[ 53.164653] audit: type=1800 audit(1539208725.211:27): pid=5995 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 54.557190] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 55.574239] random: sshd: uninitialized urandom read (32 bytes read) [ 56.120444] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 57.839834] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts. [ 63.552471] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 21:58:57 fuzzer started [ 67.854935] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 21:59:02 dialing manager at 10.128.0.26:45337 2018/10/10 21:59:02 syscalls: 1 2018/10/10 21:59:02 code coverage: enabled 2018/10/10 21:59:02 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 21:59:02 setuid sandbox: enabled 2018/10/10 21:59:02 namespace sandbox: enabled 2018/10/10 21:59:02 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 21:59:02 fault injection: enabled 2018/10/10 21:59:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 21:59:02 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/10 21:59:02 net device setup: enabled [ 73.071138] random: crng init done 22:00:46 executing program 0: timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) [ 175.201159] IPVS: ftp: loaded support on port[0] = 21 [ 176.457000] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.463703] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.472328] device bridge_slave_0 entered promiscuous mode [ 176.606745] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.613392] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.622563] device bridge_slave_1 entered promiscuous mode [ 176.753801] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 176.885816] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.287378] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.424185] bond0: Enslaving bond_slave_1 as an active interface with an up link 22:00:50 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x80, 0x4) sendto$inet6(r0, &(0x7f0000000040)="020300000700000000000000fff55b4202938207d9fb3780398d5375000000007929301ee616d5c01843e065900854417e2bf3f8a0b3222a2bb42f2dbd94c3b50035110f118d0000f55dc62600009b00b47645004bae1356642490a7b5fc88046a0000000000000000000000", 0x6c, 0x0, &(0x7f0000000000)={0xa, 0x200810800, 0x6, @remote}, 0x1c) [ 178.081383] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.089671] team0: Port device team_slave_0 added [ 178.251800] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 178.259819] team0: Port device team_slave_1 added [ 178.536227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 178.544698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 178.553642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 178.712367] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.900328] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.908214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.917588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.063294] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 179.070880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.080269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.223085] IPVS: ftp: loaded support on port[0] = 21 [ 181.079433] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.086067] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.094519] device bridge_slave_0 entered promiscuous mode [ 181.293052] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.299533] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.308063] device bridge_slave_1 entered promiscuous mode [ 181.442780] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.449272] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.456316] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.462872] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.471598] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.490721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.701404] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 182.252221] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.338334] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.548434] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.723010] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 182.730514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.897193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.904457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 22:00:55 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) lsetxattr(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000080)=@known='user.syz\x00', &(0x7f0000000100)='uses.syz\x00', 0x19e, 0x0) [ 183.526375] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 183.534660] team0: Port device team_slave_0 added [ 183.897764] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.905762] team0: Port device team_slave_1 added [ 184.237631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 184.246352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.255853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.450412] IPVS: ftp: loaded support on port[0] = 21 [ 184.577187] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 184.584410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.593264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.841466] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.849421] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.858464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.082355] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 185.089948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.099141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.914771] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.921592] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.930100] device bridge_slave_0 entered promiscuous mode [ 187.235922] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.242598] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.250960] device bridge_slave_1 entered promiscuous mode [ 187.532792] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.749773] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.196620] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.203189] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.210097] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.216707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.230390] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.497623] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.654123] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.797371] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.073612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.080732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.373427] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.380563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.198344] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.206527] team0: Port device team_slave_0 added [ 190.509598] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.517900] team0: Port device team_slave_1 added [ 190.769740] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 190.777092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.786228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 22:01:03 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x2000000000000004, &(0x7f0000013ff4)={@remote, @rand_addr}, 0x6) [ 191.048476] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 191.055976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.064764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.493912] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.501537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.510851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.875973] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.883657] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.892759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.269441] IPVS: ftp: loaded support on port[0] = 21 [ 193.267451] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.597203] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.442860] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.449352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.457382] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.463914] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.472756] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 195.482204] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.488649] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.497208] device bridge_slave_0 entered promiscuous mode [ 195.771974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.821273] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.828081] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.836581] device bridge_slave_1 entered promiscuous mode [ 195.860488] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.867091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.875259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.183383] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 196.452229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 197.236476] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.313477] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 197.687314] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 197.974995] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 197.982384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.350136] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 198.357853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.305300] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.313473] team0: Port device team_slave_0 added [ 199.676238] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 199.684430] team0: Port device team_slave_1 added [ 199.978526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 199.985940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.994873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.330971] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.338343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.347351] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.665695] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 200.673496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.682681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.704034] 8021q: adding VLAN 0 to HW filter on device bond0 22:01:13 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) connect$netlink(r2, &(0x7f0000000100)=@unspec, 0xc) [ 201.030459] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.038180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.047205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.358146] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 202.739788] IPVS: ftp: loaded support on port[0] = 21 [ 203.878242] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 203.884852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.892889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.482584] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.793319] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.799914] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.806927] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.813479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.821991] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.902995] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 22:01:18 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="020a00000200000000000000000000005912c43951c720429a4870317e57a0c09cfa0e781d19aae1cad8210c3a5587c3c8e97f20146aff8e149d8b039115adee562761fbc1b87aaaf65b5933f6d90ce0dd22792ebc35762d0e85278409596a66b7eccdd7796348329898e3eaec618fb52a7288c404785a1b3d098f34ba"], 0x7d}}, 0x0) [ 206.441915] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.448401] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.457282] device bridge_slave_0 entered promiscuous mode 22:01:18 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x480) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, &(0x7f0000000440), 0xffffffffffffffba, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'lo\x00'}) getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040), &(0x7f0000000140)=0x4) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000000c0)={'lo\x00', 0x101}) r3 = accept4(r0, 0x0, &(0x7f0000000000), 0x0) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f000000cb40)={&(0x7f0000000080), 0xc, &(0x7f000000cb00)={&(0x7f000000c480)={0x14}, 0x14}}, 0x0) [ 207.632447] device lo entered promiscuous mode [ 207.645208] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.651899] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.660283] device bridge_slave_1 entered promiscuous mode [ 207.759118] device lo left promiscuous mode [ 208.328263] device lo entered promiscuous mode [ 208.352337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 22:01:20 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x800, 0x0) write$FUSE_POLL(r0, &(0x7f0000000040)={0x18, 0x0, 0x6, {0x4}}, 0x18) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x82042, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000300)={0x4, 0x8}, 0x10) renameat2(r1, &(0x7f0000000080)='./file0\x00', r0, &(0x7f00000000c0)='./file0\x00', 0x0) [ 208.845180] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 22:01:21 executing program 0: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[]}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x0, 0x204000) r2 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0xd5d567642ad0f507, 0x100) renameat(r1, &(0x7f0000000080)='./file0\x00', r2, &(0x7f00000001c0)='./file0\x00') sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [@sadb_sa={0x2}]}, 0x20}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0) 22:01:21 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x1) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000100)={&(0x7f0000000080)=[0x0, 0x1, 0x7e0b], 0x3, 0x8001, 0x950, 0x80000001, 0x80000001, 0x6, {0x1, 0x5, 0x4, 0x5, 0x401, 0xffffffffffffff1e, 0x7, 0x7, 0x5, 0x2, 0x88d, 0xc349, 0x9, 0x1, "7b31a361a3400f6f4d5291b02e70e1fb04c791c313eda0b989d6bf2675b51a06"}}) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x123}) 22:01:22 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x1) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000100)={&(0x7f0000000080)=[0x0, 0x1, 0x7e0b], 0x3, 0x8001, 0x950, 0x80000001, 0x80000001, 0x6, {0x1, 0x5, 0x4, 0x5, 0x401, 0xffffffffffffff1e, 0x7, 0x7, 0x5, 0x2, 0x88d, 0xc349, 0x9, 0x1, "7b31a361a3400f6f4d5291b02e70e1fb04c791c313eda0b989d6bf2675b51a06"}}) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x123}) [ 210.184475] bond0: Enslaving bond_slave_0 as an active interface with an up link 22:01:22 executing program 0: r0 = socket$inet(0x2, 0x6, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x4a) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x880, 0x0) ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{}, {}]}) ioctl$FICLONE(r1, 0x40049409, r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='/dev/rfkill\x00', r1}, 0x10) connect$unix(r0, &(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000140)={0x40000001, 0x200802, 0xd}) [ 210.640174] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.027863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.035229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 22:01:23 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x800000008912, &(0x7f00000000c0)="153f6234418dd25d766070") r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snapshot\x00', 0x101000, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000280)={0x0}, &(0x7f0000000040)=0x8) write$P9_RSTAT(r3, &(0x7f0000000200)={0x55, 0x7d, 0x0, {0x0, 0x4e, 0x6, 0x74, {0x41, 0x1}, 0x0, 0x0, 0x7ff, 0x19e, 0x8, '-wlan0@%', 0x6, 'cgroup', 0x7, '/(#}*\'&', 0x6, 'icmp6\x00'}}, 0x55) write$FUSE_DIRENT(r3, &(0x7f00000004c0)=ANY=[@ANYRESOCT], 0x17) ioctl$sock_bt_bnep_BNEPCONNADD(r3, 0x400442c8, &(0x7f00000001c0)) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$get_keyring_id(0x0, r6, 0x3f) sendmsg$nl_route(r5, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000180)=@getlink={0x28, 0x12, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}]}, 0x28}}, 0x0) r7 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x608000, 0x0) ioctl$SIOCGIFMTU(r7, 0x8921, &(0x7f0000000140)) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000080)=r4, 0x4) setsockopt$inet6_buf(r7, 0x29, 0x35, &(0x7f00000002c0)="f486c737d44a4d49869b1696036221e5c30747016c6731f77abba0c2f9925c2a7d18cc01e895", 0x26) [ 211.387407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.394798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.875580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.355883] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.364301] team0: Port device team_slave_0 added [ 212.696433] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.704834] team0: Port device team_slave_1 added [ 212.847799] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 213.003892] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 213.011162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.020156] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.295944] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 213.303296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.312141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.558978] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.566750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.575796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.823459] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 213.829906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.838351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.883702] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 213.891324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.900425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.849978] 8021q: adding VLAN 0 to HW filter on device team0 22:01:26 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) write$uinput_user_dev(r0, &(0x7f0000000d00)={'syz0\x00', {}, 0x22, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz0\x00'}) write$uinput_user_dev(r0, &(0x7f0000000880)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) [ 215.024361] input: syz0 as /devices/virtual/input/input5 [ 215.063878] input: syz0 as /devices/virtual/input/input6 [ 216.563367] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.569885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.577875] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.584490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.593431] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 216.600151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.700074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.406145] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 22:01:32 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x9, 0x879e99cd2aac3213) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000040)={0x8, 0x1, 0x5, 0x6}, 0x10) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080)=0x0) fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x437, 0x9, r1}) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_DMA(r0, 0xc0406429, &(0x7f0000000240)={r2, 0x5, &(0x7f0000000140)=[0x0, 0x7, 0x6, 0x200, 0x2], &(0x7f0000000180)=[0x80000001, 0x7, 0x2, 0x6, 0x48de5c84, 0xffffffffffffff75, 0xa, 0x9, 0x80], 0x10, 0x7, 0x8, &(0x7f00000001c0)=[0x7ff, 0x5, 0x2268681a, 0x1, 0x8000, 0x7, 0x8], &(0x7f0000000200)=[0x5]}) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x6, 0x3, 0x0, 0xf, 0x3, 0x1, "8a53be78609247a68f042bf6a91c2ab494ff68c714d36771f12bc4545c9348447cc067b2dff098b14f2a6a6375c6e15762ed745ea01a81a61f89c2df8a2e5853", "d237994a92caffd7cbd59afe197c4490d1acec090a96e1936ea8b090c524466f91921cbd86ec87b6d51e23b8c4c4e45fa7f784ee49a91401f2bed918a6983fb9", "b98b33ed4e3f3ef42c60c67c5ccf24c6c4de031c3d20e473bbc8e57633091747", [0x7ff, 0x3]}) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000380)='trusted.overlay.upper\x00', &(0x7f00000003c0)={0x0, 0xfb, 0x93, 0x0, 0x7, "02c7d421f5c4c247d2df2f28835cd881", "6075edc0eead12df1d28733ec5c087cf0199cb6db30de2a113a03b1c2edadf0ad3009cb7c824370d83a471049ace004a13c4e365ac9c40cee286b79cdac74804628183d629a67f7dfb2cdf234828d2e5aa14f5e61fd1344c3e46f6274c9fb0807429549489a878ecacc57979c132a5d7d08424ccf70219f20d00f10e1b87"}, 0x93, 0x1) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000940)={0x0, 0x1000}, &(0x7f0000000980)=0x8) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000009c0)={0x0, 0x98, "c09ac740044993b28d06602af2c8ecbb665a89e33745d2b0c2b4f07e7d28494217e8204ee9918970dadb8ac7d9a378f186134fe818f9337a56c807ad49ca500e3b14972f80a453ff3fb8dbb66d0e7b632537e70cd9f2a6e32536e1924b765dd61b2a4c90353ec8a90f36c91b382ebac67d9aafc52742e58e0196ebe6505c25066bf5050106a8a7a176ab20e863e825617c1dc9b51a5876ff"}, &(0x7f0000000a80)=0xa0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000ac0)={0x0, @in={{0x2, 0x4e22, @multicast2}}}, &(0x7f0000000b80)=0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000d40)={0x0, 0x1, 0x20}, &(0x7f0000000d80)=0xc) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000dc0)={0x0, 0xf8}, &(0x7f0000000e00)=0x8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000001540)={0x0, 0x8}, &(0x7f0000001580)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000015c0)={0x0, 0x9}, &(0x7f0000001600)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000001640)={0x1, [0x0]}, &(0x7f0000001680)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000001bc0)={0x0, 0x8}, &(0x7f0000001c00)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000001c40)={0x0, 0xce, "25d8637a74cdad4dee44253648d9e6f4c2d94ed8cc2a3c3139a4292b2e60378f125836024139b3e8f989167f33f3523a9afd6429fb4d3cc39e7804027072894332ad26d21baed3150a270742f788a4f6f9e13ac33ddede3f3036a14fe0dedbb41828edb88e8f5f4e3b373929ca1611c43f389f08689ac146372aa554a8da7b4c46169cdcaa51a3e2f1f8b1f9d0e3f8fd69c30e36ca0034c60af32a89d899a267a7ebbe643f54071b86dc3c7d7b6bd0062ece6764c0a0d42d844f85bb094335b01354ade94822261f7e7ff76deab3"}, &(0x7f0000001d40)=0xd6) sendmmsg$inet_sctp(r0, &(0x7f0000001e80)=[{&(0x7f0000000480)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10, &(0x7f00000004c0), 0x0, &(0x7f0000000500)=[@dstaddrv4={0x18, 0x84, 0x7, @multicast2}], 0x18, 0x4000010}, {&(0x7f0000000540)=@in={0x2, 0x4e22, @loopback}, 0x10, &(0x7f00000008c0)=[{&(0x7f0000000580)="fb7e75448ba41f70263cda861a3e08084999d146b062854ea8", 0x19}, {&(0x7f00000005c0)="889482a5f148fe00818a5c6c10982cb536549ef06cc2d25ba8f48815149d9e158368ac27f02f97e2c298dccbed9d04125cfa2e8395c2d3b2d04747f673512f047f074567d43a94f1ea351d5ac99369a4593f1b97000975518930f0c7ef94fdeb5f82030f4007fdbd1f04e5ffaa5fb9fcf2e3c295494fb07ac09b8af72e889b71d52c5379bde2b100a6275ab90d8396960d3949d03204bca96399a7286f44885fdee44ffc2e524eb0a6d32bf095effc", 0xaf}, {&(0x7f0000000680)="53b0867c19dca5493750981db15b31e6aec9a565b4a4a0f574916820de384152f86ef52a2d431a2bb2747b34aea3650e598c25e58287d1aaf2f3224e7fe240fdb2d5eb3318c0d756a3f73bfbd7d89f978299d9f685db50474318bd50d86775addbf1368364bc866d1212412ebce47afb39fe986446c1a451098908d376b7bc1ca7658555a1516ef6852b0a2b92317222768b52ba899790", 0x97}, {&(0x7f0000000740)="1657c4eacc647e7871eb815585910bcf84af75bd5d512ef06991b1fc2cb241aeefc6fd18317ee2cca943cfd2df14c8a8467d3fe92576409b17f5ce10efad5b79a44167b99a486b183a45b2b39972950ec6ef25a937495677aa120e90a900516f4ca7520b0350e9eacb2e9c61748938d88cd6bedff15a342d77ce817b5e292060f6179bad", 0x84}, {&(0x7f0000000800)="f6f2784a5eb896db94", 0x9}, {&(0x7f0000000840)="1d7f377a440da6aba16d6ebf3c1cf3215a69de871bbfcbbd520cf677eaf53b408de3310bce5c8031d1f2fcf7178d6c7829870076d379162688251d5c0763ad4dae9e7cf1262ee1ec40439085d1fa043c675193c37e669e8fd12ad593ccd993bf32b40c35a3e4fb9a2cf58e66ac", 0x6d}], 0x6, &(0x7f0000000bc0)=[@sndinfo={0x20, 0x84, 0x2, {0x80000001, 0x8000, 0x1, 0x0, r3}}, @sndrcv={0x30, 0x84, 0x1, {0x5, 0x800, 0x200, 0x3ec0, 0x7, 0x7, 0x2a24, 0xfffffffffffffff7, r4}}, @sndinfo={0x20, 0x84, 0x2, {0xa95, 0x8003, 0x2, 0x8, r5}}], 0x70, 0x1}, {&(0x7f0000000c40)=@in6={0xa, 0x4e20, 0x8}, 0x1c, &(0x7f0000000d00)=[{&(0x7f0000000c80)="91e7823873bcbaba278ebe124c3f58202ad323bc2df486500d17ecf1d118424ae8321d904b0249b7060162c53070d3096dc19acbcf2e02d060772ff826034f07734c3938ef7361c490504a", 0x4b}], 0x1, &(0x7f0000000e40)=[@dstaddrv6={0x20, 0x84, 0x8, @ipv4={[], [], @local}}, @dstaddrv4={0x18, 0x84, 0x7, @broadcast}, @sndinfo={0x20, 0x84, 0x2, {0x81, 0x2, 0x80000000, 0x18d79399, r6}}, @dstaddrv4={0x18, 0x84, 0x7, @multicast2}, @sndrcv={0x30, 0x84, 0x1, {0x9, 0x9, 0x4, 0x86, 0x6, 0x5, 0xff, 0x9e9e, r7}}, @init={0x18, 0x84, 0x0, {0xa90, 0x100000000, 0x3, 0x2}}], 0xb8, 0x4}, {&(0x7f0000000f00)=@in6={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, [], 0x19}}, 0x1c, &(0x7f0000001480)=[{&(0x7f0000000f40)="ee9c4fcf9484ec7de919047092217d4f96c866a82edb3e6156af199015d6039e2a10", 0x22}, {&(0x7f0000000f80)="c4feee13b3f586d58c0e4513589545e281e4a3d644cf4993530487afe4481cf012124c1fdaadf21beb926e93422c98d5380b0468844693432840c92f7ac3456cbd8cbda304c1d324f01a94d6cd882d6a853d5daf53956fd1c5d64a764148b9b548944c2dd8e181aa0e09a4208a73d43140c62b", 0x73}, {&(0x7f0000001000)="5f0c741386ac41", 0x7}, {&(0x7f0000001040)="0fb62ece2824c3dd0b39a70c5ab2c6482643c95cb434ee2f8460693f00e1b1983e0b8f13ce81b4ffdee9d8ba0ae651d7c9797c1cd6fdbcd5a3b0bf1ea36cd67339338ae4d2d1cc47e6d06508f7ca98ea29029294542e499ef1474430f4e270dae8256186f2a224e2354d20a891448f8de6c9dd91eed0ae70e4a3ba7f7725eafdabd699a196a23ebc8847f592695b1298536d4ae9eeb3", 0x96}, {&(0x7f0000001100)="370883e481578a7a1e0de6026d6cdb28dbf56f99c51f98f2d16b2c6b6b9475545f4e294e69ba56e7844a5d89af1ab7ff56344f8088db325e8ea4ffeeedf3f0b53c1cdd8ed389902fb6ae31b8c057099d95044d46a1bfe8ad6f989b354c2ebbe2fe7c06e41ac4", 0x66}, {&(0x7f0000001180)="0c1f0aed92b71ed82fa7c21a85ae01d2646e81e87d1dd719c62bf03186759f766c6d02993e5d2071be79b2e37983307c64f46c2f4ea7bbde2563fdb3b63e278492a9d86a814a480109ee30060136d9ffaf65de60cdcada5bfb9729edf19bfbaaff5974084f84d0493b4befe53d56331a6197c594aaf290a3c7d2ba9f64f8d33983a21f09ade1955381ff1205cf1df0a4c21911b882a42c8b3eb982ace39e7fc7d8144a6743b9abcd76cf9b486a4d841ff0da0e293137624bca91bf6959a4856fbb8530dbfdb6f2a4f61790f798969448dbf9761ac5f1ba9e81443d82fb9f304ca258f574c380fffb4f7473d3b60a75d28df2000254ab0e2544", 0xf9}, {&(0x7f0000001280)="91d2fafa8f724928681a4d5192bf327ceffd2b5a6291669e30bbf7e808aa6b0886423bbe76692f550d6e386cf093b31e9b0cb3fd26bf03726b04336be8ffc16c99c1177da93dd6eed95cb15fffafd6d2e4f60453c973b03876f55ecfae4b353c9c10", 0x62}, {&(0x7f0000001300)="d88aa13dd8048268564af03518dec506b48d6238d3e53a893c2ca17e7c61c32d2f187a9389dc695ed2b80c772e714f5559a0dcde51925472256be87909517a8994ebdd006875929335831a960da0125b2c4293063401effe6ab10c235372e6a6e27c330c668483f35bd64ef7406d6201a956df4be15aad236e3d7bf4436c2dea719cb5d74d38b031eaa0501b4e0d7b35910ce3f729b7087e33f6ca5e302983b88f5f6ddd7d860394deaeb5fb83a36626fadede9dbd7a9c7be128edd3d78175b7ec40805530112b378832463ae4d1", 0xce}, {&(0x7f0000001400)="562346c2aa554a7e673dafcac2612edf805a7b089938b82ea181544631af19df8904aabb5b2e66e3ca9bf13bf01173d46143ef95cd8d767065baeb9ee3517550c107bf15f2caae5887d165d58f4a32094dcbc05845a4b43b20a524aef8c6b89a5e66214f", 0x64}], 0x9, &(0x7f00000016c0)=[@sndrcv={0x30, 0x84, 0x1, {0x316, 0x100000001, 0x8, 0xfffffffffffffffe, 0x3, 0x8000, 0x7, 0x9, r8}}, @authinfo={0x18, 0x84, 0x6, {0x9}}, @sndrcv={0x30, 0x84, 0x1, {0xeb, 0xdcb9, 0x2, 0xa6a, 0x4, 0xfffffffeffffffff, 0xff, 0x81a, r9}}, @prinfo={0x18, 0x84, 0x5, {0x30, 0x7fff}}, @init={0x18, 0x84, 0x0, {0x7ff, 0x4, 0x9, 0x3a}}, @prinfo={0x18, 0x84, 0x5, {0x30, 0x9}}, @sndrcv={0x30, 0x84, 0x1, {0x9ac3, 0x1, 0x4, 0x2, 0x401, 0x7, 0xfffffffffffffffe, 0x20, r10}}], 0xf0, 0x90}, {&(0x7f00000017c0)=@in6={0xa, 0x4e21, 0x5, @empty, 0xb4}, 0x1c, &(0x7f0000001b40)=[{&(0x7f0000001800)="67b2a32d6a654ff27d78a9663a1784f600e778dfc87d0c5ad7d96b093291ac5e2bc775ad588d9457bd54f9316d65fe110779688ecf6bc41b9b0295e50bb00306691f0dba726ab919cf4aa6fd90545336a801181eed16e95f72c333da2a86ce976caceccd2d918ead7012d213fe849e92f6988926a0b48ac9f6fbdafbc6f728c4bbac6ba23f48c8e3f408413622bdee3e84def186cd05ef960bce0ce4de53abc0007e11c5277cf3e666054497d0435b", 0xaf}, {&(0x7f00000018c0)}, {&(0x7f0000001900)="4e71a855dfb29cbf518c8ec1bccf038db6f7b567bb0040a5af989488cf168534911b924d3fe25ac8c21012b55e6b28b3d0cf061cbf11c9eb91204dcb62c59f26ed9f7a02948a90f7c1692c7b5c45f7fcff98eb45818d9333f31f00154b7c3f1fa555606651d9ec56d0e5126c714d33ca66615dd0279a72c94884770c844f46132e1cde8ac7a2c5f1c5aaa2c643990eb37e648ad33661fc075a1905d2c5a47c05111dbd12fd0ec823b7a7ee794c2c853d", 0xb0}, {&(0x7f00000019c0)="40dab8ec82054a40c12acf6183bf492f194047642cd502dbcde3e97889f7225d46617301216302751969a7a6e90ac1b9e915ba45f703f3caeab952fe1fb2ed1ede07f92a3ee32c2229b41495b4c292d876e6fd9434733b882557aa20a0949e8a051d9943400019dd231505d65d0eaa56a1be92dcd53610094893a8d7089cb278027c46e8ccd892a4832a6a990e1e00433ed0982b6d304e191789b4e3e74b8aefcd31765e9682ef484dc9ed784b4b40590ea7887fb22b000deeaeac37d83b3ba80240c46beb3d4dbb4a4eea3930f1c4bb1875cd68e8c1ca67d66ffb72232c01d2e8c0425b95e589d8463c", 0xea}, {&(0x7f0000001ac0)="efaa068e62c099c0d90981b875f30fe254049a36bb6449dfa7ada7d6f12bf503499af6c3abe3eb7e2f64760737d828ef171707831371b4c92ae70a543672b8e44e12be60dc477eb224696b9427241910a32491038f124b9a4a399ccc03d83f14081260e111e123b10d7a99ce16814227437003eb49f9", 0x76}], 0x5, &(0x7f0000001d80)=[@sndrcv={0x30, 0x84, 0x1, {0x1, 0x1ff, 0x20d, 0x9e16, 0x2ba5061, 0x8, 0x7, 0x401, r11}}, @init={0x18, 0x84, 0x0, {0xffffffffffffffc1, 0xfffffffffffffff8, 0xa, 0x100}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0x9}}, @prinfo={0x18, 0x84, 0x5, {0x10, 0x1}}, @init={0x18, 0x84, 0x0, {0x0, 0x55, 0x81, 0x9}}, @prinfo={0x18, 0x84, 0x5, {0x30, 0x81}}, @sndinfo={0x20, 0x84, 0x2, {0x1e5, 0x200, 0x8001, 0x98, r12}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0xfff}}], 0xe0, 0x200400c4}], 0x5, 0x44010) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000001fc0)='trusted.overlay.upper\x00') getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000002000)={r12, 0x20}, &(0x7f0000002040)=0x8) recvfrom$packet(r0, &(0x7f0000002080), 0x0, 0x2062, 0x0, 0x0) write$P9_RGETLOCK(r0, &(0x7f00000020c0)={0x2e, 0x37, 0x2, {0x2, 0x6, 0x2, r1, 0x10, 'posix_acl_access'}}, 0x2e) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000002100)={r6, 0x6}, 0x8) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000002140)=0xec, 0x4) kcmp$KCMP_EPOLL_TFD(r1, r1, 0x7, r0, &(0x7f0000002180)={r0, r0, 0x401}) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f00000021c0)={0x28, 0x2, 0x0, {0x6, 0x9}}, 0x28) sendto$inet(r0, &(0x7f0000002200)="7a77f7855c5b8683d8d33c4036fcb935b039b1de67530adffc53c2691e166587c0708cb8177cc37567d369fd30e4b15061ca83f30214820bccbd4b7c9b9d32c3343b7df87f3fcbf2dd15c9cd0159357f", 0x50, 0x24000800, &(0x7f0000002280)={0x2, 0x4e23, @broadcast}, 0x10) write$P9_RWALK(r0, &(0x7f00000022c0)={0x71, 0x6f, 0x1, {0x8, [{0x28, 0x0, 0x2}, {0x2, 0x1}, {0x4, 0x2, 0x5}, {0x94, 0x1, 0x6}, {0x40, 0x4, 0x6}, {0x20, 0x2, 0x3}, {0x58, 0x2, 0x1}, {0x2, 0x1}]}}, 0x71) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000002340)={0x9, 0xfffffffffffffffb, 0x3f, 0x8, 0x2, 0x4, 0xc480000000000000, 0x1, 0x3, 0x9, 0x7f, 0x5}) [ 220.359828] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.366361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.374312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.692295] IPVS: ftp: loaded support on port[0] = 21 [ 221.188434] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.575871] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.583702] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.592147] device bridge_slave_0 entered promiscuous mode [ 222.750299] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.757015] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.765501] device bridge_slave_1 entered promiscuous mode [ 222.930163] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 223.106058] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.652133] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 223.837689] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 223.973951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 223.981495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.185777] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 224.193021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.935644] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.943985] team0: Port device team_slave_0 added [ 225.111396] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.119691] team0: Port device team_slave_1 added [ 225.161859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.324751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.333202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.342077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.546194] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.737946] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.745730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.754838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.878674] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 225.947291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.954963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.963994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 22:01:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0xf000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="d2d89e000a0002000100aaaaaa9f0000"], 0x1}}, 0x0) [ 226.658134] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 226.664664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 226.672497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 227.187055] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.708946] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.716124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.723132] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.729580] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.737795] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.744708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.576293] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 22:01:42 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480), 0xc, &(0x7f0000000100)={&(0x7f00000004c0)={0x14, 0x22, 0x1, 0x0, 0x0, {0x5801}}, 0x14}}, 0x0) 22:01:42 executing program 4: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) fchownat(r0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0) 22:01:42 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x1) io_setup(0xfe6, &(0x7f0000000200)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000080)}]) fstat(0xffffffffffffffff, &(0x7f0000000000)) 22:01:42 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x1) io_setup(0xfe6, &(0x7f0000000200)=0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000080)}]) 22:01:42 executing program 1: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f0000000240)='threaded\x00', 0xf96d) r2 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x40a5) write(r0, &(0x7f0000000240)="938fbd9b56870b7b12", 0x9) sendfile(r0, r2, 0x0, 0x10000) [ 230.816856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 22:01:43 executing program 3: r0 = syz_open_dev$sndtimer(&(0x7f0000026000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000001000)={{0x100000001}}) r1 = syz_open_dev$sndtimer(&(0x7f0000022ff1)='/dev/snd/timer\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x5, 0x88001) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, r2, 0x0, 0x12, &(0x7f0000000040)='self\'{vmnet1wlan0\x00', 0xffffffffffffffff}, 0x30) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000100)={[], 0x3, 0xfff, 0x8, 0x0, 0x8, r4}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x0, 0x1}}) 22:01:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, &(0x7f0000000f4d)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f000000cf68)=[@enter_looper], 0x0, 0x0, &(0x7f0000008f37)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f00000000c0)=[@clear_death], 0x1, 0x0, &(0x7f00000001c0)="10"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0xc, 0x0, &(0x7f0000000080)=[@dead_binder_done], 0x0, 0x0, &(0x7f0000000100)}) 22:01:43 executing program 4: r0 = socket(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x6, 0x10, &(0x7f0000791f18)={{{@in6=@loopback}}, {{@in6}, 0x0, @in6=@loopback}}, &(0x7f0000000000)=0xe8) 22:01:43 executing program 2: socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000040)={{0x0, @multicast2, 0x0, 0x0, 'wlc\x00'}, {@dev}}, 0x44) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x2, &(0x7f0000005fd4)=[@acquire_done={0x40486312}], 0x0, 0x0, &(0x7f0000002000)}) 22:01:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000d000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000080)="0f20e06635000002000f22e00f0158050f573c0f017e08640f0170000f00580c0f71d1059d0f2399670f06", 0x2b}], 0x1, 0x0, &(0x7f0000000140), 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000040), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000140)="642ef26f66b90102000066b8211d95d766ba358fe8760f300f00de3a4700b83f0a8ec0baf80c66b80caa838566efbafc0c66b80080000066ef0f482642f10f20c06635000000200f22c0ba2100b83629ef66b8002000000f23d80f21f86635000000b00f23f8", 0x66}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000580)=ANY=[]) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 231.325113] binder: 7575 RLIMIT_NICE not set [ 231.386481] ================================================================== [ 231.392083] binder: 7572:7575 unknown command 536907575 [ 231.393915] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 231.393945] CPU: 0 PID: 7582 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #66 [ 231.399404] binder: 7572:7575 ioctl c0306201 20008fd0 returned -22 [ 231.406521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.406530] Call Trace: [ 231.406561] dump_stack+0x306/0x460 [ 231.406585] ? vmap_page_range_noflush+0x975/0xed0 [ 231.406614] kmsan_report+0x1a2/0x2e0 [ 231.406639] __msan_warning+0x7c/0xe0 [ 231.406662] vmap_page_range_noflush+0x975/0xed0 [ 231.406714] map_vm_area+0x17d/0x1f0 [ 231.420789] binder: 7577:7579 unknown command 16456 [ 231.421245] kmsan_vmap+0xf2/0x180 [ 231.430809] binder: 7577:7579 ioctl c0306201 20007000 returned -22 [ 231.433208] vmap+0x3a1/0x510 [ 231.433229] ? relay_open_buf+0x81e/0x19d0 [ 231.433256] relay_open_buf+0x81e/0x19d0 [ 231.433294] relay_open+0xabb/0x1370 [ 231.433331] do_blk_trace_setup+0xaf7/0x1780 [ 231.492309] __blk_trace_setup+0x20b/0x380 [ 231.495314] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 231.496571] blk_trace_ioctl+0x274/0x970 [ 231.496605] ? kmsan_set_origin_inline+0x6b/0x120 [ 231.496627] ? __msan_poison_alloca+0x17a/0x210 [ 231.496656] ? blkdev_ioctl+0x327/0x55e0 [ 231.496674] ? block_ioctl+0x16f/0x1d0 [ 231.496697] blkdev_ioctl+0x1aaa/0x55e0 [ 231.496730] ? do_futex+0xada/0x59c0 [ 231.540736] ? task_kmsan_context_state+0x6b/0x120 [ 231.545679] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 231.551041] ? vmalloc_to_page+0x57d/0x6b0 [ 231.555278] ? kmsan_set_origin_inline+0x6b/0x120 [ 231.560135] block_ioctl+0x16f/0x1d0 [ 231.563846] ? block_llseek+0x190/0x190 [ 231.567817] do_vfs_ioctl+0xcf3/0x2810 [ 231.571726] ? security_file_ioctl+0x92/0x200 [ 231.576342] __se_sys_ioctl+0x1da/0x270 [ 231.580316] __x64_sys_ioctl+0x4a/0x70 [ 231.584200] do_syscall_64+0xbe/0x100 [ 231.587998] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 231.593182] RIP: 0033:0x457579 [ 231.596373] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 231.615639] RSP: 002b:00007ff245a75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 231.623346] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 231.630608] RDX: 0000000020000100 RSI: 00000000c0481273 RDI: 0000000000000005 [ 231.637873] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 231.645139] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff245a766d4 [ 231.652406] R13: 00000000004be9e3 R14: 00000000004ce6e0 R15: 00000000ffffffff [ 231.659678] [ 231.661291] Uninit was created at: [ 231.664827] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 231.669922] kmsan_kmalloc+0xa4/0x120 [ 231.673740] __kmalloc+0x14b/0x440 [ 231.677269] kmsan_vmap+0x9b/0x180 [ 231.680801] vmap+0x3a1/0x510 [ 231.683918] relay_open_buf+0x81e/0x19d0 [ 231.687971] relay_open+0xabb/0x1370 [ 231.691683] do_blk_trace_setup+0xaf7/0x1780 [ 231.696090] __blk_trace_setup+0x20b/0x380 [ 231.700324] blk_trace_ioctl+0x274/0x970 [ 231.704387] blkdev_ioctl+0x1aaa/0x55e0 [ 231.708358] block_ioctl+0x16f/0x1d0 [ 231.712066] do_vfs_ioctl+0xcf3/0x2810 [ 231.716328] __se_sys_ioctl+0x1da/0x270 [ 231.720305] __x64_sys_ioctl+0x4a/0x70 [ 231.724187] do_syscall_64+0xbe/0x100 [ 231.727990] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 231.733165] ================================================================== [ 231.740515] Disabling lock debugging due to kernel taint [ 231.745955] Kernel panic - not syncing: panic_on_warn set ... [ 231.745955] [ 231.753322] CPU: 0 PID: 7582 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #66 [ 231.761886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.771235] Call Trace: [ 231.773838] dump_stack+0x306/0x460 [ 231.777472] panic+0x54c/0xafa [ 231.780681] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 231.786140] kmsan_report+0x2d3/0x2e0 [ 231.789956] __msan_warning+0x7c/0xe0 [ 231.793845] vmap_page_range_noflush+0x975/0xed0 [ 231.798621] map_vm_area+0x17d/0x1f0 [ 231.802353] kmsan_vmap+0xf2/0x180 [ 231.805896] vmap+0x3a1/0x510 [ 231.809002] ? relay_open_buf+0x81e/0x19d0 [ 231.813237] relay_open_buf+0x81e/0x19d0 [ 231.817759] relay_open+0xabb/0x1370 [ 231.821481] do_blk_trace_setup+0xaf7/0x1780 [ 231.825903] __blk_trace_setup+0x20b/0x380 [ 231.830149] blk_trace_ioctl+0x274/0x970 [ 231.834220] ? kmsan_set_origin_inline+0x6b/0x120 [ 231.839495] ? __msan_poison_alloca+0x17a/0x210 [ 231.844165] ? blkdev_ioctl+0x327/0x55e0 [ 231.848232] ? block_ioctl+0x16f/0x1d0 [ 231.852134] blkdev_ioctl+0x1aaa/0x55e0 [ 231.856121] ? do_futex+0xada/0x59c0 [ 231.859839] ? task_kmsan_context_state+0x6b/0x120 [ 231.864778] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 231.870158] ? vmalloc_to_page+0x57d/0x6b0 [ 231.874397] ? kmsan_set_origin_inline+0x6b/0x120 [ 231.879238] block_ioctl+0x16f/0x1d0 [ 231.882950] ? block_llseek+0x190/0x190 [ 231.886920] do_vfs_ioctl+0xcf3/0x2810 [ 231.890811] ? security_file_ioctl+0x92/0x200 [ 231.895308] __se_sys_ioctl+0x1da/0x270 [ 231.899291] __x64_sys_ioctl+0x4a/0x70 [ 231.903188] do_syscall_64+0xbe/0x100 [ 231.906990] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 231.912173] RIP: 0033:0x457579 [ 231.915721] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 231.934620] RSP: 002b:00007ff245a75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 231.942325] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 231.949588] RDX: 0000000020000100 RSI: 00000000c0481273 RDI: 0000000000000005 [ 231.956852] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 231.964120] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff245a766d4 [ 231.971388] R13: 00000000004be9e3 R14: 00000000004ce6e0 R15: 00000000ffffffff [ 231.980008] Kernel Offset: disabled [ 231.983636] Rebooting in 86400 seconds..