_calc_tag+0x929/0x9d0 [ 254.151939] ? bpf_check+0x9a4/0xd0c0 [ 254.155772] ? task_kmsan_context_state+0x6b/0x120 [ 254.160725] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 254.166107] ? task_kmsan_context_state+0x6b/0x120 [ 254.171064] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 254.176458] ? vmalloc_to_page+0x57d/0x6b0 [ 254.180717] ? kmsan_set_origin+0x83/0x140 [ 254.184983] ? __do_sys_bpf+0xd528/0xf970 [ 254.189187] ? __msan_poison_alloca+0x17a/0x210 [ 254.193900] ? prepare_exit_to_usermode+0x53/0x470 [ 254.198894] ? syscall_return_slowpath+0x112/0x880 [ 254.203843] ? put_timespec64+0x162/0x220 [ 254.208022] ? __se_sys_bpf+0x8e/0xa0 [ 254.211844] ? __x64_sys_bpf+0x4a/0x70 [ 254.215766] ? do_syscall_64+0xbe/0x100 [ 254.219766] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 254.225153] Modules linked in: [ 254.228367] ---[ end trace e5af4de9b9fbf639 ]--- [ 254.233140] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 254.238774] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c [ 254.257695] RSP: 0018:ffff880167b7f780 EFLAGS: 00010046 [ 254.263081] RAX: 000000000000001b RBX: 0000000000000000 RCX: 45519244f14fad00 [ 254.270361] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 254.277645] RBP: ffff880167b7f7b0 R08: 0000000000000000 R09: ffff88021fd38f50 [ 254.284930] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001 [ 254.292245] R13: ffff88013d6dd830 R14: 0000000000000001 R15: 0000000000000008 [ 254.299534] FS: 00007fcfe242d700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 254.307772] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 254.313670] CR2: 0000000000930000 CR3: 000000013f34b000 CR4: 00000000001406f0 [ 254.320958] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 254.328253] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400