[ 61.397163] sshd (6195) used greatest stack depth: 53392 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 61.599521] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 62.433144] random: sshd: uninitialized urandom read (32 bytes read) [ 62.890035] sshd (6262) used greatest stack depth: 53184 bytes left [ 62.926843] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 65.609931] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.113' (ECDSA) to the list of known hosts. [ 71.461319] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 16:39:33 fuzzer started [ 76.128425] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 16:39:38 dialing manager at 10.128.0.26:45337 2018/10/10 16:39:38 syscalls: 1 2018/10/10 16:39:38 code coverage: enabled 2018/10/10 16:39:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 16:39:38 setuid sandbox: enabled 2018/10/10 16:39:38 namespace sandbox: enabled 2018/10/10 16:39:38 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 16:39:38 fault injection: enabled 2018/10/10 16:39:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 16:39:38 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/10 16:39:38 net device setup: enabled [ 81.537561] random: crng init done 16:41:41 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000300)='io.stat\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20) [ 202.296801] IPVS: ftp: loaded support on port[0] = 21 [ 203.755498] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.762115] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.771019] device bridge_slave_0 entered promiscuous mode [ 203.923355] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.929838] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.938846] device bridge_slave_1 entered promiscuous mode [ 204.088253] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.239247] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.708124] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 204.865600] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 205.019092] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 205.026285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.178058] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.185308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:41:45 executing program 1: perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x0, 'queue0\x00'}) r0 = memfd_create(&(0x7f00000013c0)="95ce769ace2849a3b2baa0e1987e371c660b10e2ae819369892409d2df9e3b0b6cc64518f630dce7540ad9fc648a1f6646d37927ea4c3d532952aa03036ba0c63e36f15d233d5a63aeecdf8ae1fee0ad9aaa41169f3527452dc54fa3f0e7d7bd00fde7a076d5374c1776d5aae65f66952d2d774aa3bef178d0a76e61c67c6d68b0d650793b3eeb718e3b9868cee27bed2323a9039738e9da26af33ae1d0d9b04b6bca9e589df04963d0e4f78246b6392a3c9bb324429ade4bf73c7d3391a2d570f4c3bf4ff7b0099124924ddf370ddad175cabb5075240fcd128b39c60e05cfc31", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000027ff3)='/dev/snd/seq\x00', 0x0, 0x20005) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000037000)={0x0, 0x0, 0x0, "9ede7a885ae95e4800800000000000604f13eeab65c0323901dc6b0000000032f01b7f0b014f9f91eeb7c37c7240f476c8d753000074dbcfa6b74d00"}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0xfffffffe, 0x0, 0x0, @tick, {}, {}, @ext={0x0, &(0x7f0000038ffe)}}], 0xf2) [ 205.749122] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 205.757704] team0: Port device team_slave_0 added [ 205.965234] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 205.973782] team0: Port device team_slave_1 added [ 206.201285] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 206.208650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 206.218039] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 206.361646] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 206.369054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 206.378293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 206.596475] IPVS: ftp: loaded support on port[0] = 21 [ 206.638833] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 206.646583] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.655905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.904654] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 206.912483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.921904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.917953] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.924683] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.933756] device bridge_slave_0 entered promiscuous mode [ 209.153780] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.160332] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.169426] device bridge_slave_1 entered promiscuous mode [ 209.405573] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.634933] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.743321] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.749833] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.757047] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.763630] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.772987] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.132707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.220091] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.430384] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.605833] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.613222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.869759] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.877261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:41:51 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000400)="153f6234488d6d5d766070") r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKROSET(r1, 0x914, &(0x7f0000000280)) [ 211.687704] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.696098] team0: Port device team_slave_0 added [ 212.007589] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.016113] team0: Port device team_slave_1 added [ 212.368439] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.375766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.385190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.701343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.708720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.718167] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.845474] IPVS: ftp: loaded support on port[0] = 21 [ 212.999455] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.007288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.016866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.302660] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 213.310317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.319680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.878607] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.885236] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.894012] device bridge_slave_0 entered promiscuous mode [ 216.167321] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.174037] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.182999] device bridge_slave_1 entered promiscuous mode [ 216.514681] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 216.790146] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.868154] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.874709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.881702] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.888361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.897603] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.252302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 217.794230] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 218.128659] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 218.320067] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 218.328224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.603546] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.610786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.547695] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.556179] team0: Port device team_slave_0 added 16:41:59 executing program 3: r0 = socket$inet6(0xa, 0x8000000080003, 0xff) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg(r0, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000001180), 0x240, &(0x7f00000011c0)}}], 0x249, 0x0) [ 219.882233] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.890437] team0: Port device team_slave_1 added [ 220.240841] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 220.248046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 220.256981] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.667216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 220.674545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.683772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.980010] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.988283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.997857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.374733] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 221.382542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.391648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.525706] IPVS: ftp: loaded support on port[0] = 21 [ 222.688461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.069993] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 225.024462] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.030926] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.039615] device bridge_slave_0 entered promiscuous mode [ 225.455636] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.462228] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.470871] device bridge_slave_1 entered promiscuous mode [ 225.530059] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.536619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.543738] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.550209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.559799] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 225.664862] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 225.671282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.679727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.888102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 226.219656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 226.292173] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 227.191006] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.268996] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 227.667843] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 228.000711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 228.008069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 228.291137] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 228.298400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.518335] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 229.527161] team0: Port device team_slave_0 added [ 229.928525] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 229.936849] team0: Port device team_slave_1 added [ 230.326665] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 230.334384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 230.343461] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.697158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 230.704417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.713623] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.099849] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.107645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.116956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 16:42:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={&(0x7f0000d55000), 0xc, &(0x7f0000000000)={&(0x7f00003c0fdc)={0x24, 0x0, 0x1, 0x800000003, 0x0, 0x0, {}, [@nested={0x10, 0x2, [@typed={0xc, 0x1, @ipv4=@local={0xac, 0x14, 0xffffffffffffffff}}]}]}, 0x24}}, 0x0) [ 231.505056] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 231.512905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.522244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.554703] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.235433] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.274734] IPVS: ftp: loaded support on port[0] = 21 [ 234.953932] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.960359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.969059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 236.646098] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.652676] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.659695] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.666314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.675463] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 236.692739] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.043169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 16:42:17 executing program 0: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) rt_sigtimedwait(&(0x7f00000000c0), 0x0, &(0x7f0000000180)={0x0, r0+10000000}, 0x8) r1 = getpid() keyctl$session_to_parent(0x12) rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x10, r1) ptrace(0x11, r1) [ 237.752544] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.759024] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.767805] device bridge_slave_0 entered promiscuous mode [ 238.274287] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.280885] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.289724] device bridge_slave_1 entered promiscuous mode 16:42:18 executing program 0: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) rt_sigtimedwait(&(0x7f00000000c0), 0x0, &(0x7f0000000180)={0x0, r0+10000000}, 0x8) r1 = getpid() keyctl$session_to_parent(0x12) rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x10, r1) ptrace(0x11, r1) [ 238.819881] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 239.245730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 16:42:19 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000000c0)="6a90470f2e46042f326800df3a459163933e6bb30548fc019ceacd5de44edba905bd5cb62d8bf06afbce8205535d38ad000000000000") r1 = socket$inet(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000002940)=[{{&(0x7f0000000000)=@nfc, 0x80, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)=""/156, 0xffad, 0x7}}], 0x3e8, 0xfffffffffffffffc, &(0x7f0000000800)={0x77359400}) sendmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000880)="24000000260007031dfffd946fa2830020200a0009000304341d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'bridge0\x00', {0x2, 0x4e23, @rand_addr=0x8}}) 16:42:20 executing program 0: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x25b}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020d000010000000000000000000000008001200000003000000000000000000060000000000000000010000000000000000000000000000000000000000000000000000000000000300eaffffff0000020000009807d7060000000000000000030005000000000003000000ac14ffbb00000000000000000000000000000000"], 0x80}}, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x92, 0x2000) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000002c0)={0xa58, 0x2, 'client0\x00', 0x0, "559594bcd920fe98", "e827ccf6203250fb83c55bd7f2f0ffff3aa9a9339f58b5ed2100", 0x8, 0x3ff}) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x2, 0x0, 0x0, 0x0, 0x2}, 0xffffff8f}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x400000000000117, 0x0) [ 240.735316] bond0: Enslaving bond_slave_0 as an active interface with an up link 16:42:21 executing program 0: mkdir(&(0x7f0000000300)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = memfd_create(&(0x7f0000000140)='.+#\x00', 0x2) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000180)={0x7, 0x6, 0x7}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0xc}) sendmsg$nl_generic(r1, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000380)={0x1e8, 0x27, 0x100, 0x70bd29, 0x25dfdbfc, {0x1e}, [@generic="4f7320208a355a578c2c1ea55c825c551abee978bb4ac2a0b2a08992838d445a188474dd52e457d076fca3aa9b22a6fb643f2da8a4aac277d7b1f1144177753fd611d4a0fe80578f67cbf0e48470126797e7c649fdcb4ea3ae27d507c12f1c2ebf16d06208aea2443acd0464fbffe57ed221d5d907e1b39f8cd63cd39d692edd44ac2c145d2a6efdaadb27cb518c87e31469d5f2267ecdcf5af89907f9068ab5201daf5b0137f5ef2e94", @typed={0x7c, 0x7d, @binary="caeb9a8392caf179b58c1377ddfce6773e3a6d0ca7191d5050e390968b9d03129d65ab4191b3e18e5ebbf81816e546230745b87d05a0a2963b9c405370481ce71f57985d4f78149907384bbcd2ab3d139cfa26b8eb20a5d48bbbbb1b37b8bf06284718fb331c027565bb582db01b302e0f3ea057346f"}, @nested={0xac, 0x44, [@generic="ccfac12978f916e2f5403925c1cedb87b1805a24b3992c626198e7320af989251fd80c8473d6d5b171fb25e517e540aa9941f6379a754befe84d9c77bf078d0498e95c0272cf324518c168e8ffba15bca5bd37cb659a8a5e53164e44afddf94e5abb748aa8bdee7757f7d23003d7660e1d981b72ed628ef6e98a9ee7070a0718475b263afbc0ab4c9dbe058e70f5005702a81531f836eddaa5b31ed6332bfe18242ec23f47ece8"]}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x20000004}, 0x4008004) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) futimesat(r1, &(0x7f00000001c0)='./control\x00', &(0x7f0000000280)={{}, {0x0, 0x7530}}) r2 = creat(&(0x7f0000000340)='./control\x00', 0x1) write$sndseq(r2, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) unlink(&(0x7f00000000c0)='./control/file0\x00') rmdir(&(0x7f0000000040)='./control\x00') link(&(0x7f0000000080)='./control/file0\x00', &(0x7f0000000100)='./control\x00') close(r0) [ 241.268104] bond0: Enslaving bond_slave_1 as an active interface with an up link 16:42:21 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f00000002c0)="153f6234488dd25d766070") r1 = socket(0x11, 0xa, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x1a, &(0x7f0000000000), 0x20a154cc) socket$rds(0x15, 0x5, 0x0) [ 241.698449] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 241.705743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 16:42:22 executing program 0: unshare(0x20400) r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$XDP_MMAP_OFFSETS(r1, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000300)=0xffffffffffffff63) iopl(0x101) [ 242.203912] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.211040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:42:22 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x401, 0x2000) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'veth0_to_bridge\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="500005000000000000000000000000000000000000000000010000000040000000f415ec00188d966d41bd890000000000000000000000ffffff7f0000000000000000000000000000000000000000000700080000000000000000000000000000000000000000"]}) [ 243.193020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.248633] ip (7114) used greatest stack depth: 53040 bytes left [ 243.530661] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 243.539133] team0: Port device team_slave_0 added [ 243.909931] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 243.918499] team0: Port device team_slave_1 added [ 244.240620] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 244.249195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.258121] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.532442] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 244.539603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 244.548666] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 244.593155] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.802614] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 244.810243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.819325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.119505] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 245.127395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.136796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.800645] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.807413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.815566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:42:26 executing program 1: perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x100006, 0x0, 0x0, 0xfffffffffffffffc}]}) [ 246.569339] kauditd_printk_skb: 3 callbacks suppressed [ 246.569375] audit: type=1326 audit(1539189746.636:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7196 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 247.009419] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.207693] audit: type=1326 audit(1539189747.276:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7196 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 248.268000] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.274663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.281638] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.288796] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.297497] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 248.304264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.700782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.615150] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 252.350659] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 252.359284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 252.367385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:42:33 executing program 2: [ 253.262574] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.158795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.682876] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 16:42:36 executing program 3: [ 257.207934] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 257.214362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 257.222186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 257.520386] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.554821] netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. [ 259.564995] netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. 16:42:39 executing program 4: 16:42:39 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) socket(0x10, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f7980584303d01f0549a89d78dc4af89ed554fa07424adee901d2da75af1f02acc7edbcd7a071fb35331ce39c5ad3657818feb0279188b92b2e6b035cde4c66c6b00081bd106f6adfe58108a8be89d3695670374e304c071de17635f3034de8c2372e07000000000000007d656f") socket$inet6(0xa, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000000)="153f623448607000000000") syz_open_dev$sndctrl(&(0x7f000000a000)='/dev/snd/controlC#\x00', 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) bind(r0, &(0x7f00000000c0)=@l2={0x1f, 0x1, {0x3ff, 0x6, 0x5, 0x3, 0x4, 0x5}, 0x7, 0xffffffffffff0000}, 0x80) socket$kcm(0x2, 0x3, 0x2) socket$pptp(0x18, 0x1, 0x2) r2 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r2, 0x10d, 0xb, &(0x7f0000000080)=r2, 0x4) 16:42:39 executing program 5: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x8400, 0x0) setsockopt$inet6_dccp_int(r0, 0x21, 0xb, &(0x7f0000000040)=0x20, 0x4) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000080)={0x2d, 0x1, 0x3, 0x5, 0x4, [{0xff, 0x3, 0x3f, 0x0, 0x0, 0x2000}, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x8}, {0x1f, 0x2, 0x1, 0x0, 0x0, 0x1005}, {0x27e, 0x9, 0x9, 0x0, 0x0, 0x1}]}) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='illinois\x00', 0x9) r1 = semget(0x2, 0x4, 0x4) semctl$SETALL(r1, 0x0, 0x11, &(0x7f00000001c0)=[0x9cb, 0xffc0000, 0x7ff, 0x100000000, 0x7, 0x6, 0x4, 0xffffffffffffffdc, 0x0]) getsockopt$netlink(r0, 0x10e, 0xb, &(0x7f0000000200)=""/134, &(0x7f00000002c0)=0x86) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000300)={0xea00000000000000, 0xfff, 0xa0, 0x200, 0x300}) r2 = socket$l2tp(0x18, 0x1, 0x1) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000340)={0x5, 0x400000000000}) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000380)=0x8000) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f00000003c0)={{0x2b, @multicast2, 0x4e24, 0x0, 'wrr\x00', 0x26, 0xf3, 0x23}, {@empty, 0x4e21, 0x2000, 0x40bea73b, 0x400, 0x3}}, 0x44) r3 = add_key$user(&(0x7f0000000440)='user\x00', &(0x7f0000000480)={'syz', 0x3}, &(0x7f00000004c0)="a1e32f8f2e58b42f4eeaa3a51a6e0dff6b3cf16b35fc41704fbf455e5b38ce3859c32f13152752cddb8e96fc47269a71a4a3847c9430e94247074344b6ca404bb5d5a9ba57f6e43420be2e1e752580924a7e7df996a94a6610e5d12d698325d63184881416e5d1ec7c7812601f78de27d58a3cd259ebcecaea1772698635c8d2e39e75f8e9e324a8b8f4d1ab0b69eeba6d893ba620cefa5756e669343e5106f520bc185a99a18c8450ab2151ba81fc8489a255a4", 0xb4, 0xfffffffffffffffa) keyctl$invalidate(0x15, r3) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000580)={0x3, 0x1}) ioctl$int_out(r0, 0x2, &(0x7f00000005c0)) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000600)={{0x0, @empty, 0x4e20, 0x3, 'wrr\x00', 0x4, 0x967, 0x26}, {@local, 0x4e22, 0x10004, 0x8, 0xd718, 0x1}}, 0x44) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f0000000680)=""/67) ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000700)=""/82) ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, &(0x7f0000000780)={0x4001, 0xf000, 0x5, 0x1, 0x7023}) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000007c0)=0x0) tkill(r4, 0xd) r5 = getuid() getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000840)={{{@in6=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @rand_addr}}, 0x0, @in=@broadcast}}, &(0x7f0000000940)=0xe8) fstat(r2, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = getgid() setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000fc0)=@filter={'filter\x00', 0xe, 0x4, 0x5b0, [0x0, 0x20000a00, 0x20000d10, 0x20000d40], 0x0, &(0x7f0000000800), &(0x7f0000000a00)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x2, [{{{0x3, 0x2, 0xe90d, 'syzkaller0\x00', 'veth1_to_bond\x00', 'eql\x00', 'veth0_to_bond\x00', @local, [0xff, 0x0, 0xff, 0x0, 0xff, 0xff], @local, [0xff, 0x0, 0xff], 0x120, 0x168, 0x1b8, [@stp={'stp\x00', 0x48, {{0x8000, {0xc5e, 0x8, 0x0, @empty, [0xff, 0xff, 0xff, 0x0, 0xff], 0x3, 0x9, 0x10000, 0x8, @empty, [0x0, 0x0, 0x0, 0xff], 0x4e23, 0x4e23, 0x3, 0x7, 0x4, 0x3, 0x89, 0x8000, 0xc4, 0xffff}, 0x0, 0x208}}}, @connbytes={'connbytes\x00', 0x18, {{0x3, 0x4fc80350, 0x0, 0x3}}}]}, [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x200, 0x2, 0x1}}}]}, @common=@LED={'LED\x00', 0x28, {{'syz0\x00', 0x0, 0x1b41, 0xffffffff}}}}, {{{0x11, 0x4d, 0xac8304b3237b048a, 'syzkaller0\x00', 'team_slave_1\x00', 'ifb0\x00', 'bridge_slave_1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [0xff, 0x0, 0x0, 0x0, 0xff], @empty, [0xff, 0x0, 0xff, 0x0, 0xff], 0xb0, 0xf8, 0x128, [@devgroup={'devgroup\x00', 0x18, {{0x8, 0x3f, 0x7, 0x0, 0x7fffffff}}}]}, [@common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0x0, 0x3ff, 0x6}}}]}, @common=@AUDIT={'AUDIT\x00', 0x8, {{0x1}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{{{0x1b, 0x10, 0xf8, 'syzkaller0\x00', 'veth0_to_bond\x00', 'rose0\x00', 'gre0\x00', @local, [0x0, 0xff, 0x0, 0xff, 0x0, 0xff], @empty, [0x0, 0xff, 0x0, 0x0, 0xff], 0xb0, 0x100, 0x130, [@owner={'owner\x00', 0x18, {{r5, r6, r7, r8, 0x3, 0x2}}}]}, [@common=@log={'log\x00', 0x28, {{0x0, "ff511c89a1302ef1fa6b017d2c6a5c827d0c78ccd6d64383d735846d36aa", 0x9}}}]}, @common=@AUDIT={'AUDIT\x00', 0x8, {{0x1}}}}]}, {0x0, '\x00', 0x3, 0xfffffffffffffffe, 0x1, [{{{0x15, 0x2, 0x8914, 'bond_slave_0\x00', 'team_slave_1\x00', 'nr0\x00', 'bond0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [0xff, 0x0, 0xff, 0xff, 0xff, 0xff], @local, [0x0, 0xff, 0xff, 0x0, 0xff], 0xa8, 0xa8, 0xe0, [@mac={'mac\x00', 0x10, {{@dev={[], 0x1f}}}}]}}, @common=@mark={'mark\x00', 0x10, {{0xffffffe0, 0xffffffffffffffff}}}}]}]}, 0x628) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000001140)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)={0x24, r9, 0x412, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffffffffffc01}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x4011) 16:42:39 executing program 2: 16:42:39 executing program 1: perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$seccomp(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x100006, 0x0, 0x0, 0xfffffffffffffffc}]}) 16:42:39 executing program 3: [ 259.820974] audit: type=1326 audit(1539189759.886:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7557 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 16:42:39 executing program 4: 16:42:40 executing program 2: r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) 16:42:40 executing program 4: clone(0x820002102011ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KDDISABIO(r0, 0x40096100) ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000100)={0x0, &(0x7f00000000c0)}) 16:42:40 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x7d5, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)="2f67726f75702e73746174003c23fb572a1f0294e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a471b4a7fa2f3fdf6e034d804e5f0df4b1dee483b157624c59c0100e89e6a357c000000", 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0x1600, 0x297ef) 16:42:40 executing program 0: clone(0x820002102011ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KDDISABIO(r0, 0x40096100) 16:42:40 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={"6c6f000000000000000000001f00"}) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0xb000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)=@ipv4_newroute={0x1c, 0x18, 0x521, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x2}}, 0x1c}, 0x14}, 0x0) 16:42:40 executing program 2: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f0000000000)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880)=ANY=[@ANYBLOB="34000000000000003ab614c7137b4557abc2326c2b8521fdd3ada7065c4d25bb272e58b5cc201de6ecb4ee56f4d41f03012195699f97d11566067c6f67280114184ab30a9c460e0c3340c9507051bc868c37144d21981f041d9d2412fc5d68d4628858eeca57ecc52eb15c0e06e819fcbcf08515287cabdc91f1f2b804d94588caad6e059ec4a14ee92cef61555c9b90"]) close(r0) 16:42:40 executing program 0: [ 261.451676] IPVS: ftp: loaded support on port[0] = 21 [ 262.236110] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.242620] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.250336] device bridge_slave_0 entered promiscuous mode [ 262.333572] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.339986] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.348382] device bridge_slave_1 entered promiscuous mode [ 262.432610] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 262.514161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 262.760946] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 262.848881] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 262.933432] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 262.940443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 263.032161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 263.039199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 263.289689] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 263.297419] team0: Port device team_slave_0 added [ 263.380098] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 263.387932] team0: Port device team_slave_1 added [ 263.471106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 263.559283] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 263.642003] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 263.649338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 263.658717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 263.736428] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 263.743806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 263.752932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 264.655996] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.662527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.669385] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.675978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.684183] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 264.902188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 267.889841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 268.187907] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 268.487985] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 268.494343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 268.502396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 268.802883] 8021q: adding VLAN 0 to HW filter on device team0 16:42:50 executing program 5: 16:42:50 executing program 1: 16:42:50 executing program 4: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$KDDISABIO(r0, 0x40046104) 16:42:50 executing program 3: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0xffffffffffffff9c, 0x28, &(0x7f00000003c0)={0x0, 0x0}}, 0xfffffffffffffff0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={r0, 0x1, 0x10}, 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0x0, 0x80000000}, 0xc) r1 = socket$kcm(0x2, 0x0, 0x84) recvmsg$kcm(r1, &(0x7f00000078c0)={&(0x7f0000005580)=@xdp, 0x80, &(0x7f0000007780)=[{&(0x7f0000005600)=""/201, 0xc9}, {&(0x7f0000005700)=""/4096, 0x1000}, {&(0x7f0000006700)=""/119, 0x77}, {&(0x7f0000006780)=""/4096, 0x1000}], 0x4, &(0x7f00000077c0)=""/248, 0xf8, 0x5}, 0x2000) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9c84a2c00d2970403dc0d") bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000080)='eth0!%(]+]\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x46, &(0x7f00000001c0)='vmnet1\\-vboxnet0posix_acl_access}cpusetselfkeyringvmnet0(cpusetem0([.\x00', r2}, 0x30) perf_event_open(&(0x7f0000000680)={0x1, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1ff, 0xa002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xffffffff80000001, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffe) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x2761, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)="6576656e7473000000c7aaff0fb0c79b9391e4ae6479d80000000000", 0xf0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000200)={r1}) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x18, &(0x7f0000000140)='vboxnet0wlan0-vboxnet0$\x00', 0xffffffffffffffff}, 0x30) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000480)=ANY=[@ANYBLOB="09000100000000000000000000bf00000000000000080000000000000000000000ef410f81636a9be2b07aad6ea2bdb5c5c80529819a3624fbe85dc0a229cdd0f0e8ce8c4e71650caf14c9775646e58598748008dbe16b2db4b4cad8beefdbc3495800219aa48b282858e5c553c914c41a9d881b8fdf053d666a136e0aa38380523b27743e874fc897614b21d4dfe834"]) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x6, 0xfffffffffffffff7, 0x101, 0x34, 0x0, 0x1, 0x1e008, 0x0, 0x9, 0x101, 0x0, 0x7fff, 0x8001, 0x843a, 0x8, 0x8001, 0x1000, 0x9, 0x7, 0x81, 0x76, 0x6, 0x4, 0xca93, 0x800, 0xffffffffffffffff, 0x5f, 0x8001, 0x6, 0x10000, 0x1ff, 0x6, 0xffffffffffffff00, 0x1, 0x7d9, 0xfffffffffffffff7, 0x0, 0x8, 0x0, @perf_config_ext={0x0, 0x10001}, 0x0, 0x1, 0x9b1, 0x7, 0x100000001, 0xa, 0x7}, r4, 0xb, r3, 0x8) socket$kcm(0x2, 0x7, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) socket$kcm(0x2, 0x8000000003, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8953, &(0x7f0000000040)=0x2) 16:42:50 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x7) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040)=0x4006, 0x4) sendto$inet6(r1, &(0x7f0000000240)="0581c7000500000000000000ffa2ad88050000000000008c39160aaacb57a80000067d1a80e19e33e3c2e7725f4a5861153709000000f7402810247f0139d643ba0708e265756fe5eb8f5972eaecfffc2bd9e9aba5568a12843d4342277bd6adf74af03e90f5490f2a38ff07e4b0a084b53a683747f955a47ddc7100080000395da1a7ba8a7069cdb5f4eff4aae8b98ccd4245ad64ceaa7ad4974418b715a624f2cfdaf236512e17960229a1b3bc79b3603a800292fa7c36fb4f6c1342c60e17e6539f6bfeef0bae71fd57b9798d8b6370", 0xd1, 0x0, &(0x7f0000000000)={0xa, 0x100200000800, 0x2, @remote}, 0x1c) 16:42:50 executing program 0: r0 = socket(0x9, 0x3, 0x8) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000000)=0x1f, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x40010040, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/fib_triestat\x00') preadv(r1, &(0x7f00000017c0), 0x1d0, 0x0) 16:42:51 executing program 4: 16:42:51 executing program 1: 16:42:51 executing program 2: 16:42:51 executing program 5: 16:42:51 executing program 4: 16:42:51 executing program 1: 16:42:51 executing program 3: bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={0xffffffffffffff9c, 0x28, &(0x7f00000003c0)={0x0, 0x0}}, 0xfffffffffffffff0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={r0, 0x1, 0x10}, 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0x0, 0x80000000}, 0xc) r1 = socket$kcm(0x2, 0x0, 0x84) recvmsg$kcm(r1, &(0x7f00000078c0)={&(0x7f0000005580)=@xdp, 0x80, &(0x7f0000007780)=[{&(0x7f0000005600)=""/201, 0xc9}, {&(0x7f0000005700)=""/4096, 0x1000}, {&(0x7f0000006700)=""/119, 0x77}, {&(0x7f0000006780)=""/4096, 0x1000}], 0x4, &(0x7f00000077c0)=""/248, 0xf8, 0x5}, 0x2000) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9c84a2c00d2970403dc0d") bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000080)='eth0!%(]+]\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x46, &(0x7f00000001c0)='vmnet1\\-vboxnet0posix_acl_access}cpusetselfkeyringvmnet0(cpusetem0([.\x00', r2}, 0x30) perf_event_open(&(0x7f0000000680)={0x1, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1ff, 0xa002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xffffffff80000001, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffe) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpuset.memory_pressure\x00', 0x2761, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)="6576656e7473000000c7aaff0fb0c79b9391e4ae6479d80000000000", 0xf0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000200)={r1}) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x18, &(0x7f0000000140)='vboxnet0wlan0-vboxnet0$\x00', 0xffffffffffffffff}, 0x30) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, &(0x7f0000000480)=ANY=[@ANYBLOB="09000100000000000000000000bf00000000000000080000000000000000000000ef410f81636a9be2b07aad6ea2bdb5c5c80529819a3624fbe85dc0a229cdd0f0e8ce8c4e71650caf14c9775646e58598748008dbe16b2db4b4cad8beefdbc3495800219aa48b282858e5c553c914c41a9d881b8fdf053d666a136e0aa38380523b27743e874fc897614b21d4dfe834"]) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x6, 0xfffffffffffffff7, 0x101, 0x34, 0x0, 0x1, 0x1e008, 0x0, 0x9, 0x101, 0x0, 0x7fff, 0x8001, 0x843a, 0x8, 0x8001, 0x1000, 0x9, 0x7, 0x81, 0x76, 0x6, 0x4, 0xca93, 0x800, 0xffffffffffffffff, 0x5f, 0x8001, 0x6, 0x10000, 0x1ff, 0x6, 0xffffffffffffff00, 0x1, 0x7d9, 0xfffffffffffffff7, 0x0, 0x8, 0x0, @perf_config_ext={0x0, 0x10001}, 0x0, 0x1, 0x9b1, 0x7, 0x100000001, 0xa, 0x7}, r4, 0xb, r3, 0x8) socket$kcm(0x2, 0x7, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r3) socket$kcm(0x2, 0x8000000003, 0x2) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x8953, &(0x7f0000000040)=0x2) 16:42:51 executing program 0: 16:42:51 executing program 2: 16:42:52 executing program 1: 16:42:52 executing program 5: 16:42:52 executing program 4: 16:42:52 executing program 2: r0 = socket$inet6(0xa, 0x1000000000001, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000440)={{{@in6=@loopback, @in6=@remote}}, {{@in=@broadcast}, 0x0, @in6=@dev}}, &(0x7f0000000540)=0xe8) getegid() getresgid(&(0x7f0000000880), &(0x7f00000008c0), &(0x7f0000000900)) getgroups(0x1, &(0x7f0000000940)=[0xffffffffffffffff]) lstat(&(0x7f0000000980)='./file0\x00', &(0x7f00000009c0)) 16:42:52 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x3, 0x6) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000100)={0x6, @local, 0x0, 0x0, 'none\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) 16:42:52 executing program 1: 16:42:52 executing program 3: 16:42:52 executing program 4: 16:42:52 executing program 2: 16:42:52 executing program 5: r0 = socket$inet6(0xa, 0x1000000000001, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") timer_gettime(0x0, &(0x7f0000000100)) 16:42:52 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x3, 0x6) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000100)={0x6, @local, 0x0, 0x0, 'none\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) 16:42:53 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback}, 0x10) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f00000004c0)) 16:42:53 executing program 4: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x4006, 0x4) r1 = dup2(r0, r0) sendto$inet6(r1, &(0x7f0000000340)="04010000008b00ddb8460900ffb25b4802938207d903378039ae5375a416407d9029ef0712f29513ff0f0000eb353c72e497f754482c03ac4db09698c000000100000000006d0000fffba37191744d7e459959fa8aa490bf11dbb68e1934954468d5506c791bdc507514e286dfe43ce051c8fde942402031db935659c3d7fa4db2d33bc65f7bb1dddb591d58832ca648af94de014542500d5d3ec661566ed396949c6bc86da348227eaf9d96dab4833d4ba7db9fe347f544c185f812cb63218e4d07327f3b2beee0d3ef2f9d2090c841ecb52269b7dd22441d5ee89649428a10453472ef5edd58f0ff222370732e26f378ed951957f0b6548f1300bd33da3a0d34c1a182faef18dfa35f999f120369319919d20cc086769dae4438f713a9bb35b745807f9e886f7eb77625b8ddc88698252c4e59127dff5474998eb25c65c53f554448be", 0x144, 0x0, &(0x7f0000000180)={0xa, 0x200000800, 0x1000000004, @mcast2, 0xfffffffffffffffe}, 0x1c) 16:42:53 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uinput\x00', 0x4000000000802, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz1\x00'}) 16:42:53 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-ssse3\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f00000000c0), 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r1, r2, &(0x7f00000002c0), 0x70) 16:42:53 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x1ffffe, 0xc04e27d3b523e3e1, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000100)=0x1) [ 273.260901] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 273.380647] input: syz1 as /devices/virtual/input/input5 16:42:53 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x3, 0x6) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000100)={0x6, @local, 0x0, 0x0, 'none\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) [ 273.474615] input: syz1 as /devices/virtual/input/input6 [ 273.545022] ================================================================== [ 273.552448] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 273.559580] CPU: 1 PID: 7947 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #66 [ 273.566791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.576168] Call Trace: [ 273.578799] dump_stack+0x306/0x460 [ 273.582468] ? vmap_page_range_noflush+0x975/0xed0 [ 273.587450] kmsan_report+0x1a2/0x2e0 [ 273.591290] __msan_warning+0x7c/0xe0 [ 273.595145] vmap_page_range_noflush+0x975/0xed0 [ 273.599992] map_vm_area+0x17d/0x1f0 [ 273.603751] kmsan_vmap+0xf2/0x180 [ 273.607366] vmap+0x3a1/0x510 [ 273.610540] ? ion_heap_map_kernel+0xa33/0xad0 [ 273.615181] ion_heap_map_kernel+0xa33/0xad0 [ 273.619649] ? ion_ioctl+0x690/0x690 [ 273.623406] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 273.628661] ? ion_dma_buf_release+0x430/0x430 [ 273.633272] dma_buf_ioctl+0x376/0x630 [ 273.637212] ? dma_buf_poll+0x1690/0x1690 [ 273.641402] do_vfs_ioctl+0xcf3/0x2810 [ 273.645353] ? security_file_ioctl+0x92/0x200 [ 273.649908] __se_sys_ioctl+0x1da/0x270 [ 273.653932] __x64_sys_ioctl+0x4a/0x70 [ 273.657889] do_syscall_64+0xbe/0x100 [ 273.661730] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 273.666946] RIP: 0033:0x457579 [ 273.670168] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 273.689092] RSP: 002b:00007f66f8d97c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 273.696836] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 273.704132] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000004 [ 273.711423] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 273.718711] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66f8d986d4 [ 273.726014] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 273.733324] [ 273.734980] Uninit was created at: [ 273.738560] kmsan_internal_poison_shadow+0xc8/0x1d0 16:42:53 executing program 4: [ 273.743680] kmsan_kmalloc+0xa4/0x120 [ 273.747511] __kmalloc+0x14b/0x440 [ 273.751072] kmsan_vmap+0x9b/0x180 [ 273.754636] vmap+0x3a1/0x510 [ 273.757761] ion_heap_map_kernel+0xa33/0xad0 [ 273.762201] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 273.767430] dma_buf_ioctl+0x376/0x630 [ 273.771346] do_vfs_ioctl+0xcf3/0x2810 [ 273.775257] __se_sys_ioctl+0x1da/0x270 [ 273.779266] __x64_sys_ioctl+0x4a/0x70 [ 273.783188] do_syscall_64+0xbe/0x100 [ 273.787040] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 273.792243] ================================================================== [ 273.799623] Disabling lock debugging due to kernel taint [ 273.805089] Kernel panic - not syncing: panic_on_warn set ... [ 273.805089] [ 273.812492] CPU: 1 PID: 7947 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #66 [ 273.821095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.830464] Call Trace: [ 273.833087] dump_stack+0x306/0x460 [ 273.836764] panic+0x54c/0xafa [ 273.840029] ? __msan_metadata_ptr_for_store_1+0x13/0x20 16:42:53 executing program 4: [ 273.845531] kmsan_report+0x2d3/0x2e0 [ 273.849382] __msan_warning+0x7c/0xe0 [ 273.853224] vmap_page_range_noflush+0x975/0xed0 [ 273.858055] map_vm_area+0x17d/0x1f0 [ 273.861811] kmsan_vmap+0xf2/0x180 [ 273.865408] vmap+0x3a1/0x510 [ 273.868560] ? ion_heap_map_kernel+0xa33/0xad0 [ 273.873191] ion_heap_map_kernel+0xa33/0xad0 [ 273.877654] ? ion_ioctl+0x690/0x690 [ 273.881404] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 273.886650] ? ion_dma_buf_release+0x430/0x430 [ 273.891274] dma_buf_ioctl+0x376/0x630 [ 273.895214] ? dma_buf_poll+0x1690/0x1690 [ 273.899392] do_vfs_ioctl+0xcf3/0x2810 [ 273.903332] ? security_file_ioctl+0x92/0x200 [ 273.907875] __se_sys_ioctl+0x1da/0x270 [ 273.911898] __x64_sys_ioctl+0x4a/0x70 [ 273.915812] do_syscall_64+0xbe/0x100 [ 273.919650] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 273.924878] RIP: 0033:0x457579 [ 273.928123] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 273.947043] RSP: 002b:00007f66f8d97c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 273.954775] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 273.962068] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000004 [ 273.969358] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 273.976645] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66f8d986d4 [ 273.983925] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 273.992130] Kernel Offset: disabled [ 273.995768] Rebooting in 86400 seconds..