[....] Starting OpenBSD Secure Shell server: sshd[ 52.113263] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 52.453780] audit: type=1800 audit(1538934128.505:29): pid=5930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 52.473363] audit: type=1800 audit(1538934128.515:30): pid=5930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [ 52.723944] random: sshd: uninitialized urandom read (32 bytes read) [ 53.224020] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 54.621904] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. [ 60.552730] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/07 17:42:18 fuzzer started [ 64.877237] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/07 17:42:23 dialing manager at 10.128.0.26:36867 2018/10/07 17:42:23 syscalls: 1 2018/10/07 17:42:23 code coverage: enabled 2018/10/07 17:42:23 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/07 17:42:23 setuid sandbox: enabled 2018/10/07 17:42:23 namespace sandbox: enabled 2018/10/07 17:42:23 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/07 17:42:23 fault injection: enabled 2018/10/07 17:42:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/07 17:42:23 net packed injection: enabled 2018/10/07 17:42:23 net device setup: enabled [ 70.270411] random: crng init done 17:44:01 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f0000000000)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000000c0)={0x1, 0x0, &(0x7f0000000040)=""/83, &(0x7f0000000380)=""/181, &(0x7f0000000440)=""/141}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001900)=ANY=[]) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000700)=""/236, &(0x7f0000000540)=""/57, &(0x7f0000000800)=""/70}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000006c0)=0x1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000500)={0x800000000000034}) [ 165.774694] IPVS: ftp: loaded support on port[0] = 21 [ 167.903044] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.909499] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.917867] device bridge_slave_0 entered promiscuous mode [ 168.039311] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.046003] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.054203] device bridge_slave_1 entered promiscuous mode [ 168.174249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 168.296212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 17:44:04 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000009c0)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x20000800) [ 168.662792] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 168.786505] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.398222] IPVS: ftp: loaded support on port[0] = 21 [ 169.634126] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 169.642087] team0: Port device team_slave_0 added [ 169.851723] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 169.859671] team0: Port device team_slave_1 added [ 170.090341] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 170.098726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.107604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.268288] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.404506] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 170.412139] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.420855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.568600] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 170.576290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.585264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.699811] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.706353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.713303] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.719719] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.728105] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 172.771878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.787268] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.794049] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.802212] device bridge_slave_0 entered promiscuous mode [ 173.044719] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.051162] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.059452] device bridge_slave_1 entered promiscuous mode [ 173.299872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.550975] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 17:44:09 executing program 2: syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e59073487cf36ad576e32926b04894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa22a505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd687928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c", 0x0) openat$cgroup_int(r0, &(0x7f00000001c0)='memory.low\x00', 0x2, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000001c0), &(0x7f00000001c0), 0x1000) getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f00000004c0), &(0x7f0000000500)=0x18) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000600)={0x7fff, 0xfff, 0xffffffff, 'queue0\x00', 0x6}) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000140)={{0x3b, @dev={0xac, 0x14, 0x14, 0xe}, 0x0, 0x0, 'rr\x00', 0x0, 0x8, 0x32}, {@rand_addr=0x1, 0x4e21, 0x1, 0x40, 0x8000, 0x2}}, 0x44) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x6) getpgid(0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./bus\x00', 0x8802, 0x100) fchmodat(0xffffffffffffffff, &(0x7f0000000100)='./bus\x00', 0x10) [ 174.220735] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.528347] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.666635] IPVS: ftp: loaded support on port[0] = 21 [ 174.773145] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 174.783069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 175.062243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 175.069334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 175.797587] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.805635] team0: Port device team_slave_0 added [ 176.022233] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.029916] team0: Port device team_slave_1 added [ 176.243140] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.250170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.258806] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.468197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.475314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.484000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.733558] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.741057] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.749773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.002236] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.009782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.018623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.691166] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.697927] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.706209] device bridge_slave_0 entered promiscuous mode [ 178.940482] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.947152] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.955410] device bridge_slave_1 entered promiscuous mode [ 179.224742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.442821] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.832801] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.839354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.846299] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.852779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.861200] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.911896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.211449] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.455727] bond0: Enslaving bond_slave_1 as an active interface with an up link 17:44:16 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x111a00, 0x0) ioctl$GIO_FONT(r2, 0x4b60, &(0x7f00000000c0)=""/32) fchdir(r1) r3 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r3, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r4, 0x208200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080), 0xc, &(0x7f00000004c0)={&(0x7f0000004bc0)=ANY=[@ANYBLOB="90"], 0x1}}, 0x0) madvise(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x9) [ 180.695282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.702392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.973803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.980835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.755639] IPVS: ftp: loaded support on port[0] = 21 [ 181.903376] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.911251] team0: Port device team_slave_0 added [ 182.208759] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.216682] team0: Port device team_slave_1 added [ 182.523690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.530740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.539571] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.812118] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.819141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.828164] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.125862] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.133566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.142442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.430459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.467173] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.478985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.487773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.716744] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 185.868746] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 185.875193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.883120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.861333] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.867887] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.876027] device bridge_slave_0 entered promiscuous mode [ 187.023875] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.083016] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.089466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.096412] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.102915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.111213] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.208691] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.215284] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.223648] device bridge_slave_1 entered promiscuous mode [ 187.541981] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.568982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.840409] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.767269] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.078883] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.370087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.377358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 17:44:25 executing program 4: r0 = socket(0xa, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000540)={'veth0_to_bridge\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={@loopback, @empty, @loopback, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, r1}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000100)={@loopback, @loopback, @remote, 0x0, 0x0, 0x9}) [ 189.744908] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.752037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.863690] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.871690] team0: Port device team_slave_0 added [ 190.975017] IPVS: ftp: loaded support on port[0] = 21 [ 191.225276] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.233613] team0: Port device team_slave_1 added [ 191.612107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.619148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.627881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.035030] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.042146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.050652] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.410419] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.417995] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.426854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.806875] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.814475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.823203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.315334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.685500] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 17:44:31 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") mmap(&(0x7f0000000000/0xc72000)=nil, 0xc72000, 0xfffffffffffffffc, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) recvmmsg(r1, &(0x7f0000000640)=[{{&(0x7f0000000480)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000000600)}}], 0x1, 0x121, 0x0) 17:44:32 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, &(0x7f0000000000), r1, &(0x7f0000000040), 0x5, 0x8) chmod(&(0x7f0000000200)='./file0\x00', 0x42) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x580, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_ATTR(r3, &(0x7f0000000140)={0x78}, 0x78) splice(r0, 0x0, r3, 0x0, 0x400000a7b, 0x0) write$binfmt_elf64(r2, &(0x7f0000000480)=ANY=[], 0x0) fcntl$notify(r1, 0x402, 0x8) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f00000000c0)) [ 196.104622] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 196.110984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.118735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.754884] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.761352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.768300] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.774794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.783320] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 196.986549] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.993142] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.001186] device bridge_slave_0 entered promiscuous mode 17:44:33 executing program 0: r0 = gettid() r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/arp\x00') fcntl$setownex(r1, 0xf, &(0x7f00000000c0)={0x3, r0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x5c, 0x74, 0x9, {"f160a58a9ccb7eccfc2a51bdfca4e9f17e1e63ca19fd86f35b597a0ba06ab61fd3ce478b307e9f51d5d9f0972f37ff69526cd6cd6f5377b451c876d181f6a0f260cccf8d70c51515972537d7b07bd2cf0348396d8db7421d1084c462"}}, {0x0, "a1f5ff6774cfe3d0b9f45486ca9aeb319b84dd3e0af0d581f1a0b53c"}}, &(0x7f0000000040)=""/83, 0x92, 0x53, 0x1}, 0x20) fcntl$getownex(r1, 0x10, &(0x7f00000001c0)) [ 197.222151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 17:44:33 executing program 0: r0 = socket(0x1e, 0x4, 0x0) bind(r0, &(0x7f0000000380)=@generic={0x1e, "01030000000000b9000000004700000000a979f321b30c7bc8790405c7bad62e0a63a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb3151d24acef1f1622ca5bdb9c8ea31000077aeb81c90001b6d7c980400000000f70dc136cb184a"}, 0x50) sendmsg(r0, &(0x7f0000001980)={&(0x7f0000002300)=@generic={0x10000000001e, "010000000000e30000000001af268c573c5bf86c483724d41e14dd6a739eff090000000000000000d79f00000000000000076c3f010039d8f986ff03000000000000e550d5fe32c419d67bcbc7e3ad316a1983000000fc341c1fc75624281e27800ece70b076cf979ac40000bd767e2e7821dfd300981a1565b3b16d7436"}, 0x80, &(0x7f0000001900), 0x0, &(0x7f0000002380)}, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x484400, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={r1, 0x10, &(0x7f0000000000)={&(0x7f0000000100)=""/152, 0x98, 0xffffffffffffffff}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0)=r2, 0x4) ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f0000000040)) [ 197.454650] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.461092] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.469156] device bridge_slave_1 entered promiscuous mode [ 197.567341] 8021q: adding VLAN 0 to HW filter on device team0 17:44:33 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000000c0)=0x0, &(0x7f0000000100), &(0x7f0000000140)) fstat(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x3, &(0x7f0000000200)=[r1, r2, r3]) [ 197.882946] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 17:44:34 executing program 0: r0 = socket$inet6(0xa, 0x1000200000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000017000)=0xfffff7fffffffffd, 0x4) bind$inet(r1, &(0x7f0000011ff0)={0x2, 0x4e20, @multicast2}, 0x10) listen(r0, 0xd90) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) ioctl$KVM_CREATE_DEVICE(0xffffffffffffff9c, 0xc00caee0, &(0x7f0000000000)={0x1, 0xffffffffffffff9c}) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f00000000c0)={0x0, 0x401, 0xb7ff, &(0x7f0000000080)=0x7}) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10) listen(r2, 0x0) connect$netlink(r2, &(0x7f0000000680)=@unspec, 0xc) [ 198.191774] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 17:44:34 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x62e77b0c, 0x10200) ioctl$EXT4_IOC_RESIZE_FS(0xffffffffffffffff, 0x40086610, &(0x7f0000000000)=0x6) ioctl(r0, 0x800c0884123, &(0x7f0000000000)) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 17:44:35 executing program 0: unshare(0x2000400) r0 = socket$packet(0x11, 0x400008000000005, 0x300) bind(r0, &(0x7f0000000080)=@vsock={0x28, 0x0, 0xffffffff, @my=0x1}, 0xfffffffffffffef0) [ 199.290323] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.700028] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.018017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 200.025294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.373079] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 200.380161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.086089] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 201.093972] team0: Port device team_slave_0 added [ 201.248086] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 201.256119] team0: Port device team_slave_1 added [ 201.444180] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 201.463810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.472540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.668453] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.752193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 201.759246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.767894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.023291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 202.030803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.039554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.178579] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 202.186271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.194997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.663193] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 203.549886] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 203.556424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.564267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.382464] 8021q: adding VLAN 0 to HW filter on device team0 17:44:40 executing program 1: [ 205.022669] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.029130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.036133] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.042630] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.051392] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.058118] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.879068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.601050] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 17:44:45 executing program 2: [ 209.327784] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.334284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.342095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.818847] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.510835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.986771] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 212.481011] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.487433] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.495190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 17:44:48 executing program 3: [ 212.964200] 8021q: adding VLAN 0 to HW filter on device team0 17:44:50 executing program 4: 17:44:50 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f00000088c0)=[{{0x0, 0x0, &(0x7f0000003500), 0x0, &(0x7f0000003580)=""/109, 0x6d}}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x50}, {0x6, 0x0, 0x0, 0x1}]}, 0x10) pwrite64(r0, &(0x7f0000000080)="4c126fcb33b6e2556469c41717f41d702c8b977b58858c1328bb1dead2749124e431d7a123b2c1ad890d14a8b78c697542464651758b11681caefc8458169a240cae34c792f67852122dd8f093365dc65b188db581be09160f81076a0dcd263d66fd3e016c320e1301fdbdf789eede56bd34a92d620f7131610d618c060393586c553782235bea7922480eefcaed9a05b2f29a22c93e49d981a25838f2ac1c6ba38edc58bf1f568c29a5ba60afcddda09e38931aa511b0492a42451fe59979dc78c86994f3489e3a0012f054688d979f73e76b0df55c098b8d440a44fa1005", 0xdf, 0x0) sendmmsg(r0, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002240), 0x1ba, &(0x7f00000022c0)}}, {{0x0, 0x0, &(0x7f00000026c0), 0x0, &(0x7f0000002700)}}], 0x75a, 0x0) 17:44:50 executing program 5: lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='security.apparmor\x00', &(0x7f0000000080)=""/146, 0x92) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x100, 0x0) ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f0000000180)=""/180) ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000240)=""/44) ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000280)=""/103) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000003c0)={'irlan0\x00', &(0x7f0000000300)=@ethtool_flash={0x33, 0x1000, "18f219f1f86d70e8dfc1e5ae231b459912c1198dacc4deb2912a47ccd1249200e079d7a07fa85ce157401ade8d02dfbf87062348a293541b789ee2d8710f7648929023febcd6d22eeb12d3fd02241b1e6542f78556e7c9e6e049f40a448299106efa70df675ac21e50f4f64ca467d64fd1cc7273c4b4218229957b739ee408be"}}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000400)) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000440)=0x8001, 0x4) write$binfmt_elf32(r0, &(0x7f0000000480)={{0x7f, 0x45, 0x4c, 0x46, 0x180000000000000, 0x20, 0x1, 0xffff, 0x325, 0x2, 0x3, 0x7, 0x2d9, 0x38, 0x1a4, 0x8, 0x8, 0x20, 0x1, 0x10001, 0xda, 0x9}, [{0x60000000, 0x917b, 0x0, 0xfffffffffffff72c, 0x888, 0x4, 0xde}, {0x4, 0x401, 0x3f, 0x3, 0xffff, 0x6193, 0x200, 0x10001}], "d3020522ec83836d87c6198890d901fbfb4b6df9abeae2fd007acc2d01cc3524fb6f3b8f16a7bcca6cd76ea34a8e6ea22245f1429193064963afe0c229bc6ad874a176b5ed8597fbaa37bfe8c5e9eba9e552ace63f39283f3d6aba681342cbe534c47b80cf8408d7c840eba464c7ccc072d3b4a4ec88d0ce6c0ea569a5f8cbcfc9ecf333b5d2bdcb6f93ba65b27f0a59c56b464873aadf0345dd06206a6adbd34660f0034df735", [[], [], [], [], [], []]}, 0x71f) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000bc0)=0x0) r2 = syz_open_procfs(r1, &(0x7f0000000c00)='net/rt_cache\x00') setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000c40)={0x2, 0xdd0e, 0x2, 0x6, 0x4}, 0x14) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000d00)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000cc0)={0xffffffffffffffff}, 0x111, 0x100b}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {&(0x7f0000000c80), 0x3, r3, 0x30, 0x0, @ib={0x1b, 0x7f, 0x4, {"79be86f979b9c2e1a96e893e45fda417"}, 0x1, 0x8, 0x1}}}, 0xa0) getdents64(r0, &(0x7f0000000e00)=""/229, 0xe5) ioctl$KDADDIO(r0, 0x4b34, 0x26e3f6c1) write$cgroup_subtree(r2, &(0x7f0000000f00)={[{0x2b, 'pids'}, {0x2d, 'memory'}, {0x2f, 'io'}, {0x2b, 'pids'}, {0x2b, 'memory'}, {0x2f, 'cpu'}]}, 0x25) ioctl$EXT4_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000f40)=0x20) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000f80)={r0, 0x3, 0x6, "040ec59b773ac70c0b3db6b133ad31fd9356cc7237efa8517293f444f5ab0c8b40dd29b16dab0e7ea9b8b3c71b36791ae6611e1e21ca8999ab6f89f4c08f3881d65517f363bb7fb3b32035299e2f72f1c722316c16ad4d72336674de7b907e186a4311845e54e3b8f8791819a642"}) r4 = syz_open_dev$usb(&(0x7f0000001000)='/dev/bus/usb/00#/00#\x00', 0xffffffff, 0x1) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000001040)={'bcsh0\x00', {0x2, 0x4e20, @broadcast}}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000003200)={0x6, 0x0, [{0x100000, 0x54, &(0x7f0000001080)=""/84}, {0x11f000, 0x19, &(0x7f0000001100)=""/25}, {0x3000, 0x27, &(0x7f0000001140)=""/39}, {0x2, 0x5f, &(0x7f0000001180)=""/95}, {0x2000, 0x1000, &(0x7f0000001200)=""/4096}, {0x870e3faf86965c31, 0x1000, &(0x7f0000002200)=""/4096}]}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000003300)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000003340)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000003380)={0x2, 0x400, 0x9, 0x1, 0x7, 0x5, 0x3, 0x401, r5}, 0x20) preadv(r0, &(0x7f0000003940)=[{&(0x7f00000033c0)=""/245, 0xf5}, {&(0x7f00000034c0)=""/104, 0x68}, {&(0x7f0000003540)=""/213, 0xd5}, {&(0x7f0000003640)=""/167, 0xa7}, {&(0x7f0000003700)=""/41, 0x29}, {&(0x7f0000003740)=""/155, 0x9b}, {&(0x7f0000003800)=""/53, 0x35}, {&(0x7f0000003840)=""/240, 0xf0}], 0x8, 0x0) ptrace$setregs(0xf, r1, 0x7, &(0x7f00000039c0)="2c546354499d34555f70b8cf01c7265dff396e7b35935b32fe05b3779d51c02b9cc2c425982b0c7de95a7d85a979602950f4a7b677db1504679df9c43c7236e76262bee7509dca03c45ca67049036d77bd889d3ec4ebd2932dafbffd19715c1ae2d5368973ea058879290d7175ef4dbf438dbe28c03199c0a33f85cf58ae") setsockopt$inet6_icmp_ICMP_FILTER(r4, 0x1, 0x1, &(0x7f0000003a40)={0x8}, 0x4) prctl$setname(0xf, &(0x7f0000003a80)='/dev/bus/usb/00#/00#\x00') getsockopt$inet_udp_int(r2, 0x11, 0x0, &(0x7f0000003ac0), &(0x7f0000003b00)=0x4) getsockopt$inet_int(r0, 0x0, 0x26, &(0x7f0000003b40), &(0x7f0000003b80)=0x4) 17:44:50 executing program 2: 17:44:50 executing program 1: 17:44:50 executing program 3: 17:44:51 executing program 2: 17:44:51 executing program 1: 17:44:51 executing program 3: 17:44:51 executing program 4: 17:44:51 executing program 3: 17:44:51 executing program 1: 17:44:51 executing program 2: 17:44:51 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000004540)=[{{0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000002e00)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000004640)={0x77359400}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000088cff6)='/dev/ptmx\x00', 0x1000000000001, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x0, 0x0) writev(r0, &(0x7f00000023c0), 0x1000000000000252) [ 215.941730] IPVS: ftp: loaded support on port[0] = 21 [ 217.103335] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.109729] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.117652] device bridge_slave_0 entered promiscuous mode [ 217.191653] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.198054] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.205968] device bridge_slave_1 entered promiscuous mode [ 217.278496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 217.352441] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 217.574884] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 217.650944] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.790369] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 217.797493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.014627] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.022434] team0: Port device team_slave_0 added [ 218.094741] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.102657] team0: Port device team_slave_1 added [ 218.174265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.252094] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.325966] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 218.333456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.342395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.417260] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 218.424598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.433511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.241957] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.248355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.255216] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.262036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.269767] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 219.783749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.226491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.497510] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 222.758581] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 222.765133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.772846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.042443] 8021q: adding VLAN 0 to HW filter on device team0 17:45:01 executing program 5: request_key(&(0x7f0000000180)='rxrpc_s\x00', &(0x7f00000001c0)={'syz'}, &(0x7f00000003c0)='keyring\x00', 0xfffffffffffffffd) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) mkdir(&(0x7f0000027000)='./file0\x00', 0x0) mount(&(0x7f0000000040)=ANY=[@ANYBLOB='[d::]:6llb:'], &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000140)="ff") 17:45:01 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="048c5b1bd2cfcff9671a5c000f00000000e500000095a3f42802991f24d51d3550", 0x21) 17:45:01 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x100000004e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) sendmmsg(r0, &(0x7f0000004040)=[{{&(0x7f0000001580)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x80, &(0x7f00000026c0)=[{&(0x7f00000007c0)="606e4e59be899542e7d36ac17957d7150942a440b9b3a513dfe4b8e2676415672c4bbc76e920ca0d6507559f955a547af09380d022d074350ff402415ab7f1ab8655197f0e9537ac63a6a8afa63c007d7ceac2a955d2f1d18148294e58061549442a31fb25c7c45c1e47ec41a7fe7a63f293cc152d6642464b89e5d8dd9c17f9469062925118236d72494f4df79acc65f1f865e95ec68fc47cc4ebfb1bdf52482b7f9cdeb934081f50c4067287571752050fb387967f81138337ed11c3a8b86405f4ce1e41e58bf4d4", 0xc9}], 0x1}}], 0x1, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x11, &(0x7f0000000000)=0x1, 0x4) recvmmsg(r0, &(0x7f0000003a00)=[{{&(0x7f00000022c0)=@ethernet={0x0, @local}, 0x80, &(0x7f0000002680)=[{&(0x7f0000002540)=""/200, 0xc8}], 0x126, &(0x7f0000003700)=""/135, 0x87}}], 0x1, 0x0, 0x0) read(r0, &(0x7f0000000180)=""/145, 0x91) 17:45:01 executing program 4: socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) memfd_create(&(0x7f0000000300)="e83779d80efa45bb7f48bebc95870bd0cd39bd2830ee47afe7b33fc778bde252c50d2e", 0x4) r0 = memfd_create(&(0x7f0000000400)="e83779d80efa45bb7f48bebc95870bd0cd39bd2830ee47afe7b33fc778bde252c50d2e", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) r2 = dup2(r1, r0) futex(&(0x7f0000000500)=0x2, 0x0, 0x0, &(0x7f00000005c0)={0x77359400}, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, "7175657565310000000000000000313b0000000000000000000000000000000000000000060000000000ccbf7ddd00"}) sched_setaffinity(0x0, 0x1d9, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0x5, &(0x7f0000000180), 0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) mmap(&(0x7f0000011000/0x6000)=nil, 0x6000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 17:45:01 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x7ffff000) sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x0, &(0x7f0000000000), 0x1c) 17:45:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000a20000)={0x8, 0x0, &(0x7f0000fc1ffc)=ANY=[@ANYBLOB], 0x0, 0x0, &(0x7f00000000c0)}) [ 225.829118] libceph: parse_ips bad ip '[d::]:6llb' [ 225.933235] binder: 7737:7742 unknown command 0 [ 225.938113] binder: 7737:7742 ioctl c0306201 20a20000 returned -22 17:45:02 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x10) 17:45:02 executing program 3: r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r0, 0x114, 0x3, &(0x7f00000000c0)={{0x1}}, 0x10) 17:45:02 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000005500), 0x0, 0x0, &(0x7f0000005740)={0x77359400}) sendmsg$nl_generic(r1, &(0x7f00000002c0)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x14}, 0x14}}, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0xb, 0x0, 0x2}}, 0x14}}, 0x0) 17:45:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000800)=ANY=[@ANYRESOCT], &(0x7f00000002c0)=0x1) syz_open_dev$mice(&(0x7f0000000640)='/dev/input/mice\x00', 0x0, 0x100) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000064e000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f00005ebff8)=0x3f) fcntl$setsig(r1, 0xa, 0x12) fcntl$setownex(r1, 0xf, &(0x7f00000001c0)={0x2, r0}) recvmsg(r2, &(0x7f000095cfc8)={&(0x7f0000893ff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b30000)}, 0x0) dup2(r1, r2) tkill(r0, 0x15) 17:45:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f00000000c0)={0x10, 0x4800000000000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x11}]}, 0x30}}, 0x0) 17:45:02 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) socket$inet6(0xa, 0x0, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x2, 0x7, 0x0, 0x0, 0x2}, 0x10}}, 0x0) fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f00000001c0)='trusted.overlay.origin\x00', &(0x7f0000000240)='y\x00', 0x2, 0x0) 17:45:02 executing program 3: recvmmsg(0xffffffffffffffff, &(0x7f0000004540)=[{{0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000002e00)=""/58, 0x3a}}], 0x1, 0x0, &(0x7f0000004640)={0x77359400}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000088cff6)='/dev/ptmx\x00', 0x1000000000001, 0x0) writev(r0, &(0x7f00000023c0), 0x1000000000000252) 17:45:02 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000004540)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000180)=""/182, 0xb6}], 0x1, &(0x7f0000002e00)=""/58, 0x3a}}], 0x1, 0xffffffffffffffff, &(0x7f0000004640)={0x77359400}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000088cff6)='/dev/ptmx\x00', 0x1000000000001, 0x0) writev(r0, &(0x7f00000023c0), 0x1000000000000252) [ 226.693475] netlink: 'syz-executor5': attribute type 17 has an invalid length. [ 226.707605] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:45:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f00000000c0)={0x10, 0x4800000000000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x11}]}, 0x30}}, 0x0) [ 227.269936] netlink: 'syz-executor5': attribute type 17 has an invalid length. [ 227.284185] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 244.475116] clocksource: timekeeping watchdog on CPU0: Marking clocksource 'tsc' as unstable because the skew is too large: [ 244.486459] clocksource: 'acpi_pm' wd_now: bc3d5 wd_last: 51ebb1 mask: ffffff [ 244.495763] clocksource: 'tsc' cs_now: 883f5b77c5 cs_last: 7ee57de0ee mask: ffffffffffffffff [ 244.506348] tsc: Marking TSC unstable due to clocksource watchdog [ 244.528195] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'. [ 244.537116] sched_clock: Marking unstable (244586665340, -58491654)<-(244652998333, -124823863) 17:45:20 executing program 4: socket$inet6_sctp(0xa, 0x5, 0x84) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xffffffea) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x2a}, &(0x7f0000000200)={0x0, r2+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) vmsplice(r0, &(0x7f0000000000), 0x0, 0x0) 17:45:20 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f00000014c0)=""/148, 0x13d}], 0xffffffffffffeee, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000268, 0x0) [ 244.582605] clocksource: Switched to clocksource acpi_pm 17:45:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f00000000c0)={0x10, 0x4800000000000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x11}]}, 0x30}}, 0x0) 17:45:20 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f00001bf000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 17:45:20 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0xffffff85}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x0, 0x0, 0x28000000}]}, &(0x7f0000f6bffb)='GPL\x00', 0xfffffffffffffffc, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 17:45:20 executing program 1: r0 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000000)=@ethtool_cmd={0xf}}) [ 244.777807] netlink: 'syz-executor5': attribute type 17 has an invalid length. [ 244.792153] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 244.862560] hrtimer: interrupt took 107835 ns 17:45:21 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x400173}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0xffffff85}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x54}]}, &(0x7f0000f6bffb)='GPL\x00', 0xfffffffffffffffc, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 17:45:21 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x40000) ioctl(0xffffffffffffffff, 0x9000000000, &(0x7f0000000040)) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x8}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40a85321, &(0x7f0000000080)={0x80}) 17:45:21 executing program 1: clock_gettime(0x0, &(0x7f0000000100)) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, &(0x7f00000001c0)={0x0, 0x66}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000880)='./file0\x00', &(0x7f0000000b40)) socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000240)=0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'team_slave_0\x00'}) openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x2a8040, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f00000000c0)) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x8001, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82) sendfile(r2, r2, &(0x7f0000000000), 0x2000005) read(r1, &(0x7f0000000bc0)=""/4096, 0x1000) 17:45:21 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0xfc) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2400000002031f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="24000000030307031dfffd946ff20c0020200a0009000100021d85680c1baba20400ff7e28000000110affff82aba0aa1c0009b356da5a80918b06b20cd37ed01cc000000000000000000000", 0x4c}], 0x1}, 0x0) 17:45:21 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x400300, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020d00001100000000000000000000000800120000000300000000000000000006000000000000000000000000000000e000000100000000000000230000000000000000080000000000000000000000030006000000000002000000ac14ffbb0000000000000000030005000000000002000000ac14ffbb00000000000000000100180000000000"], 0x88}}, 0x0) 17:45:21 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x400300, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020d00001100000000000000000000000800120000000300000000000000000006000000000000000000000000000000e000000100000000000000230000000000000000080000000000000000000000030006000000000002000000ac14ffbb0000000000000000030005000000000002000000ac14ffbb00000000000000000100180000000000"], 0x88}}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) [ 245.394997] netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. [ 245.482923] netlink: 20 bytes leftover after parsing attributes in process `syz-executor3'. [ 245.521114] netlink: 20 bytes leftover after parsing attributes in process `syz-executor3'. [ 245.530386] netlink: 20 bytes leftover after parsing attributes in process `syz-executor3'. 17:45:21 executing program 4: 17:45:21 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x4000100000008912, &(0x7f0000000100)="ece4a068488dd25d766070") sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x359, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) 17:45:21 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x0) mmap(&(0x7f0000008000/0x600000)=nil, 0x600000, 0x0, 0x20011, r0, 0x0) 17:45:21 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="bf16000000000000b707000001000000407000000000e0ff50000000000000009500000000000000b2daae8c701b3ababb5936b0a946566d12b526a25da5f18ee8592a6540ee2e3cda7e3f2f5d864d86200deee8e5032bf9c20685f7a3e38e024fe9230dc7abf706ce649f79bd6bac8ad81b4f48ea74dbbd40157f6c8b878864b926aab4c87ad576282dad71ab23ed4bc82dc5bf4131eef4247cb3bb0f4de0c39052d7d9f5500f390797a10ad290d4dc340da77722065d4ed736ec7340ccf43b9bf4fa52c8e448ef143c5743855ee1777157e1175f16924b4ebcbb7f3f59f0625cf54fd48ef38bab2f501c2b6a42c41459a1382f7f1af88f5ea70ab60376588d8d72b367a8141d1d3c97ac7de69fc3c19663836a1f53086d8289814ea5318196afd1d3f13ebd485b3c8b0aec79037f151ea84733509300a255b3bbf2adb6ab432c3427a18317411fbfa466553fac4045868127bb6c2ff700801be63a5ce39337d5bd3d834e0ffd713b1ffa251761205430c0682c489f20b4833fd9921758c0577fa16c5d7e2f7608d4a656761375077516dca251ca909358f1ff1736d9da2c7af3533a2a3d2f4b53c1f8515d4b6f851093d1c9"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x0, 0xf, 0x100, &(0x7f00000000c0)="0000000000ef6c000000000000004e", &(0x7f0000000540)=""/256, 0xfffffffffffffffc}, 0x28) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 17:45:21 executing program 2: 17:45:21 executing program 3: 17:45:22 executing program 5: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000010207031dfffd946fa2830020200a0009000b00001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) 17:45:22 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000040)={'ip6gre0\x00\x00{r\x00', @ifru_data=&(0x7f00000000c0)="a325d3c91116bf66fed2b246a94500aa6593352d29be1746fd84168b6ef37b32"}) 17:45:22 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f000001bfc8)={&(0x7f0000db4000), 0xc, &(0x7f00006bcff0)={&(0x7f000013e000)=@ipv6_newroute={0x2c, 0x18, 0x301, 0x0, 0x0, {}, [@RTA_ENCAP_TYPE={0x8, 0x15, 0x6}, @RTA_ENCAP={0x8, 0x16, @nested={0x4, 0x4001}}]}, 0x2c}}, 0x0) 17:45:22 executing program 4: 17:45:22 executing program 1: [ 246.395694] netlink: 'syz-executor2': attribute type 21 has an invalid length. 17:45:22 executing program 0: [ 246.437734] netlink: 'syz-executor2': attribute type 21 has an invalid length. 17:45:22 executing program 5: 17:45:22 executing program 4: 17:45:22 executing program 1: 17:45:22 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000340)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xfff, 0x5}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net\x00') setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x0, @local}], 0x1c) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f00000003c0)={0xfffffffffffffffc, {{0x2, 0x4e23, @loopback}}, 0x0, 0x4, [{{0x2, 0x4e23, @broadcast}}, {{0x2, 0x4e23, @loopback}}, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast2}}]}, 0x290) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f0000000140)={0x0, 0xfb, 0x5f, 0x7, 0x80000000, "e090c11524e4372b9948cfcc5dba9865", "ea0acd1c3418f46a084822d09c1a7d10af5d2a8388475eba9c2b490b263564ef66a95513c6993f89f5253245cc8f54eb2a27836a10f1d14abf1e24e06a7d845241cff97856c9896a8167"}, 0x5f, 0x3) 17:45:22 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000340)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xfff, 0x5}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net\x00') setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x0, @local}], 0x1c) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f00000003c0)={0xfffffffffffffffc, {{0x2, 0x0, @loopback}}, 0x0, 0x3, [{{0x2, 0x4e23, @broadcast}}, {{0x2, 0x4e23, @loopback}}, {{0x2, 0x0, @local}}]}, 0x210) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x87, 0x480002) 17:45:22 executing program 2: getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, &(0x7f0000000080)=0x10) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000180)={0x1ffffe, 0xc04e67d3b523e3e2}) 17:45:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000340)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xfff, 0x5}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f00000003c0)={0xfffffffffffffffc, {{0x2, 0x4e23, @loopback}}, 0x0, 0x4, [{{0x2, 0x4e23, @broadcast}}, {{0x2, 0x4e23, @loopback}}, {{0x2, 0x0, @local}}, {{0x2, 0x0, @multicast2}}]}, 0x290) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x87, 0x480002) 17:45:23 executing program 1: bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, 0x1c) sched_setscheduler(0x0, 0x0, &(0x7f0000000100)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x5, &(0x7f0000000080)=0x1, 0x4) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 17:45:23 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x400173}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0xffffff85}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x28}]}, &(0x7f0000f6bffb)='GPL\x00', 0xfffffffffffffffc, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) [ 247.103897] Not allocated shadow for addr ffff88017a0c7038 (page ffffea0008dc4aa0) [ 247.111592] Attempted to access 8 bytes [ 247.111635] ------------[ cut here ]------------ [ 247.111635] kernel BUG at mm/kmsan/kmsan.c:1075! [ 247.111635] invalid opcode: 0000 [#1] SMP [ 247.111635] CPU: 0 PID: 7996 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63 [ 247.111635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.111635] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 247.111635] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 247.111635] RSP: 0018:ffff88018af8f510 EFLAGS: 00010046 [ 247.111635] RAX: 000000000000001b RBX: 0000000000000000 RCX: 48b97289d13e9c00 [ 247.111635] RDX: 0000000000000000 RSI: 0000000000002541 RDI: 0000000000002542 [ 247.111635] RBP: ffff88018af8f540 R08: 0000000000000000 R09: ffff88021fc38f50 [ 247.111635] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 247.204054] Not allocated shadow for addr ffff88017a0c70e8 (page ffffea0008dc4aa0) [ 247.111635] R13: ffff88017a0c7038 R14: 0000000000000001 R15: 0000000000000008 [ 247.211562] ------------[ cut here ]------------ [ 247.111635] FS: 00007fd5065b2700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 247.211562] kernel BUG at mm/kmsan/kmsan.c:1075! [ 247.111635] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.111635] CR2: 00007fd506590db8 CR3: 0000000177d60000 CR4: 00000000001406f0 [ 247.111635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 247.111635] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 247.111635] Call Trace: [ 247.111635] kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 247.111635] kmsan_unpoison_shadow+0x72/0xd0 [ 247.111635] vunmap_page_range+0x828/0xc20 [ 247.111635] remove_vm_area+0x39b/0x450 [ 247.111635] __vunmap+0x34c/0x5d0 [ 247.111635] vunmap+0x69/0xb0 [ 247.111635] relay_destroy_buf+0xac/0x430 [ 247.111635] relay_close+0x470/0xa20 [ 247.111635] __blk_trace_remove+0x256/0x320 [ 247.111635] blk_trace_ioctl+0x2e5/0x970 [ 247.111635] ? kmsan_set_origin_inline+0x6b/0x120 [ 247.111635] ? __msan_poison_alloca+0x17a/0x210 [ 247.111635] ? blkdev_ioctl+0x327/0x55e0 [ 247.111635] ? block_ioctl+0x16f/0x1d0 [ 247.111635] blkdev_ioctl+0x1aaa/0x55e0 [ 247.111635] ? __perf_event_task_sched_in+0xb61/0xbd0 [ 247.111635] ? INIT_INT+0xc/0x30 [ 247.111635] ? kmsan_set_origin_inline+0x6b/0x120 [ 247.111635] block_ioctl+0x16f/0x1d0 [ 247.111635] ? block_llseek+0x190/0x190 [ 247.111635] do_vfs_ioctl+0xcf3/0x2810 [ 247.111635] ? security_file_ioctl+0x92/0x200 [ 247.111635] __se_sys_ioctl+0x1da/0x270 [ 247.111635] __x64_sys_ioctl+0x4a/0x70 [ 247.111635] do_syscall_64+0xbe/0x100 [ 247.111635] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 247.111635] RIP: 0033:0x457579 [ 247.111635] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 247.111635] RSP: 002b:00007fd5065b1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.111635] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 247.111635] RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000007 [ 247.111635] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 247.111635] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd5065b26d4 [ 247.111635] R13: 00000000004bea1e R14: 00000000004ce728 R15: 00000000ffffffff [ 247.111635] Modules linked in: [ 247.111635] ---[ end trace 8102ba9dd1154898 ]--- [ 247.211562] invalid opcode: 0000 [#2] SMP [ 247.211562] CPU: 1 PID: 8004 Comm: syz-executor4 Tainted: G D 4.19.0-rc4+ #63 [ 247.111635] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 247.211562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.111635] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 247.211562] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 247.111635] RSP: 0018:ffff88018af8f510 EFLAGS: 00010046 [ 247.211562] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 247.211562] RSP: 0018:ffff88017930f5c8 EFLAGS: 00010002 [ 247.111635] RAX: 000000000000001b RBX: 0000000000000000 RCX: 48b97289d13e9c00 [ 247.111635] RDX: 0000000000000000 RSI: 0000000000002541 RDI: 0000000000002542 [ 247.211562] RAX: 0000000000000046 RBX: 0000000000000000 RCX: bb29be1126443000 [ 247.111635] RBP: ffff88018af8f540 R08: 0000000000000000 R09: ffff88021fc38f50 [ 247.211562] RDX: 0000000000000000 RSI: 00000000000053e2 RDI: 00000000000053e3 [ 247.111635] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 247.211562] RBP: ffff88017930f5f8 R08: 0000000000000000 R09: ffff88021fd38f50 [ 247.111635] R13: ffff88017a0c7038 R14: 0000000000000001 R15: 0000000000000008 [ 247.211562] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 247.111635] FS: 00007fd5065b2700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 247.211562] R13: ffff88017a0c70e8 R14: 0000000000000001 R15: 0000000000000008 [ 247.111635] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.211562] FS: 00007f7816877700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 247.111635] CR2: 00007fd506590db8 CR3: 0000000177d60000 CR4: 00000000001406f0 [ 247.211562] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.111635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 247.211562] CR2: 0000000020f6bffb CR3: 0000000179dec000 CR4: 00000000001406e0 [ 247.111635] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 247.211562] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 247.111635] Kernel panic - not syncing: Fatal exception [ 247.211562] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 247.211562] Call Trace: [ 247.211562] kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 247.211562] kmsan_unpoison_shadow+0x72/0xd0 [ 247.211562] vunmap_page_range+0x828/0xc20 [ 247.211562] remove_vm_area+0x39b/0x450 [ 247.211562] __vunmap+0x34c/0x5d0 [ 247.211562] vfree+0x79/0x170 [ 247.211562] bpf_prog_calc_tag+0x929/0x9d0 [ 247.211562] bpf_check+0x9a4/0xd0c0 [ 247.211562] ? task_kmsan_context_state+0x6b/0x120 [ 247.211562] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 247.211562] ? task_kmsan_context_state+0x6b/0x120 [ 247.211562] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 247.211562] ? vmalloc_to_page+0x57d/0x6b0 [ 247.211562] ? kmsan_set_origin+0x83/0x140 [ 247.211562] __do_sys_bpf+0xd528/0xf970 [ 247.211562] ? __msan_poison_alloca+0x17a/0x210 [ 247.211562] ? prepare_exit_to_usermode+0x53/0x470 [ 247.211562] ? syscall_return_slowpath+0x112/0x880 [ 247.211562] ? put_timespec64+0x162/0x220 [ 247.211562] __se_sys_bpf+0x8e/0xa0 [ 247.211562] __x64_sys_bpf+0x4a/0x70 [ 247.211562] do_syscall_64+0xbe/0x100 [ 247.211562] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 247.211562] RIP: 0033:0x457579 [ 247.211562] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 247.211562] RSP: 002b:00007f7816876c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 247.211562] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 247.211562] RDX: 0000000000000048 RSI: 00000000200ba000 RDI: 0000000000000005 [ 247.211562] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 247.211562] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78168776d4 [ 247.211562] R13: 00000000004bd990 R14: 00000000004cc328 R15: 00000000ffffffff [ 247.211562] Modules linked in: [ 247.211562] ---[ end trace 8102ba9dd1154899 ]--- [ 247.211562] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 247.211562] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 247.211562] RSP: 0018:ffff88018af8f510 EFLAGS: 00010046 [ 247.211562] RAX: 000000000000001b RBX: 0000000000000000 RCX: 48b97289d13e9c00 [ 247.211562] RDX: 0000000000000000 RSI: 0000000000002541 RDI: 0000000000002542 [ 247.211562] RBP: ffff88018af8f540 R08: 0000000000000000 R09: ffff88021fc38f50 [ 247.211562] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 247.211562] R13: ffff88017a0c7038 R14: 0000000000000001 R15: 0000000000000008 [ 247.211562] FS: 00007f7816877700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 247.211562] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.211562] CR2: 0000000020f6bffb CR3: 0000000179dec000 CR4: 00000000001406e0 [ 247.211562] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 247.211562] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 247.111635] Shutting down cpus with NMI [ 247.211562] ------------[ cut here ]------------ [ 247.211562] kernel BUG at mm/kmsan/kmsan_entry.c:81! [ 247.211562] invalid opcode: 0000 [#3] SMP [ 247.211562] CPU: 1 PID: 8004 Comm: syz-executor4 Tainted: G D 4.19.0-rc4+ #63 [ 247.111635] Kernel Offset: disabled [[ 2 24747.1.11111663355]] RReebbooootitinngg i inn 8866440000 sesceocnodnsd.s... Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.211562] RIP: 0010:kmsan_nmi_enter+0x42/0x70 [ 247.211562] Code: 00 74 27 65 8b 04 25 40 8f 03 00 ff c0 83 f8 08 7d 28 65 89 04 25 40 8f 03 00 65 c6 04 25 d5 6c 0b 00 ff c3 0f 0b 66 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e [ 247.211562] RSP: 0018:fffffe0000049ea8 EFLAGS: 00010046 [ 247.211562] RAX: 0000000080000000 RBX: 0000000000000001 RCX: 00000000c0000101 [ 247.211562] RDX: 00000000ffff8802 RSI: ffffffff8ac011a8 RDI: 0000000000040000 [ 247.211562] RBP: fffffe0000049ef9 R08: 0000000000000000 R09: 0000000000000000 [ 247.211562] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 247.211562] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 247.211562] FS: 00007f7816877700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 247.211562] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.211562] CR2: 0000000020f6bffb CR3: 0000000179dec000 CR4: 00000000001406e0 [ 247.211562] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 247.211562] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 247.211562] Call Trace: [ 247.211562] [ 247.211562] ? end_repeat_nmi+0x19/0x58 [ 247.211562] ? end_repeat_nmi+0x7/0x58 [ 247.211562] ? panic_smp_self_stop+0xe/0xd0 [ 247.211562] ? panic_smp_self_stop+0x12/0xd0 [ 247.211562] ? panic_smp_self_stop+0x12/0xd0 [ 247.211562] ? panic_smp_self_stop+0x12/0xd0 [ 247.211562] [ 247.211562] ? panic+0x324/0xafa [ 247.211562] ? __show_regs+0xf8d/0x1310 [ 247.211562] ? oops_end+0x2cc/0x2d0 [ 247.211562] ? die+0x124/0x140 [ 247.211562] ? do_trap+0x686/0x710 [ 247.211562] ? do_error_trap+0x63c/0x6e0 [ 247.211562] ? kmsan_get_shadow_address+0x2d6/0x3d0 [ 247.211562] ? kmsan_get_shadow_address+0x2d6/0x3d0 [ 247.211562] ? do_invalid_op+0x98/0xb0 [ 247.211562] ? invalid_op+0x14/0x20 [ 247.211562] ? write_ext_msg+0x890/0x890 [ 247.211562] ? kmsan_get_shadow_address+0x2d6/0x3d0 [ 247.211562] ? kmsan_get_shadow_address+0x2f6/0x3d0 [ 247.211562] ? kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 247.211562] ? kmsan_unpoison_shadow+0x72/0xd0 [ 247.211562] ? vunmap_page_range+0x828/0xc20 [ 247.211562] ? remove_vm_area+0x39b/0x450 [ 247.211562] ? __vunmap+0x34c/0x5d0 [ 247.211562] ? vfree+0x79/0x170 [ 247.211562] ? bpf_prog_calc_tag+0x929/0x9d0 [ 247.211562] ? bpf_check+0x9a4/0xd0c0 [ 247.211562] ? task_kmsan_context_state+0x6b/0x120 [ 247.211562] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 247.211562] ? task_kmsan_context_state+0x6b/0x120 [ 247.211562] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 247.211562] ? vmalloc_to_page+0x57d/0x6b0 [ 247.211562] ? kmsan_set_origin+0x83/0x140 [ 247.211562] ? __do_sys_bpf+0xd528/0xf970 [ 247.211562] ? __msan_poison_alloca+0x17a/0x210 [ 247.211562] ? prepare_exit_to_usermode+0x53/0x470 [ 247.211562] ? syscall_return_slowpath+0x112/0x880 [ 247.211562] ? put_timespec64+0x162/0x220 [ 247.211562] ? __se_sys_bpf+0x8e/0xa0 [ 247.211562] ? __x64_sys_bpf+0x4a/0x70 [ 247.211562] ? do_syscall_64+0xbe/0x100 [ 247.211562] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 247.211562] Modules linked in: [ 247.211562] ---[ end trace 8102ba9dd115489a ]--- [ 247.211562] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 247.211562] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c [ 247.211562] RSP: 0018:ffff88018af8f510 EFLAGS: 00010046 [ 247.211562] RAX: 000000000000001b RBX: 0000000000000000 RCX: 48b97289d13e9c00 [ 247.211562] RDX: 0000000000000000 RSI: 0000000000002541 RDI: 0000000000002542 [ 247.211562] RBP: ffff88018af8f540 R08: 0000000000000000 R09: ffff88021fc38f50 [ 247.211562] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001 [ 247.211562] R13: ffff88017a0c7038 R14: 0000000000000001 R15: 0000000000000008 [ 247.211562] FS: 00007f7816877700(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 247.211562] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 247.211562] CR2: 0000000020f6bffb CR3: 0000000179dec000 CR4: 00000000001406e0 [ 247.211562] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 247.211562] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400