[   37.621303][   T26] audit: type=1800 audit(1554312458.547:25): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   37.654001][   T26] audit: type=1800 audit(1554312458.547:26): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   37.676099][   T26] audit: type=1800 audit(1554312458.547:27): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   37.722224][   T26] audit: type=1800 audit(1554312458.647:28): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts.
2019/04/03 17:27:49 fuzzer started
2019/04/03 17:27:52 dialing manager at 10.128.0.26:44045
2019/04/03 17:27:52 syscalls: 2408
2019/04/03 17:27:52 code coverage: enabled
2019/04/03 17:27:52 comparison tracing: enabled
2019/04/03 17:27:52 extra coverage: extra coverage is not supported by the kernel
2019/04/03 17:27:52 setuid sandbox: enabled
2019/04/03 17:27:52 namespace sandbox: enabled
2019/04/03 17:27:52 Android sandbox: /sys/fs/selinux/policy does not exist
2019/04/03 17:27:52 fault injection: enabled
2019/04/03 17:27:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/04/03 17:27:52 net packet injection: enabled
2019/04/03 17:27:52 net device setup: enabled
17:29:48 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'gre0\x00', <r2=>0x0})
sendmmsg(r1, &(0x7f0000008a80)=[{{&(0x7f0000000180)=@ll={0x11, 0x6558, r2, 0x1, 0x0, 0x6, @link_local}, 0x80, 0x0}}], 0x300, 0x0)

syzkaller login: [  167.446881][ T7793] IPVS: ftp: loaded support on port[0] = 21
17:29:48 executing program 1:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'hsr0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@setlink={0x28, 0x13, 0x205, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKMODE={0x8, 0xa, 0x10}]}, 0x28}}, 0x0)

[  167.562100][ T7793] chnl_net:caif_netlink_parms(): no params data found
[  167.647806][ T7793] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.667337][ T7793] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.681172][ T7793] device bridge_slave_0 entered promiscuous mode
[  167.690452][ T7793] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.697532][ T7793] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.707077][ T7793] device bridge_slave_1 entered promiscuous mode
[  167.734990][ T7793] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  167.746512][ T7793] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  167.749644][ T7796] IPVS: ftp: loaded support on port[0] = 21
[  167.781143][ T7793] team0: Port device team_slave_0 added
[  167.788533][ T7793] team0: Port device team_slave_1 added
17:29:48 executing program 2:
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x0, 0x0)
ioctl$VHOST_GET_FEATURES(r0, 0x80044dfc, &(0x7f0000000140))

[  167.872262][ T7793] device hsr_slave_0 entered promiscuous mode
[  167.909680][ T7793] device hsr_slave_1 entered promiscuous mode
[  167.981841][ T7798] IPVS: ftp: loaded support on port[0] = 21
[  167.995114][ T7793] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.002502][ T7793] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.010482][ T7793] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.017720][ T7793] bridge0: port 1(bridge_slave_0) entered forwarding state
17:29:49 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x805, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
clone(0x13102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x35)
ptrace$cont(0x18, r2, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x13d})
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x0, 0x0)
r3 = getpid()
tkill(r3, 0x3a)

[  168.168145][ T7796] chnl_net:caif_netlink_parms(): no params data found
[  168.185434][ T7793] 8021q: adding VLAN 0 to HW filter on device bond0
[  168.246639][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  168.268485][ T3759] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.289940][ T3759] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.305078][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  168.326956][ T7793] 8021q: adding VLAN 0 to HW filter on device team0
17:29:49 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
clone(0x3102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
futex(&(0x7f0000000040)=0x2, 0x8b, 0x2, &(0x7f0000000080)={0x77359400}, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0xd)

[  168.375173][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  168.385386][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.392515][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.402546][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  168.411084][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.418332][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.435654][ T7805] IPVS: ftp: loaded support on port[0] = 21
[  168.475939][ T7798] chnl_net:caif_netlink_parms(): no params data found
[  168.516926][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  168.541446][ T7796] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.548541][ T7796] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.557764][ T7796] device bridge_slave_0 entered promiscuous mode
[  168.577586][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  168.591327][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  168.602590][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  168.613546][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  168.626595][ T7793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  168.644777][ T7796] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.657832][ T7796] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.666629][ T7796] device bridge_slave_1 entered promiscuous mode
[  168.704597][ T7807] IPVS: ftp: loaded support on port[0] = 21
17:29:49 executing program 5:
futex(&(0x7f00000000c0), 0x8c, 0x1, 0x0, 0x0, 0x0)

[  168.768102][ T7793] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.801320][ T7796] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  168.818498][ T7796] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  168.859867][ T7798] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.871399][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.879548][ T7798] device bridge_slave_0 entered promiscuous mode
[  168.911258][ T7798] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.918364][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.933678][ T7798] device bridge_slave_1 entered promiscuous mode
[  168.957898][ T7796] team0: Port device team_slave_0 added
[  168.974027][ T7796] team0: Port device team_slave_1 added
[  168.996959][ T7809] IPVS: ftp: loaded support on port[0] = 21
[  169.014345][ T7798] bond0: Enslaving bond_slave_0 as an active interface with an up link
17:29:49 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
sendfile(r1, r1, &(0x7f00000000c0)=0x4c000000, 0x10a000d04)

17:29:50 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070")
r1 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="24000000020807031dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0)

[  169.057657][ T7798] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  169.161317][ T7796] device hsr_slave_0 entered promiscuous mode
[  169.199594][ T7824] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  169.199925][ T7796] device hsr_slave_1 entered promiscuous mode
17:29:50 executing program 0:
r0 = socket$inet(0x10, 0x2, 0xc)
sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000a200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0)

[  169.308522][ T7824] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  169.321420][ T7807] chnl_net:caif_netlink_parms(): no params data found
[  169.340440][ T7798] team0: Port device team_slave_0 added
[  169.348031][ T7798] team0: Port device team_slave_1 added
[  169.382509][ T7805] chnl_net:caif_netlink_parms(): no params data found
17:29:50 executing program 0:
r0 = socket$inet(0x10, 0x2, 0xc)
sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000a200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0)

17:29:50 executing program 0:
r0 = socket$inet(0x10, 0x2, 0xc)
sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000a200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0)

17:29:50 executing program 0:
r0 = socket$inet(0x10, 0x2, 0xc)
sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000a200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0)

17:29:50 executing program 0:
clone(0x4000002102001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\f', 0xffffffffffffffff, 0x4c00000000006874}, &(0x7f0000001fee)='R\trist\xe3cusgrVid:D2', 0x0)

[  169.482028][ T7798] device hsr_slave_0 entered promiscuous mode
[  169.511739][ T7798] device hsr_slave_1 entered promiscuous mode
[  169.637768][ T7807] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.645542][ T7807] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.653651][ T7807] device bridge_slave_0 entered promiscuous mode
[  169.693896][ T7807] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.701462][ T7807] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.709415][ T7807] device bridge_slave_1 entered promiscuous mode
[  169.735514][ T7805] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.742959][ T7805] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.751450][ T7805] device bridge_slave_0 entered promiscuous mode
[  169.783666][ T7807] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  169.794966][ T7805] bridge0: port 2(bridge_slave_1) entered blocking state
[  169.802257][ T7805] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.810777][ T7805] device bridge_slave_1 entered promiscuous mode
[  169.834903][ T7805] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  169.846716][ T7807] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  169.860068][ T7805] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  169.883542][ T7807] team0: Port device team_slave_0 added
[  169.892012][ T7809] chnl_net:caif_netlink_parms(): no params data found
[  169.924508][ T7807] team0: Port device team_slave_1 added
[  169.954797][ T7796] 8021q: adding VLAN 0 to HW filter on device bond0
[  169.974024][ T7805] team0: Port device team_slave_0 added
[  170.010785][ T7805] team0: Port device team_slave_1 added
[  170.062132][ T7807] device hsr_slave_0 entered promiscuous mode
[  170.099875][ T7807] device hsr_slave_1 entered promiscuous mode
[  170.147122][ T7796] 8021q: adding VLAN 0 to HW filter on device team0
[  170.162976][ T7809] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.170582][ T7809] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.178259][ T7809] device bridge_slave_0 entered promiscuous mode
[  170.188637][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  170.196560][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  170.264615][ T7805] device hsr_slave_0 entered promiscuous mode
[  170.319877][ T7805] device hsr_slave_1 entered promiscuous mode
[  170.359643][ T7809] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.366759][ T7809] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.374894][ T7809] device bridge_slave_1 entered promiscuous mode
[  170.391654][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  170.400634][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  170.409423][ T2989] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.416497][ T2989] bridge0: port 1(bridge_slave_0) entered forwarding state
[  170.443346][ T7798] 8021q: adding VLAN 0 to HW filter on device bond0
[  170.459301][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  170.467896][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  170.477027][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  170.485551][ T2989] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.493305][ T2989] bridge0: port 2(bridge_slave_1) entered forwarding state
[  170.501917][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  170.519888][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  170.528600][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  170.537689][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  170.550725][ T7809] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  170.561503][ T7809] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  170.594259][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  170.602397][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  170.611041][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  170.619672][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  170.627948][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  170.637428][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  170.646175][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  170.664978][ T7798] 8021q: adding VLAN 0 to HW filter on device team0
[  170.681267][ T7796] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  170.690396][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  170.698109][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  170.717849][ T7809] team0: Port device team_slave_0 added
[  170.744641][ T7809] team0: Port device team_slave_1 added
[  170.764052][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  170.774656][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  170.783185][ T7799] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.790328][ T7799] bridge0: port 1(bridge_slave_0) entered forwarding state
[  170.798146][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  170.807207][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  170.815638][ T7799] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.822813][ T7799] bridge0: port 2(bridge_slave_1) entered forwarding state
[  170.845941][ T7805] 8021q: adding VLAN 0 to HW filter on device bond0
[  170.881159][ T7809] device hsr_slave_0 entered promiscuous mode
[  170.929844][ T7809] device hsr_slave_1 entered promiscuous mode
[  170.972502][ T7796] 8021q: adding VLAN 0 to HW filter on device batadv0
[  170.982351][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  170.990730][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  170.999101][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  171.043428][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  171.051901][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  171.062584][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  171.076390][ T7807] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.104414][ T7805] 8021q: adding VLAN 0 to HW filter on device team0
[  171.124438][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  171.133310][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  171.141970][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  171.150379][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  171.162324][ T7807] 8021q: adding VLAN 0 to HW filter on device team0
[  171.175491][ T7848] team0: Device hsr0 is up. Set it down before adding it as a team port
[  171.184594][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  171.194000][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  171.203040][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  171.211658][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  171.220571][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.227654][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.235412][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  171.244370][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  171.252907][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.260005][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.268114][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  171.290510][ T7850] team0: Device hsr0 is up. Set it down before adding it as a team port
17:29:52 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x100000})
ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="0f35"])
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  171.311698][ T7798] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  171.324945][ T7798] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  171.349308][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  171.357875][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  171.377829][ T7853] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  171.383607][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.400191][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.408756][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  171.423051][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  171.433176][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  171.442312][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  171.451354][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  171.463183][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.470326][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.478674][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  171.488528][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  171.497224][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  171.506919][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  171.518079][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  171.529819][ T3759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  171.577826][ T7809] 8021q: adding VLAN 0 to HW filter on device bond0
[  171.598890][ T7807] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  171.614852][ T7807] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  171.637450][ T7798] 8021q: adding VLAN 0 to HW filter on device batadv0
[  171.663510][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  171.677303][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  171.689926][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  171.698145][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  171.706687][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  171.715062][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  171.723737][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  171.732249][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  171.740691][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  171.748867][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  171.757581][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  171.765779][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  171.774674][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  171.784363][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  171.792319][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  171.800246][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  171.814774][ T7807] 8021q: adding VLAN 0 to HW filter on device batadv0
[  171.842791][ T7809] 8021q: adding VLAN 0 to HW filter on device team0
[  171.877350][ T7805] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
17:29:52 executing program 2:
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
close(r0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000000c0))

[  171.914826][ T7805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  171.928312][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  171.950186][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  171.957948][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  171.972598][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  171.983408][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  171.991803][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  172.013707][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  172.021369][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  172.029953][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  172.038271][ T7799] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.045403][ T7799] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.052905][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  172.061878][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  172.070968][ T7799] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.078019][ T7799] bridge0: port 2(bridge_slave_1) entered forwarding state
[  172.085799][ T7799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  172.095696][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  172.111762][ T7805] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.134628][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  172.147400][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  172.158682][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  172.177717][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  172.186901][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  172.195860][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  172.210655][ T7809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  172.239790][ T7809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  172.261317][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  172.278491][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  172.293671][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  172.302237][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  172.310413][   T26] kauditd_printk_skb: 2 callbacks suppressed
[  172.310428][   T26] audit: type=1326 audit(1554312593.227:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7874 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4582b9 code=0x0
[  172.339432][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
17:29:53 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x805, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
clone(0x13102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x35)
ptrace$cont(0x18, r2, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x13d})
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x0, 0x0)
r3 = getpid()
tkill(r3, 0x3a)

17:29:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7b, 0x600000000000000, [0x0, 0x0, 0x40000105], [0xc2]})

[  172.392748][ T7809] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.452447][   T26] audit: type=1326 audit(1554312593.377:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7886 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=231 compat=0 ip=0x4582b9 code=0x0
17:29:53 executing program 5:
futex(&(0x7f00000000c0), 0x8c, 0x1, 0x0, 0x0, 0x0)

17:29:53 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0xa0007})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x3fd, 0x0, 0x0, 0xfffffffffffffe60)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0))

17:29:53 executing program 2:
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
close(r0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000000c0))

17:29:53 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
accept4(r1, &(0x7f0000000640)=@xdp, &(0x7f0000000100)=0x80, 0x800)
accept4(r1, &(0x7f00000009c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4}}}, &(0x7f0000000180)=0x80, 0x80800)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x40000000013f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e21, 0x8000000000000000, @dev}, r3}}, 0x48)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x6}, &(0x7f00000002c0)=0x8)
capset(&(0x7f0000000240), &(0x7f0000001fe8)={0x7f, 0x0, 0x0, 0x0, 0x5})
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80, 0x0)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r4, &(0x7f0000000600)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18)
request_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0), &(0x7f0000000140)='hash\x00', 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r5, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"v\x19n{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t', 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/4\x00')
lseek(r6, 0x20400001, 0x0)
shmat(0x0, &(0x7f0000511000/0x1000)=nil, 0x5000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
write$P9_RXATTRWALK(r6, &(0x7f0000000080)={0xf}, 0x2000008f)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000000)={0x2, 0xcdbc})

17:29:53 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x805, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
clone(0x13102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x35)
ptrace$cont(0x18, r2, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x13d})
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x0, 0x0)
r3 = getpid()
tkill(r3, 0x3a)

17:29:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7b, 0x600000000000000, [0x0, 0x0, 0x40000105], [0xc2]})

[  172.572786][    C0] hrtimer: interrupt took 55338 ns
17:29:53 executing program 2:
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
close(r0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000000c0))

17:29:53 executing program 5:
futex(&(0x7f00000000c0), 0x8c, 0x1, 0x0, 0x0, 0x0)

17:29:53 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070")
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x805, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
clone(0x13102001fef, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x35)
ptrace$cont(0x18, r2, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x13d})
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x0, 0x0)
r3 = getpid()
tkill(r3, 0x3a)

17:29:53 executing program 1:
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0xaaaaaaaaaaaab3f, &(0x7f0000000200), 0x0, &(0x7f0000000740)={[{@gid={'gid'}}]})
getgid()

17:29:53 executing program 2:
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
close(r0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f00000000c0))

17:29:53 executing program 5:
futex(&(0x7f00000000c0), 0x8c, 0x1, 0x0, 0x0, 0x0)

17:29:53 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
accept4(r1, &(0x7f0000000640)=@xdp, &(0x7f0000000100)=0x80, 0x800)
accept4(r1, &(0x7f00000009c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4}}}, &(0x7f0000000180)=0x80, 0x80800)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x40000000013f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e21, 0x8000000000000000, @dev}, r3}}, 0x48)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x6}, &(0x7f00000002c0)=0x8)
capset(&(0x7f0000000240), &(0x7f0000001fe8)={0x7f, 0x0, 0x0, 0x0, 0x5})
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80, 0x0)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r4, &(0x7f0000000600)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18)
request_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0), &(0x7f0000000140)='hash\x00', 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r5, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"v\x19n{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t', 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/4\x00')
lseek(r6, 0x20400001, 0x0)
shmat(0x0, &(0x7f0000511000/0x1000)=nil, 0x5000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
write$P9_RXATTRWALK(r6, &(0x7f0000000080)={0xf}, 0x2000008f)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000000)={0x2, 0xcdbc})

17:29:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7b, 0x600000000000000, [0x0, 0x0, 0x40000105], [0xc2]})

17:29:53 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
accept4(r1, &(0x7f0000000640)=@xdp, &(0x7f0000000100)=0x80, 0x800)
accept4(r1, &(0x7f00000009c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4}}}, &(0x7f0000000180)=0x80, 0x80800)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x40000000013f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e21, 0x8000000000000000, @dev}, r3}}, 0x48)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x6}, &(0x7f00000002c0)=0x8)
capset(&(0x7f0000000240), &(0x7f0000001fe8)={0x7f, 0x0, 0x0, 0x0, 0x5})
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80, 0x0)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r4, &(0x7f0000000600)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18)
request_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0), &(0x7f0000000140)='hash\x00', 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r5, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"v\x19n{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t', 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/4\x00')
lseek(r6, 0x20400001, 0x0)
shmat(0x0, &(0x7f0000511000/0x1000)=nil, 0x5000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
write$P9_RXATTRWALK(r6, &(0x7f0000000080)={0xf}, 0x2000008f)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000000)={0x2, 0xcdbc})

17:29:53 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x40000, 0xfff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1})
write$P9_RUNLINKAT(r0, &(0x7f00000001c0)={0x7}, 0x7)
setxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0)

17:29:53 executing program 2:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/version\x00Z\xa2\xac\x00\x00\xb8\xb5\xa2\x8a)\xae\xcb\xf8C8ZQ%\x03\x98\xce\x12\xd9\x84\xf5*\x14\x9e\xaf\x98f\xf3\xc38(\xfes\xd4\xf3\x19R\x8b\xbd\x89\xfc\xef\xb6%\xad\xacF\xdfu\"\xeb\xb2<\x98\xadi\xbd\xc8%\t\xdfoCy\x17\x02\x00\x00\x00\xca\x02\x98\x89\x05\xb6r\xc3\xa2\r\x10\xf8\x90\xb9\xf5w$4\v8N\xcaa6\xea\xe4\xfdJ\x01^\a0v\xb8\xf1\xcd\xe4^\xea\x0f\x0f\f<\xa6N\xbd\xd0\xce\xfc\r\x9e\x8e\xa9\x1d\v\xbb\xa5\x00'/160, 0x2, 0x0)
preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1, 0x0)

17:29:54 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
accept4(r1, &(0x7f0000000640)=@xdp, &(0x7f0000000100)=0x80, 0x800)
accept4(r1, &(0x7f00000009c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4}}}, &(0x7f0000000180)=0x80, 0x80800)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x40000000013f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @loopback}, {0xa, 0x4e21, 0x8000000000000000, @dev}, r3}}, 0x48)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x6}, &(0x7f00000002c0)=0x8)
capset(&(0x7f0000000240), &(0x7f0000001fe8)={0x7f, 0x0, 0x0, 0x0, 0x5})
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80, 0x0)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r4, &(0x7f0000000600)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18)
request_key(&(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0), &(0x7f0000000140)='hash\x00', 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r5, &(0x7f00000003c0)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"v\x19n{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t', 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/4\x00')
lseek(r6, 0x20400001, 0x0)
shmat(0x0, &(0x7f0000511000/0x1000)=nil, 0x5000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
write$P9_RXATTRWALK(r6, &(0x7f0000000080)={0xf}, 0x2000008f)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000000)={0x2, 0xcdbc})

17:29:54 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f00000000c0)={0x7b, 0x600000000000000, [0x0, 0x0, 0x40000105], [0xc2]})

17:29:54 executing program 2:
r0 = socket$inet(0x2, 0x200000002, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000080)={@multicast1, @local}, 0xc)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21}, 0x10)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000000c0)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
syz_emit_ethernet(0x2a, &(0x7f00003f3fd5)={@broadcast, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0)

[  173.455936][ T7965] ==================================================================
[  173.464322][ T7965] BUG: KASAN: use-after-free in cma_check_port+0x8ce/0x8f0
[  173.471548][ T7965] Read of size 8 at addr ffff88808eea3548 by task syz-executor.4/7965
[  173.479695][ T7965] 
[  173.482051][ T7965] CPU: 1 PID: 7965 Comm: syz-executor.4 Not tainted 5.1.0-rc3-next-20190403 #17
[  173.491080][ T7965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  173.501149][ T7965] Call Trace:
[  173.504464][ T7965]  dump_stack+0x172/0x1f0
[  173.508823][ T7965]  ? cma_check_port+0x8ce/0x8f0
[  173.513693][ T7965]  print_address_description.cold+0x7c/0x20d
[  173.519685][ T7965]  ? cma_check_port+0x8ce/0x8f0
[  173.524541][ T7965]  ? cma_check_port+0x8ce/0x8f0
[  173.529393][ T7965]  kasan_report.cold+0x1b/0x40
[  173.529419][ T7965]  ? __xa_insert+0x1d0/0x2a0
[  173.529434][ T7965]  ? cma_check_port+0x8ce/0x8f0
[  173.529456][ T7965]  __asan_report_load8_noabort+0x14/0x20
[  173.529470][ T7965]  cma_check_port+0x8ce/0x8f0
[  173.529492][ T7965]  rdma_bind_addr+0x19c3/0x1f80
[  173.529508][ T7965]  ? lock_acquire+0x1ea/0x3f0
[  173.563564][ T7965]  ? ucma_get_ctx+0x82/0x160
[  173.568167][ T7965]  ? find_held_lock+0x35/0x130
[  173.572945][ T7965]  ? cma_ndev_work_handler+0x1c0/0x1c0
[  173.578425][ T7965]  ? lock_downgrade+0x880/0x880
[  173.583291][ T7965]  rdma_resolve_addr+0x437/0x21f0
[  173.588330][ T7965]  ? kasan_check_write+0x14/0x20
[  173.593279][ T7965]  ? __mutex_unlock_slowpath+0xf8/0x6b0
[  173.598832][ T7965]  ? lock_downgrade+0x880/0x880
[  173.603694][ T7965]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  173.609948][ T7965]  ? rdma_bind_addr+0x1f80/0x1f80
[  173.615001][ T7965]  ucma_resolve_ip+0x153/0x210
[  173.619777][ T7965]  ? ucma_resolve_ip+0x153/0x210
[  173.624726][ T7965]  ? ucma_query+0x820/0x820
[  173.629259][ T7965]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  173.636205][ T7965]  ? _copy_from_user+0xdd/0x150
[  173.641073][ T7965]  ucma_write+0x2da/0x3c0
[  173.645412][ T7965]  ? ucma_query+0x820/0x820
[  173.649924][ T7965]  ? ucma_open+0x290/0x290
[  173.654358][ T7965]  ? apparmor_file_permission+0x25/0x30
[  173.659915][ T7965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  173.666199][ T7965]  ? security_file_permission+0x94/0x380
[  173.671983][ T7965]  __vfs_write+0x8d/0x110
[  173.679793][ T7965]  ? ucma_open+0x290/0x290
[  173.679817][ T7965]  vfs_write+0x20c/0x580
[  173.679839][ T7965]  ksys_write+0xea/0x1f0
[  173.679857][ T7965]  ? __ia32_sys_read+0xb0/0xb0
[  173.679882][ T7965]  ? do_syscall_64+0x26/0x610
[  173.688516][ T7965]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  173.688539][ T7965]  ? do_syscall_64+0x26/0x610
[  173.712924][ T7965]  __x64_sys_write+0x73/0xb0
[  173.717531][ T7965]  do_syscall_64+0x103/0x610
[  173.722135][ T7965]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  173.728033][ T7965] RIP: 0033:0x4582b9
[  173.731933][ T7965] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  173.751571][ T7965] RSP: 002b:00007f4df9230c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  173.759989][ T7965] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  173.768457][ T7965] RDX: 0000000000000048 RSI: 00000000200001c0 RDI: 0000000000000006
[  173.776446][ T7965] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  173.784417][ T7965] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4df92316d4
[  173.792390][ T7965] R13: 00000000004ce188 R14: 00000000004dd8c8 R15: 00000000ffffffff
[  173.800385][ T7965] 
[  173.802716][ T7965] Allocated by task 7900:
[  173.807055][ T7965]  save_stack+0x45/0xd0
[  173.811233][ T7965]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  173.816867][ T7965]  kasan_kmalloc+0x9/0x10
[  173.816883][ T7965]  kmem_cache_alloc_trace+0x151/0x760
[  173.816900][ T7965]  cma_alloc_port+0x4f/0x1a0
[  173.816916][ T7965]  rdma_bind_addr+0x1bc0/0x1f80
[  173.816931][ T7965]  rdma_resolve_addr+0x437/0x21f0
[  173.816944][ T7965]  ucma_resolve_ip+0x153/0x210
[  173.816956][ T7965]  ucma_write+0x2da/0x3c0
[  173.816978][ T7965]  __vfs_write+0x8d/0x110
[  173.817002][ T7965]  vfs_write+0x20c/0x580
[  173.817015][ T7965]  ksys_write+0xea/0x1f0
[  173.826823][ T7965]  __x64_sys_write+0x73/0xb0
[  173.826841][ T7965]  do_syscall_64+0x103/0x610
[  173.826858][ T7965]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  173.826862][ T7965] 
[  173.826869][ T7965] Freed by task 7899:
[  173.826884][ T7965]  save_stack+0x45/0xd0
[  173.826899][ T7965]  __kasan_slab_free+0x102/0x150
[  173.826914][ T7965]  kasan_slab_free+0xe/0x10
[  173.826933][ T7965]  kfree+0xcf/0x230
[  173.900819][ T7935] hfs: can't find a HFS filesystem on dev loop1
[  173.901888][ T7965]  rdma_destroy_id+0x7fc/0xaa0
[  173.901904][ T7965]  ucma_close+0x115/0x320
[  173.901917][ T7965]  __fput+0x2e5/0x8d0
[  173.901928][ T7965]  ____fput+0x16/0x20
[  173.901946][ T7965]  task_work_run+0x14a/0x1c0
[  173.901963][ T7965]  exit_to_usermode_loop+0x273/0x2c0
[  173.901984][ T7965]  do_syscall_64+0x52d/0x610
[  173.902000][ T7965]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  173.902005][ T7965] 
[  173.902016][ T7965] The buggy address belongs to the object at ffff88808eea3540
[  173.902016][ T7965]  which belongs to the cache kmalloc-32 of size 32
[  173.902028][ T7965] The buggy address is located 8 bytes inside of
[  173.902028][ T7965]  32-byte region [ffff88808eea3540, ffff88808eea3560)
[  173.902033][ T7965] The buggy address belongs to the page:
[  173.902054][ T7965] page:ffffea00023ba8c0 count:1 mapcount:0 mapping:ffff88812c3f01c0 index:0xffff88808eea3fc1
[  173.902066][ T7965] flags: 0x1fffc0000000200(slab)
[  173.995497][ T7965] raw: 01fffc0000000200 ffffea0002a1cac8 ffffea000250ddc8 ffff88812c3f01c0
[  174.004085][ T7965] raw: ffff88808eea3fc1 ffff88808eea3000 000000010000003f 0000000000000000
[  174.012656][ T7965] page dumped because: kasan: bad access detected
[  174.019070][ T7965] 
[  174.021404][ T7965] Memory state around the buggy address:
[  174.027033][ T7965]  ffff88808eea3400: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  174.035088][ T7965]  ffff88808eea3480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  174.043144][ T7965] >ffff88808eea3500: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[  174.051194][ T7965]                                               ^
17:29:55 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
fallocate(r1, 0x0, 0x40000, 0xfff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1})
write$P9_RUNLINKAT(r0, &(0x7f00000001c0)={0x7}, 0x7)
setxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0)

[  174.057612][ T7965]  ffff88808eea3580: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[  174.065681][ T7965]  ffff88808eea3600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  174.073731][ T7965] ==================================================================
[  174.081778][ T7965] Disabling lock debugging due to kernel taint
[  174.153386][ T7965] Kernel panic - not syncing: panic_on_warn set ...
[  174.160021][ T7965] CPU: 1 PID: 7965 Comm: syz-executor.4 Tainted: G    B             5.1.0-rc3-next-20190403 #17
[  174.170424][ T7965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  174.180476][ T7965] Call Trace:
[  174.183768][ T7965]  dump_stack+0x172/0x1f0
[  174.188107][ T7965]  panic+0x2cb/0x65c
[  174.192003][ T7965]  ? __warn_printk+0xf3/0xf3
[  174.196592][ T7965]  ? cma_check_port+0x8ce/0x8f0
[  174.201451][ T7965]  ? preempt_schedule+0x4b/0x60
[  174.206300][ T7965]  ? ___preempt_schedule+0x16/0x18
[  174.211411][ T7965]  ? trace_hardirqs_on+0x5e/0x230
[  174.216433][ T7965]  ? cma_check_port+0x8ce/0x8f0
[  174.221289][ T7965]  end_report+0x47/0x4f
[  174.225442][ T7965]  ? cma_check_port+0x8ce/0x8f0
[  174.230286][ T7965]  kasan_report.cold+0xe/0x40
[  174.234956][ T7965]  ? __xa_insert+0x1d0/0x2a0
[  174.239543][ T7965]  ? cma_check_port+0x8ce/0x8f0
[  174.244390][ T7965]  __asan_report_load8_noabort+0x14/0x20
[  174.250025][ T7965]  cma_check_port+0x8ce/0x8f0
[  174.254700][ T7965]  rdma_bind_addr+0x19c3/0x1f80
[  174.259545][ T7965]  ? lock_acquire+0x1ea/0x3f0
[  174.264220][ T7965]  ? ucma_get_ctx+0x82/0x160
[  174.268801][ T7965]  ? find_held_lock+0x35/0x130
[  174.273559][ T7965]  ? cma_ndev_work_handler+0x1c0/0x1c0
[  174.279063][ T7965]  ? lock_downgrade+0x880/0x880
[  174.283926][ T7965]  rdma_resolve_addr+0x437/0x21f0
[  174.288962][ T7965]  ? kasan_check_write+0x14/0x20
[  174.293929][ T7965]  ? __mutex_unlock_slowpath+0xf8/0x6b0
[  174.299464][ T7965]  ? lock_downgrade+0x880/0x880
[  174.304309][ T7965]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  174.310547][ T7965]  ? rdma_bind_addr+0x1f80/0x1f80
[  174.315583][ T7965]  ucma_resolve_ip+0x153/0x210
[  174.320345][ T7965]  ? ucma_resolve_ip+0x153/0x210
[  174.325274][ T7965]  ? ucma_query+0x820/0x820
[  174.329775][ T7965]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  174.336052][ T7965]  ? _copy_from_user+0xdd/0x150
[  174.340895][ T7965]  ucma_write+0x2da/0x3c0
[  174.345235][ T7965]  ? ucma_query+0x820/0x820
[  174.349734][ T7965]  ? ucma_open+0x290/0x290
[  174.354144][ T7965]  ? apparmor_file_permission+0x25/0x30
[  174.359683][ T7965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  174.366090][ T7965]  ? security_file_permission+0x94/0x380
[  174.371719][ T7965]  __vfs_write+0x8d/0x110
[  174.376039][ T7965]  ? ucma_open+0x290/0x290
[  174.380453][ T7965]  vfs_write+0x20c/0x580
[  174.384701][ T7965]  ksys_write+0xea/0x1f0
[  174.388940][ T7965]  ? __ia32_sys_read+0xb0/0xb0
[  174.393724][ T7965]  ? do_syscall_64+0x26/0x610
[  174.398395][ T7965]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  174.404468][ T7965]  ? do_syscall_64+0x26/0x610
[  174.409144][ T7965]  __x64_sys_write+0x73/0xb0
[  174.413733][ T7965]  do_syscall_64+0x103/0x610
[  174.418319][ T7965]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  174.424208][ T7965] RIP: 0033:0x4582b9
[  174.428107][ T7965] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  174.447720][ T7965] RSP: 002b:00007f4df9230c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  174.456127][ T7965] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004582b9
[  174.464119][ T7965] RDX: 0000000000000048 RSI: 00000000200001c0 RDI: 0000000000000006
[  174.472077][ T7965] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  174.480040][ T7965] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4df92316d4
[  174.488006][ T7965] R13: 00000000004ce188 R14: 00000000004dd8c8 R15: 00000000ffffffff
[  174.496740][ T7965] Kernel Offset: disabled
[  174.501062][ T7965] Rebooting in 86400 seconds..