[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   17.932618] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.918931] random: sshd: uninitialized urandom read (32 bytes read)
[   22.260515] random: sshd: uninitialized urandom read (32 bytes read)
[   23.190548] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts.
[   28.621849] random: sshd: uninitialized urandom read (32 bytes read)
2018/07/09 17:33:54 fuzzer started
[   30.029582] random: cc1: uninitialized urandom read (8 bytes read)
2018/07/09 17:33:56 dialing manager at 10.128.0.26:44551
2018/07/09 17:34:00 syscalls: 1785
2018/07/09 17:34:00 code coverage: enabled
2018/07/09 17:34:00 comparison tracing: enabled
2018/07/09 17:34:00 setuid sandbox: enabled
2018/07/09 17:34:00 namespace sandbox: enabled
2018/07/09 17:34:00 fault injection: enabled
2018/07/09 17:34:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/07/09 17:34:00 net packed injection: enabled
[   35.763372] random: crng init done
17:35:05 executing program 7:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sysfs$1(0x1, &(0x7f0000000000)='vfat\x00')

17:35:05 executing program 3:
syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x241)

17:35:05 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000000)=@generic={0x1})

17:35:05 executing program 0:
syz_emit_ethernet(0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffffffffffffffff0800450004150000000000119078ac14ffe000000100004e210401907800d73cde00f53475b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2080008292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7013ac0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"], 0x0)

17:35:05 executing program 5:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

17:35:05 executing program 6:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, 0x0, "2743e0da970984e516595faf31b59ee106bb973cd5dabeec668a2232e866472f807b396a20de3699d46f327ac5335db4449b4b54890f0a47be68c536367cea2d", "335e00dcbdbc547ccf29c0cd27f38045c34463e47b4a3693d429f59d9f630f428ea8470173b37f33eb930254dec769014eba2b0911b6d685798e30d20acbe648", "827a5a4e1da1c24569179fe126ba643df5012d2bfe193f294a4ec36990641053"})

17:35:05 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ustat(0x9, &(0x7f0000000040))

17:35:05 executing program 2:
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RUNLINKAT(r1, &(0x7f0000000040)={0xffffffffffffffca, 0x4d}, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c})
write$P9_RREADDIR(r1, &(0x7f0000000480)={0x2a, 0x29, 0x1, {0x0, [{{}, 0x0, 0x0, 0x7, './file0'}]}}, 0x2a)
write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1, {0x920}}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000900)='9p\x00', 0x0, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c})

[   99.508436] IPVS: ftp: loaded support on port[0] = 21
[   99.569541] IPVS: ftp: loaded support on port[0] = 21
[   99.619810] IPVS: ftp: loaded support on port[0] = 21
[   99.641579] IPVS: ftp: loaded support on port[0] = 21
[   99.664105] IPVS: ftp: loaded support on port[0] = 21
[   99.719059] IPVS: ftp: loaded support on port[0] = 21
[   99.747324] IPVS: ftp: loaded support on port[0] = 21
[   99.776448] IPVS: ftp: loaded support on port[0] = 21
[  101.426901] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.433402] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.464769] device bridge_slave_0 entered promiscuous mode
[  101.521843] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.528347] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.564387] device bridge_slave_0 entered promiscuous mode
[  101.575437] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.581854] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.589752] device bridge_slave_0 entered promiscuous mode
[  101.598697] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.605104] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.617618] device bridge_slave_0 entered promiscuous mode
[  101.627647] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.634144] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.648454] device bridge_slave_0 entered promiscuous mode
[  101.656209] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.662653] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.670591] device bridge_slave_0 entered promiscuous mode
[  101.678611] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.685096] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.694691] device bridge_slave_1 entered promiscuous mode
[  101.709314] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.715732] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.723212] device bridge_slave_0 entered promiscuous mode
[  101.731555] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.737943] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.746215] device bridge_slave_1 entered promiscuous mode
[  101.759114] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.765535] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.779621] device bridge_slave_1 entered promiscuous mode
[  101.789661] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.796123] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.805077] device bridge_slave_1 entered promiscuous mode
[  101.819113] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.825608] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.837917] device bridge_slave_1 entered promiscuous mode
[  101.846093] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  101.853428] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.859824] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.870341] device bridge_slave_1 entered promiscuous mode
[  101.879077] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  101.886932] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.893620] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.905565] device bridge_slave_0 entered promiscuous mode
[  101.917157] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.923568] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.932459] device bridge_slave_1 entered promiscuous mode
[  101.943331] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  101.952186] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  101.961542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  101.970101] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  101.980576] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  101.987824] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  102.002922] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  102.031819] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.038261] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.069371] device bridge_slave_1 entered promiscuous mode
[  102.077907] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  102.094466] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  102.101926] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  102.109519] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  102.119292] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  102.191209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  102.285321] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  102.346189] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.375339] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.423406] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.433546] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.448461] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.457575] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.470800] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.480271] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.491280] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.501781] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.573191] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.583824] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.593978] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.613276] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.712171] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  102.854316] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  102.996701] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  103.003644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  103.014614] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.031072] team0: Port device team_slave_0 added
[  103.036831] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.046234] team0: Port device team_slave_0 added
[  103.062367] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.079485] team0: Port device team_slave_0 added
[  103.094437] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.104652] team0: Port device team_slave_0 added
[  103.112046] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  103.121431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  103.131813] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.143069] team0: Port device team_slave_0 added
[  103.150420] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.159374] team0: Port device team_slave_1 added
[  103.171412] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.182684] team0: Port device team_slave_1 added
[  103.192413] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.204517] team0: Port device team_slave_1 added
[  103.209882] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.219363] team0: Port device team_slave_0 added
[  103.233972] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.247365] team0: Port device team_slave_1 added
[  103.254818] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  103.268554] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  103.278181] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.291452] team0: Port device team_slave_1 added
[  103.306819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  103.324226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.344870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  103.352593] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.360890] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.367975] team0: Port device team_slave_0 added
[  103.376061] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.383641] team0: Port device team_slave_1 added
[  103.405926] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  103.414665] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  103.421915] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  103.429437] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  103.442711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  103.465419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.483872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  103.494500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.501978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  103.509692] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  103.517377] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  103.524818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  103.532721] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.543580] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  103.551985] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  103.560626] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  103.567810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  103.580456] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  103.603408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.617365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.625127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.632847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.641665] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.649978] team0: Port device team_slave_1 added
[  103.655652] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  103.663661] team0: Port device team_slave_0 added
[  103.669557] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  103.679803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  103.689967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.706134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  103.728565] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  103.735892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.744972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.753060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  103.760156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  103.768366] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  103.777677] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  103.786687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  103.793909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  103.822665] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  103.836867] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  103.844405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.852226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.860215] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  103.867403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.875417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  103.889091] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  103.896913] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  103.905517] team0: Port device team_slave_1 added
[  103.912430] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  103.921181] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  103.936413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.949786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  103.974163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.984464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.992254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.999975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  104.012048] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  104.019178] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  104.028140] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  104.040109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  104.047158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  104.065694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  104.098075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.125863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.133849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  104.142159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.150571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  104.158429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  104.166323] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.173925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.182273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  104.194624] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  104.201759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.209737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  104.235802] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  104.244623] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  104.259570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  104.297530] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.319433] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.330538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  104.340646] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  104.348443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.356876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  104.387610] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  104.408411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.435158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  104.516493] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  104.523691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.537531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  105.071217] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.077670] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.084363] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.090773] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.125253] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  105.239631] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.246150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.252811] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.259212] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.286566] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  105.296812] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.303402] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.310046] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.316446] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.327275] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  105.337996] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.344518] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.351290] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.357756] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.366193] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  105.459539] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.465961] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.472603] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.479171] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.486708] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  105.493298] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.500138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.506816] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.513208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.520981] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  105.543445] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.549942] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.556825] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.563320] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.575886] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  105.832828] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.839272] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.845961] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.852374] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.863091] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  106.016102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  106.029724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  106.052184] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  106.061557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  106.068939] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  106.076446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  106.083690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  106.091055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  109.316052] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.534952] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.553603] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.564857] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.578456] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.661327] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.686573] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  109.736244] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.772379] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.903105] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  109.948554] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  109.970696] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  109.993203] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  110.049261] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  110.058125] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  110.064438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  110.080692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  110.109282] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  110.176692] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  110.303325] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  110.316374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  110.324110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  110.373661] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  110.379879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  110.391453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  110.411877] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  110.418283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  110.428724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  110.456982] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  110.463202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  110.470840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  110.483181] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  110.493461] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  110.500604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  110.584982] 8021q: adding VLAN 0 to HW filter on device team0
[  110.602976] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  110.611342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  110.622174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  110.653899] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  110.664223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  110.689795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  110.804481] 8021q: adding VLAN 0 to HW filter on device team0
[  110.824784] 8021q: adding VLAN 0 to HW filter on device team0
[  110.834752] 8021q: adding VLAN 0 to HW filter on device team0
[  110.852968] 8021q: adding VLAN 0 to HW filter on device team0
[  110.992096] 8021q: adding VLAN 0 to HW filter on device team0
[  111.017784] 8021q: adding VLAN 0 to HW filter on device team0
[  111.069136] 8021q: adding VLAN 0 to HW filter on device team0
17:35:18 executing program 6:
ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x2000000003, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f000000e000)='\x00 ', 0x0)
write$sndseq(r0, &(0x7f0000000080), 0xffffff17)

17:35:18 executing program 0:
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)=@generic={0x0, "714d50200da14566473bd12d025c4ffd36c2c98a4c2ac620f45ae7c633bbe4276c91f9c9f4c1ac3f8dec2fa9488668f844d0349bf2c741680f9efe5a378d4269a1ef13275ab351b532a9a10fbd12bc5f1275e3e22dc128e86b1b98c56a4471db89cd75fdf93088aeb890e426e89bd3b3f165e9c32042efb4470b33193924"}, 0x4d5, &(0x7f0000000000), 0x0, 0x0, 0xfffffe45}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x890c, &(0x7f0000000040))

17:35:18 executing program 5:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0x303)
poll(&(0x7f0000000180)=[{r0}], 0x1, 0x0)

17:35:19 executing program 0:
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000200)={0xaa})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000280)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x400445a0, &(0x7f0000013000))
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000013000/0x1000)=nil, 0x1000})
close(r0)
bind$pptp(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x2, {0x0, @multicast1=0xe0000001}}, 0x1e)

17:35:19 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0x40000)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000002480)=""/4096, 0x1000}], 0x1, &(0x7f0000000340)=""/123, 0x7b}, 0x0)

17:35:19 executing program 5:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0x303)
poll(&(0x7f0000000180)=[{r0}], 0x1, 0x0)

17:35:19 executing program 3:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0x303)
poll(&(0x7f0000000180)=[{r0}], 0x1, 0x0)

17:35:19 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={<r1=>0xffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000000)={0x7, 0x8, 0xfa00, {r1}}, 0x10)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {&(0x7f0000000240), r1}}, 0x18)

17:35:19 executing program 7:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sysfs$1(0x1, &(0x7f0000000000)='vfat\x00')

17:35:19 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000180)="7d0a66ba4000ecc462bbf75006f30f6f3cbf457e0066ba210066ed26363e470f7094db0e000000ec430f01f8470fba20000f0f0fb0", 0x35}], 0x27f, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x485, 0x0, 0xfffffdfd}]})

17:35:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x800000000002)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4030ae7b, &(0x7f0000000080))

17:35:19 executing program 3:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
mount(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='proc\x00', 0x0, &(0x7f00000001c0))
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000440)=""/186, 0x760)
getdents64(r0, &(0x7f0000001500)=""/81, 0x51)

17:35:19 executing program 5:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1c, &(0x7f0000001fde), 0x4)

17:35:19 executing program 7:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sysfs$1(0x1, &(0x7f0000000000)='vfat\x00')

17:35:19 executing program 6:
r0 = socket$inet6(0xa, 0x3, 0x8010000000000084)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x0, @empty, 0x0, 0x100002, 'none\x00'}, 0x2c)
sendto$inet6(r0, &(0x7f0000000000), 0xfdaf, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}}, 0x1c)

17:35:19 executing program 1:
r0 = socket$inet6(0xa, 0x806, 0x0)
bind$inet6(r0, &(0x7f0000c67000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x1000008000)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10)
r2 = accept4(r0, &(0x7f00000001c0)=@in={0x0, 0x0, @local}, &(0x7f0000000180)=0x80, 0x0)
sendmmsg$unix(r2, &(0x7f0000006180), 0x1b3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)

17:35:19 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff})
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x401)
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000040))

17:35:19 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000000)=0x4, 0x4)
bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, &(0x7f0000000140), 0x100000, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @loopback={0x0, 0x1}}, 0x1c)

17:35:19 executing program 6:
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000300)=[{{&(0x7f0000000000)=@alg, 0x80, &(0x7f0000000240)=[{&(0x7f0000000080)=""/223, 0xdf}, {&(0x7f0000000180)=""/15, 0xf}, {&(0x7f00000001c0)=""/123, 0x7b}], 0x3, &(0x7f0000000280)=""/93, 0x5d, 0x7}, 0x5a}], 0x1, 0x100, &(0x7f0000000680)={0x77359400})
sendto$llc(r0, &(0x7f0000000340)="fd56b113ee5db94323df61f5855086e9f4981b2fc5b59c8f56f8b4182ad1d726c1bae545e63d665c2bfe32ed59a11b887ee3c6dc05a328a82e1813a4d4e91220a3dc6d1db1928da4e26c0518b0e6649ca952bb47e621dd7db13944ec946d37aba5087dce9168039ef92b265c293b9043163f5fad67aba28ea08c21691529ba62ea21dce97070d7e89bc3065b2caf6ae8f701c26664cb46a21946eaee2cd0ccd9083874be45da955d00da738f5c937052109a650deac764dec5ded45a463eaf6231721f59c8dc342f820024f53f87fa54cac62182636b35c33b886a339c4d288f3db0a61fbc77900a88108cdd189863b887ef1a0b327dbd60b9036fefcb6a8b65e6b6d4db0afef17be384c0bf6b12dd45eeeefee78798dd1955dd8b0688", 0x11d, 0x0, &(0x7f00000012c0)={0x1a, 0x304, 0x0, 0x3, 0x2, 0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10)

[  113.666419] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  114.047652] FAULT_FLAG_ALLOW_RETRY missing 30
[  114.052296] CPU: 0 PID: 6596 Comm: syz-executor0 Not tainted 4.18.0-rc3-next-20180709+ #2
[  114.060617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  114.069979] Call Trace:
[  114.072676]  dump_stack+0x1c9/0x2b4
[  114.076315]  ? dump_stack_print_info.cold.2+0x52/0x52
[  114.081607]  ? kasan_check_write+0x14/0x20
[  114.085840]  ? do_raw_spin_lock+0xc1/0x200
[  114.090160]  handle_userfault.cold.33+0x47/0x62
[  114.094851]  ? userfaultfd_ioctl+0x5420/0x5420
[  114.099428]  ? trace_hardirqs_on+0x10/0x10
[  114.103664]  ? perf_event_update_userpage+0xd30/0xd30
[  114.108866]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  114.114421]  ? __perf_event_task_sched_in+0x24f/0xbb0
[  114.119604]  ? userfaultfd_ctx_put+0x810/0x810
[  114.124191]  ? perf_sched_cb_inc+0x2e0/0x2e0
[  114.128607]  ? run_rebalance_domains+0x4c0/0x4c0
[  114.133385]  ? finish_task_switch+0x1d3/0x870
[  114.137897]  ? lock_downgrade+0x8f0/0x8f0
[  114.142044]  ? finish_task_switch+0xf1/0x870
[  114.146499]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  114.151085]  ? trace_hardirqs_on+0x10/0x10
[  114.155344]  ? trace_hardirqs_on+0xd/0x10
[  114.159494]  ? lock_acquire+0x1e4/0x540
[  114.163586]  ? __handle_mm_fault+0x3a24/0x4480
[  114.168161]  ? lock_downgrade+0x8f0/0x8f0
[  114.172311]  ? kasan_check_read+0x11/0x20
[  114.176447]  ? do_raw_spin_unlock+0xa7/0x2f0
[  114.180850]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  114.185426]  ? kasan_check_write+0x14/0x20
[  114.189661]  ? do_raw_spin_lock+0xc1/0x200
[  114.193987]  __handle_mm_fault+0x3a31/0x4480
[  114.198405]  ? vmf_insert_mixed_mkwrite+0xa0/0xa0
[  114.203241]  ? plist_check_list+0xa0/0xa0
[  114.207388]  ? check_preempt_wakeup+0x546/0x1280
[  114.212229]  ? lock_acquire+0x1e4/0x540
[  114.216205]  ? handle_mm_fault+0x417/0xc80
[  114.220440]  ? lock_downgrade+0x8f0/0x8f0
[  114.224589]  ? lock_release+0xa30/0xa30
[  114.228665]  ? rcu_note_context_switch+0x730/0x730
[  114.233585]  ? mem_cgroup_from_task+0xcb/0x1f0
[  114.238177]  ? mem_cgroup_css_online+0x3c0/0x3c0
[  114.242933]  handle_mm_fault+0x53e/0xc80
[  114.246985]  ? __handle_mm_fault+0x4480/0x4480
[  114.251658]  ? find_vma+0x34/0x190
[  114.255199]  __do_page_fault+0x620/0xe50
[  114.259256]  ? mm_fault_error+0x380/0x380
[  114.263393]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  114.268413]  ? futex_wait_setup+0x281/0x410
[  114.272738]  do_page_fault+0xf6/0x8c0
[  114.276539]  ? vmalloc_sync_all+0x30/0x30
[  114.280691]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  114.286216]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  114.291308]  ? futex_wait+0x5d2/0xa20
[  114.295119]  ? lock_acquire+0x1e4/0x540
[  114.299084]  ? __might_fault+0x12b/0x1e0
[  114.303137]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  114.307977]  page_fault+0x1e/0x30
[  114.311420] RIP: 0010:copy_user_generic_unrolled+0x9e/0xc0
[  114.317033] Code: 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 <8a> 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 31 c0 0f 1f 00 c3 0f 1f 
[  114.336319] RSP: 0018:ffff8801962b77f0 EFLAGS: 00010202
[  114.341692] RAX: 0000000000000004 RBX: 0000000000000004 RCX: 0000000000000004
[  114.348950] RDX: 0000000000000004 RSI: 0000000020013000 RDI: ffff8801962b7890
[  114.356208] RBP: ffff8801962b7828 R08: ffffed0032c56f13 R09: ffffed0032c56f12
[  114.363564] R10: ffffed0032c56f12 R11: 0000000000000003 R12: 0000000020013004
[  114.370841] R13: 0000000020013000 R14: ffff8801962b7890 R15: 00007ffffffff000
[  114.378385]  ? _copy_from_user+0x10d/0x150
[  114.382618]  evdev_do_ioctl+0xb69/0x21a0
[  114.386678]  ? is_bpf_text_address+0xae/0x170
[  114.392496]  ? str_to_user+0x90/0x90
[  114.396203]  ? do_futex+0x249/0x27d0
[  114.399924]  ? kasan_check_read+0x11/0x20
[  114.404171]  ? rcu_is_watching+0x8c/0x150
[  114.408311]  ? rcu_cleanup_dead_rnp+0x200/0x200
[  114.412972]  ? __kernel_text_address+0xd/0x40
[  114.417487]  ? exit_robust_list+0x290/0x290
[  114.421812]  ? lock_acquire+0x1e4/0x540
[  114.425781]  ? __fget+0x4ac/0x740
[  114.429227]  ? lock_downgrade+0x8f0/0x8f0
[  114.433366]  ? lock_release+0xa30/0xa30
[  114.437338]  ? save_stack+0xa9/0xd0
[  114.440965]  ? save_stack+0x43/0xd0
[  114.444604]  ? __fget+0x4d5/0x740
[  114.448145]  ? ksys_dup3+0x690/0x690
[  114.451951]  ? do_raw_spin_trylock+0x1c0/0x1c0
[  114.456625]  evdev_ioctl_handler+0x144/0x1a0
[  114.461041]  evdev_ioctl+0x27/0x2e
[  114.464578]  ? evdev_ioctl_compat+0x30/0x30
[  114.468901]  do_vfs_ioctl+0x1de/0x1720
[  114.472809]  ? ioctl_preallocate+0x300/0x300
[  114.477208]  ? __fget_light+0x2f7/0x440
[  114.481183]  ? fget_raw+0x20/0x20
[  114.485508]  ? trace_hardirqs_on+0xd/0x10
[  114.489651]  ? __x64_sys_futex+0x47f/0x6a0
[  114.493978]  ? do_futex+0x27d0/0x27d0
[  114.497776]  ? security_file_ioctl+0x94/0xc0
[  114.502188]  ksys_ioctl+0xa9/0xd0
[  114.505638]  __x64_sys_ioctl+0x73/0xb0
[  114.509524]  do_syscall_64+0x1b9/0x820
[  114.513519]  ? finish_task_switch+0x1d3/0x870
[  114.518037]  ? syscall_return_slowpath+0x5e0/0x5e0
[  114.522987]  ? syscall_return_slowpath+0x31d/0x5e0
[  114.527914]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  114.532929]  ? prepare_exit_to_usermode+0x291/0x3b0
[  114.538034]  ? perf_trace_sys_enter+0xb10/0xb10
[  114.542697]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  114.547564]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  114.552753] RIP: 0033:0x455e29
[  114.555938] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  114.575554] RSP: 002b:00007ff988da4c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  114.583594] RAX: ffffffffffffffda RBX: 00007ff988da56d4 RCX: 0000000000455e29
[  114.590851] RDX: 0000000020013000 RSI: 00000000400445a0 RDI: 0000000000000014
[  114.598107] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  114.605370] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  114.612805] R13: 00000000004bd5a1 R14: 00000000004cbbd0 R15: 0000000000000000
17:35:20 executing program 0:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = open(&(0x7f00000004c0)='./file0\x00', 0x14104a, 0x0)
write$evdev(r0, &(0x7f0000037fe8)=[{}], 0x18)
inotify_init()
sendfile(r0, r0, &(0x7f0000000080), 0x2000000800004c36)
creat(&(0x7f00000000c0)='./file0\x00', 0x4)

17:35:20 executing program 2:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x3a7c00000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x5)
perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0)
ftruncate(r0, 0x1000)
lseek(r0, 0x0, 0x2)
r1 = semget$private(0x0, 0x0, 0x10)
ioctl$FIONREAD(r0, 0x541b, &(0x7f00000003c0))
fstat(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
r3 = getgid()
r4 = getuid()
semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000440)={{0x10001, r2, r3, r4, 0x0, 0x81, 0x401}, 0x4, 0x3, 0x800})
r5 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x40)
r6 = open(&(0x7f0000000240)='./bus\x00', 0x105000, 0x0)
sendfile(r0, r6, &(0x7f0000d83ff8), 0x8000fffffffe)
syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x5, 0x1)
socket$key(0xf, 0x3, 0x2)
ftruncate(r5, 0x0)
keyctl$get_security(0x11, 0x0, &(0x7f0000000200)=""/6, 0x6)
readlinkat(0xffffffffffffffff, &(0x7f0000000140)='./bus\x00', &(0x7f0000000280)=""/168, 0xa8)

17:35:20 executing program 7:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sysfs$1(0x1, &(0x7f0000000000)='vfat\x00')

17:35:20 executing program 5:
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0)
membarrier(0x10, 0x0)

17:35:20 executing program 1:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000580), &(0x7f00000005c0)=0x4)
chown(&(0x7f0000000540)='./file0\x00', 0x0, 0x0)

17:35:20 executing program 3:
r0 = perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = inotify_init1(0x80000)
fcntl$setown(r1, 0x8, 0xffffffffffffffff)
fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, <r2=>0x0})
ptrace$setopts(0x4206, r2, 0x0, 0x0)
ptrace(0x4207, r2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={"79616d300001178b00", 0x4013})
ptrace$setregset(0x4209, r2, 0x20000004, &(0x7f0000000100)={&(0x7f0000000040)})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x4, 0xffffffffffff143a, 0x0, 'queue0\x00'})

17:35:20 executing program 6:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
sendmmsg(r0, &(0x7f0000000140)=[{{&(0x7f0000000300)=@nfc={0x27, 0x1}, 0x81, &(0x7f0000000080), 0x0, &(0x7f0000000000)}}, {{&(0x7f0000000280)=@in6={0xa, 0x0, 0x4, @loopback={0x0, 0x1}}, 0x80, &(0x7f0000000080), 0x1, &(0x7f0000000000), 0x142}}], 0x2, 0x0)

17:35:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x800000000002)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4030ae7b, &(0x7f0000000080))

17:35:20 executing program 7:
sysfs$1(0x1, &(0x7f0000000000)='vfat\x00')

17:35:20 executing program 1:
mkdir(&(0x7f00001a3000)='./file0\x00', 0x0)
open(&(0x7f0000000440)='./file0\x00', 0x1e5c805226d999a7, 0x0)

17:35:20 executing program 5:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x4)
ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, &(0x7f0000000100)={0xfd, 0x3ff, 0x100000000, 0x0, 0x0, 0xffffffffffffff7f})
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000600)={0x11, 0x10, 0xfa00, {&(0x7f0000000480)}}, 0x18)

17:35:20 executing program 6:
r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd(0x0)
dup2(r3, r0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000015c0)={r3})
close(r3)
eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000040)={r3})
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3})

17:35:20 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0)
ioctl$LOOP_CLR_FD(r0, 0x4c02)

17:35:20 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$bt_rfcomm(0x1f, 0x1, 0x3)
accept(r0, &(0x7f0000000000)=@ax25, &(0x7f00000000c0)=0x80)

[  115.033546] ==================================================================
[  115.041095] BUG: KASAN: use-after-free in irq_bypass_register_consumer+0x4e1/0x550
[  115.048942] Read of size 8 at addr ffff8801d8da0178 by task syz-executor6/6708
[  115.056304] 
[  115.057953] CPU: 1 PID: 6708 Comm: syz-executor6 Not tainted 4.18.0-rc3-next-20180709+ #2
[  115.066283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  115.075646] Call Trace:
[  115.078291]  dump_stack+0x1c9/0x2b4
[  115.081933]  ? dump_stack_print_info.cold.2+0x52/0x52
[  115.087213]  ? printk+0xa7/0xcf
[  115.090531]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  115.095318]  ? irq_bypass_register_consumer+0x4e1/0x550
[  115.100719]  print_address_description+0x6c/0x20b
[  115.105614]  ? irq_bypass_register_consumer+0x4e1/0x550
[  115.111013]  kasan_report.cold.7+0x242/0x30d
[  115.115463]  __asan_report_load8_noabort+0x14/0x20
[  115.121120]  irq_bypass_register_consumer+0x4e1/0x550
[  115.126353]  ? __disconnect+0x1b0/0x1b0
[  115.130460]  kvm_irqfd+0x198e/0x1ef0
[  115.134196]  ? check_same_owner+0x340/0x340
[  115.138544]  ? do_raw_spin_unlock+0xa7/0x2f0
[  115.143078]  ? kvm_eventfd_init+0x2c0/0x2c0
[  115.147687]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  115.153358]  ? futex_wait_queue_me+0x553/0x830
[  115.158080]  ? refill_pi_state_cache.part.8+0x320/0x320
[  115.163772]  ? kasan_check_write+0x14/0x20
[  115.168113]  ? do_raw_spin_lock+0xc1/0x200
[  115.172382]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  115.177975]  ? lock_acquire+0x1e4/0x540
[  115.181968]  ? __might_fault+0x12b/0x1e0
[  115.186061]  ? lock_downgrade+0x8f0/0x8f0
[  115.190542]  ? lock_release+0xa30/0xa30
[  115.194633]  ? check_same_owner+0x340/0x340
[  115.199168]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  115.204400]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  115.210572]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  115.216120]  ? _copy_from_user+0xdf/0x150
[  115.220295]  kvm_vm_ioctl+0xf80/0x1d80
[  115.224197]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  115.229305]  ? futex_wake+0x304/0x760
[  115.233124]  ? kvm_set_memory_region+0x50/0x50
[  115.237733]  ? alloc_file+0x29/0x3e0
[  115.241516]  ? anon_inode_getfile+0x2a2/0x4e0
[  115.246379]  ? anon_inode_getfd+0x52/0xb0
[  115.250547]  ? do_eventfd+0x1ce/0x2a0
[  115.254368]  ? __x64_sys_eventfd+0x33/0x40
[  115.258646]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  115.264039]  ? do_futex+0x249/0x27d0
[  115.267798]  ? lock_release+0xa30/0xa30
[  115.271876]  ? memcg_kmem_get_cache+0x3a9/0x9d0
[  115.276559]  ? fs_reclaim_acquire+0x20/0x20
[  115.280894]  ? exit_robust_list+0x290/0x290
[  115.285344]  ? lockdep_init_map+0x9/0x10
[  115.289428]  ? lock_acquire+0x1e4/0x540
[  115.293414]  ? __fget+0x4ac/0x740
[  115.296898]  ? lock_downgrade+0x8f0/0x8f0
[  115.301068]  ? lock_release+0xa30/0xa30
[  115.305067]  ? __fd_install+0x2b2/0x880
[  115.309063]  ? __fget+0x4d5/0x740
[  115.312704]  ? ksys_dup3+0x690/0x690
[  115.316519]  ? get_unused_fd_flags+0x1a0/0x1a0
[  115.321124]  ? kvm_set_memory_region+0x50/0x50
[  115.325713]  do_vfs_ioctl+0x1de/0x1720
[  115.329628]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  115.335181]  ? anon_inode_getfile+0x388/0x4e0
[  115.339689]  ? ioctl_preallocate+0x300/0x300
[  115.344101]  ? __fget_light+0x2f7/0x440
[  115.348091]  ? fget_raw+0x20/0x20
[  115.351563]  ? __x64_sys_futex+0x47f/0x6a0
[  115.355816]  ? anon_inode_getfd+0x81/0xb0
[  115.359985]  ? do_futex+0x27d0/0x27d0
[  115.363823]  ? security_file_ioctl+0x94/0xc0
[  115.368258]  ksys_ioctl+0xa9/0xd0
[  115.371737]  __x64_sys_ioctl+0x73/0xb0
[  115.375660]  do_syscall_64+0x1b9/0x820
[  115.379573]  ? syscall_slow_exit_work+0x500/0x500
[  115.384428]  ? syscall_return_slowpath+0x5e0/0x5e0
[  115.389462]  ? syscall_return_slowpath+0x31d/0x5e0
[  115.394446]  ? prepare_exit_to_usermode+0x291/0x3b0
[  115.399476]  ? perf_trace_sys_enter+0xb10/0xb10
[  115.404165]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  115.409026]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  115.414299] RIP: 0033:0x455e29
[  115.417479] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  115.437014] RSP: 002b:00007f8265a3bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  115.444754] RAX: ffffffffffffffda RBX: 00007f8265a3c6d4 RCX: 0000000000455e29
[  115.452152] RDX: 00000000200015c0 RSI: 000000004020ae76 RDI: 0000000000000017
[  115.459608] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  115.466889] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  115.474242] R13: 00000000004bdf94 R14: 00000000004cc800 R15: 0000000000000000
[  115.481511] 
[  115.483144] Allocated by task 6708:
[  115.486783]  save_stack+0x43/0xd0
[  115.490267]  kasan_kmalloc+0xc4/0xe0
[  115.493999]  kmem_cache_alloc_trace+0x152/0x780
[  115.498709]  kvm_irqfd+0x18f/0x1ef0
[  115.502352]  kvm_vm_ioctl+0xf80/0x1d80
[  115.506255]  do_vfs_ioctl+0x1de/0x1720
[  115.510149]  ksys_ioctl+0xa9/0xd0
[  115.514996]  __x64_sys_ioctl+0x73/0xb0
[  115.518899]  do_syscall_64+0x1b9/0x820
[  115.522880]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  115.528059] 
[  115.529699] Freed by task 40:
17:35:21 executing program 7:
sysfs$1(0x1, &(0x7f0000000000)='vfat\x00')

[  115.532806]  save_stack+0x43/0xd0
[  115.536354]  __kasan_slab_free+0x11a/0x170
[  115.540966]  kasan_slab_free+0xe/0x10
[  115.544779]  kfree+0xd9/0x260
[  115.547907]  irqfd_shutdown+0x144/0x1c0
[  115.551897]  process_one_work+0xc73/0x1ba0
[  115.556149]  worker_thread+0x189/0x13c0
[  115.560133]  kthread+0x345/0x410
[  115.563510]  ret_from_fork+0x3a/0x50
[  115.567247] 
[  115.568884] The buggy address belongs to the object at ffff8801d8da0000
[  115.568884]  which belongs to the cache kmalloc-512 of size 512
17:35:21 executing program 7:
sysfs$1(0x1, &(0x7f0000000000)='vfat\x00')

[  115.581647] The buggy address is located 376 bytes inside of
[  115.581647]  512-byte region [ffff8801d8da0000, ffff8801d8da0200)
[  115.593522] The buggy address belongs to the page:
[  115.598462] page:ffffea0007636800 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0
[  115.606618] flags: 0x2fffc0000000100(slab)
[  115.610877] raw: 02fffc0000000100 ffffea0007638cc8 ffffea0006aa6f48 ffff8801da800940
[  115.618773] raw: 0000000000000000 ffff8801d8da0000 0000000100000006 0000000000000000
[  115.626655] page dumped because: kasan: bad access detected
[  115.632363] 
[  115.633987] Memory state around the buggy address:
[  115.638930]  ffff8801d8da0000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.646476]  ffff8801d8da0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.653845] >ffff8801d8da0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.661216]                                                                 ^
[  115.668574]  ffff8801d8da0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.675932]  ffff8801d8da0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  115.683371] ==================================================================
[  115.691870] Kernel panic - not syncing: panic_on_warn set ...
[  115.691870] 
[  115.699267] CPU: 1 PID: 6708 Comm: syz-executor6 Tainted: G    B             4.18.0-rc3-next-20180709+ #2
[  115.709406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  115.718834] Call Trace:
[  115.722198]  dump_stack+0x1c9/0x2b4
[  115.725901]  ? dump_stack_print_info.cold.2+0x52/0x52
[  115.731101]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  115.736032]  panic+0x238/0x4e7
[  115.739220]  ? add_taint.cold.5+0x16/0x16
[  115.743365]  ? do_raw_spin_unlock+0xa7/0x2f0
[  115.747778]  ? do_raw_spin_unlock+0xa7/0x2f0
[  115.752176]  ? irq_bypass_register_consumer+0x4e1/0x550
[  115.757526]  kasan_end_report+0x47/0x4f
[  115.761484]  kasan_report.cold.7+0x76/0x30d
[  115.765802]  __asan_report_load8_noabort+0x14/0x20
[  115.770722]  irq_bypass_register_consumer+0x4e1/0x550
[  115.775901]  ? __disconnect+0x1b0/0x1b0
[  115.779873]  kvm_irqfd+0x198e/0x1ef0
[  115.783572]  ? check_same_owner+0x340/0x340
[  115.787888]  ? do_raw_spin_unlock+0xa7/0x2f0
[  115.792388]  ? kvm_eventfd_init+0x2c0/0x2c0
[  115.796700]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  115.802226]  ? futex_wait_queue_me+0x553/0x830
[  115.806799]  ? refill_pi_state_cache.part.8+0x320/0x320
[  115.812170]  ? kasan_check_write+0x14/0x20
[  115.816390]  ? do_raw_spin_lock+0xc1/0x200
[  115.820620]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  115.826157]  ? lock_acquire+0x1e4/0x540
[  115.830119]  ? __might_fault+0x12b/0x1e0
[  115.834169]  ? lock_downgrade+0x8f0/0x8f0
[  115.838310]  ? lock_release+0xa30/0xa30
[  115.842273]  ? check_same_owner+0x340/0x340
[  115.846586]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  115.851767]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  115.857298]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  115.862834]  ? _copy_from_user+0xdf/0x150
[  115.867236]  kvm_vm_ioctl+0xf80/0x1d80
[  115.871381]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[  115.876477]  ? futex_wake+0x304/0x760
[  115.880266]  ? kvm_set_memory_region+0x50/0x50
[  115.884849]  ? alloc_file+0x29/0x3e0
[  115.888577]  ? anon_inode_getfile+0x2a2/0x4e0
[  115.893064]  ? anon_inode_getfd+0x52/0xb0
[  115.897198]  ? do_eventfd+0x1ce/0x2a0
[  115.901000]  ? __x64_sys_eventfd+0x33/0x40
[  115.905248]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  115.910622]  ? do_futex+0x249/0x27d0
[  115.914333]  ? lock_release+0xa30/0xa30
[  115.918300]  ? memcg_kmem_get_cache+0x3a9/0x9d0
[  115.922957]  ? fs_reclaim_acquire+0x20/0x20
[  115.927267]  ? exit_robust_list+0x290/0x290
[  115.931586]  ? lockdep_init_map+0x9/0x10
[  115.935901]  ? lock_acquire+0x1e4/0x540
[  115.939962]  ? __fget+0x4ac/0x740
[  115.943423]  ? lock_downgrade+0x8f0/0x8f0
[  115.947557]  ? lock_release+0xa30/0xa30
[  115.951518]  ? __fd_install+0x2b2/0x880
[  115.955482]  ? __fget+0x4d5/0x740
[  115.958933]  ? ksys_dup3+0x690/0x690
[  115.963072]  ? get_unused_fd_flags+0x1a0/0x1a0
[  115.967911]  ? kvm_set_memory_region+0x50/0x50
[  115.972479]  do_vfs_ioctl+0x1de/0x1720
[  115.976363]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  115.981896]  ? anon_inode_getfile+0x388/0x4e0
[  115.986377]  ? ioctl_preallocate+0x300/0x300
[  115.990795]  ? __fget_light+0x2f7/0x440
[  115.994755]  ? fget_raw+0x20/0x20
[  115.998212]  ? __x64_sys_futex+0x47f/0x6a0
[  116.002604]  ? anon_inode_getfd+0x81/0xb0
[  116.006755]  ? do_futex+0x27d0/0x27d0
[  116.010542]  ? security_file_ioctl+0x94/0xc0
[  116.014943]  ksys_ioctl+0xa9/0xd0
[  116.018383]  __x64_sys_ioctl+0x73/0xb0
[  116.022359]  do_syscall_64+0x1b9/0x820
[  116.026323]  ? syscall_slow_exit_work+0x500/0x500
[  116.031167]  ? syscall_return_slowpath+0x5e0/0x5e0
[  116.036084]  ? syscall_return_slowpath+0x31d/0x5e0
[  116.041007]  ? prepare_exit_to_usermode+0x291/0x3b0
[  116.046018]  ? perf_trace_sys_enter+0xb10/0xb10
[  116.050685]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  116.055617]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  116.060802] RIP: 0033:0x455e29
[  116.063979] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
[  116.083276] RSP: 002b:00007f8265a3bc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  116.090979] RAX: ffffffffffffffda RBX: 00007f8265a3c6d4 RCX: 0000000000455e29
[  116.098241] RDX: 00000000200015c0 RSI: 000000004020ae76 RDI: 0000000000000017
[  116.105502] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
[  116.112756] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  116.120011] R13: 00000000004bdf94 R14: 00000000004cc800 R15: 0000000000000000
[  116.127962] Dumping ftrace buffer:
[  116.131502]    (ftrace buffer empty)
[  116.135192] Kernel Offset: disabled
[  116.138805] Rebooting in 86400 seconds..