Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts. 2018/11/11 01:07:51 fuzzer started 2018/11/11 01:07:55 dialing manager at 10.128.0.26:36043 2018/11/11 01:07:55 syscalls: 1 2018/11/11 01:07:55 code coverage: enabled 2018/11/11 01:07:55 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/11 01:07:55 setuid sandbox: enabled 2018/11/11 01:07:55 namespace sandbox: enabled 2018/11/11 01:07:55 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/11 01:07:55 fault injection: enabled 2018/11/11 01:07:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/11 01:07:55 net packed injection: enabled 2018/11/11 01:07:55 net device setup: enabled 01:10:40 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00') bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)={&(0x7f0000000040)='./file0\x00', r1}, 0x10) writev(r1, &(0x7f0000000080), 0x1a6) syzkaller login: [ 253.945729] IPVS: ftp: loaded support on port[0] = 21 [ 256.335142] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.341793] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.350546] device bridge_slave_0 entered promiscuous mode [ 256.510043] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.516715] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.525561] device bridge_slave_1 entered promiscuous mode [ 256.665311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 256.804210] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 257.240770] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 257.384490] bond0: Enslaving bond_slave_1 as an active interface with an up link 01:10:44 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x400000000005, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000100)) socket$kcm(0x2, 0x3, 0x2) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000340), 0x4) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000380)="6e7230010060a19ef9d2c623d9a1571cb9e1369bcd61ef7e49793ae18712eceb1daa769497800b7fbbd35b170c10751d39aeb660d863e49b8c4f3b3cad48902b5b2d6cfd0abd372c63bcf5d70df3fd4d2e8d443c88c60fd7140fbc0e5637dd82fc3435bed4de5d693c9a781c863e05d8a6f8689a5be29216061f3ff53f8b6b396678e7ba155ef9152d7e43b1eccb2331eb8eb1ed5586dcf8b3b0b999361a44ff2c22c2abbef42dd24eabe6723346a6e46c0499a21442d8d00dcb57f013ff7595edd0ff076930de3675d34117a44eb0e4f832936da44e") r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={"6e72300100", 0x801}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000740)='%cpusetcgroupsystem.mime_typevboxnet1-^user\x00'}, 0x30) ioctl$TUNSETLINK(r1, 0x400454cd, 0x2000000000018) getpid() perf_event_open(&(0x7f0000000540)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x401, 0x0, 0x0, 0x0, 0x0, 0x87b, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000500), 0xa}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 257.664498] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 257.671542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 258.304819] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 258.313352] team0: Port device team_slave_0 added [ 258.390569] IPVS: ftp: loaded support on port[0] = 21 [ 258.607754] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 258.616049] team0: Port device team_slave_1 added [ 258.874580] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 258.881811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 258.890789] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 259.066614] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 259.073887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 259.082993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 259.316671] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 259.324566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 259.333922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 259.597033] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 259.604829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 259.614191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 262.168177] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.174762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.182030] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.188496] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.197504] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 262.324505] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.331015] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.339827] device bridge_slave_0 entered promiscuous mode [ 262.555627] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.562413] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.571065] device bridge_slave_1 entered promiscuous mode [ 262.817046] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 263.010563] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 263.133120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 01:10:50 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000000)={0x6, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x165) [ 263.667912] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 263.929029] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 264.225334] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 264.232642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 264.509126] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 264.516302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 264.752721] IPVS: ftp: loaded support on port[0] = 21 [ 265.260688] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 265.268890] team0: Port device team_slave_0 added [ 265.571356] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 265.579659] team0: Port device team_slave_1 added [ 265.849520] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 265.856753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 265.865804] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 266.171804] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 266.178918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 266.188022] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 266.477618] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 266.485517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 266.494496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 266.770425] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 266.778223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 266.787545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 269.288030] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.294710] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.303452] device bridge_slave_0 entered promiscuous mode [ 269.498161] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.504892] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.513822] device bridge_slave_1 entered promiscuous mode [ 269.846076] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 270.079816] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.086401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.093473] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.099963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 270.109044] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 270.160960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 270.972651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 271.065165] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 271.357492] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 271.615719] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 271.623391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 271.937123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 271.944459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 272.726085] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 272.734773] team0: Port device team_slave_0 added 01:11:00 executing program 3: getsockname(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000080)=0x80) connect$vsock_dgram(r0, &(0x7f0000000340)={0x28, 0x0, 0x0, @hyper}, 0xfffffce3) bind$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f00004aaffc), 0x4) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x4000000000000001, 0x0, &(0x7f0000000040)) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f0000000380)={0x1000, 0x93}) ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f0000000280)) [ 273.065707] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 273.073909] team0: Port device team_slave_1 added [ 273.408111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 273.415394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 273.424519] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 273.732569] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 273.739784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 273.749209] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 274.126346] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 274.134142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 274.143246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 274.310598] IPVS: ftp: loaded support on port[0] = 21 [ 274.429632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.518158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 274.526010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 274.535001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 275.708359] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 277.051580] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 277.058149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 277.066383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 278.465009] 8021q: adding VLAN 0 to HW filter on device team0 [ 278.593687] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.600184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 278.607272] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.613835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 278.622751] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 279.373126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 280.180374] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.187107] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.195876] device bridge_slave_0 entered promiscuous mode [ 280.617743] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.624465] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.633214] device bridge_slave_1 entered promiscuous mode [ 281.002376] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 281.273083] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 282.269657] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 282.607549] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 282.960463] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 282.967842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 283.297112] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 283.304345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 01:11:10 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={"007f030000000000010000000200", 0x102}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x20, 0x10, 0xc362e63b3f31ba5f}, 0x20}}, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454d4, &(0x7f0000000040)) [ 283.886223] 8021q: adding VLAN 0 to HW filter on device bond0 [ 284.522959] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 284.531045] team0: Port device team_slave_0 added [ 284.915538] IPVS: ftp: loaded support on port[0] = 21 [ 284.940476] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 284.948800] team0: Port device team_slave_1 added [ 285.406275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 285.413566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 285.422690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 285.526062] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 285.859651] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 285.867039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 285.875824] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 286.251226] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 286.259730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.268885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 286.666449] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 286.674294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 286.683634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 287.108095] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 287.114684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 287.123038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:11:14 executing program 0: socket$inet6(0xa, 0x4000400000000001, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={"007f030000000000010000000200", 0x102}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454de, &(0x7f0000000040)) [ 287.910925] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 287.917933] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 288.247351] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 01:11:15 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x8000, 0x0) ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000100)=0xb1) r2 = epoll_create1(0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x6) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080)) [ 288.961167] 8021q: adding VLAN 0 to HW filter on device team0 01:11:16 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000640)=ANY=[], &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000900)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) times(&(0x7f0000000400)) 01:11:16 executing program 0: setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000780)=ANY=[@ANYPTR64=&(0x7f0000000800)=ANY=[@ANYRES64, @ANYRES64]], 0x1) r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f00000002c0)="915d211449ff1e14e0712b57df91115e760e58fa919c33464ccac7838b7fcc5a05e0bdbbad534473ac4e6ec0fb66d2a4e67d7dc1885a25ee8af1f39a9f74b9da31241abf33dc8292adb3a25a7e6abcbaf057a3d768d458f6743b69a01ff0f76387903672f1e97942004fc0ec0769109aa1544ed093c4fa9dcd66099c2f54dfbb79f11681335e1982bceca5fa1771fda3a4", 0x91, 0x0) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000340), 0x584, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r1, r1}, &(0x7f0000000140)=""/83, 0x53, &(0x7f00000001c0)={&(0x7f0000000040)={'crct10dif\x00'}, &(0x7f00000001c0)}) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000500)='/dev/vga_arbiter\x00', 0x1, 0x0) r2 = add_key(&(0x7f0000000400)='big_key\x00', &(0x7f0000000440)={'syz', 0x1}, &(0x7f0000000480)="9947345a3ec4abd7ff255e3e39023888233f869e9b702200fa5b347c25a4c9f5b5d4a6e7e20fdb967d364cf43d6fef19215c14b9926e7d8996a6a1cfd7993df5243904e3cfa560abc2b7f2a3b17dc1974c9e9254e4c1aac4ae4399be99e8960b1e", 0x61, 0xfffffffffffffff8) add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz', 0x1}, 0x0, 0x0, r2) 01:11:17 executing program 0: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000002fc8)={&(0x7f0000000000)=@nl=@kern={0x10, 0x600}, 0x80, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5f00fe01b2a4a280930a06000000a84306910000003900090035000c00060000001900150003000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1, &(0x7f0000000400)}, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x3, 0x8000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000180)={0xffffffffffffffff}, 0x106, 0x100b}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000200)={0x14, 0x88, 0xfa00, {r2, 0x3c, 0x0, @in6={0xa, 0x4e21, 0x8, @remote, 0xfffffffffffffffb}}}, 0x90) r3 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0xfffffffffffff000, 0x2000) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x40485404, &(0x7f00000000c0)={{0x3, 0x3, 0x8}, 0x8000, 0x1}) [ 290.412250] netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. [ 290.449551] netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'. 01:11:17 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x10000, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="bad004b8c0abef2e360f0966b9cc0a00000f3266b8010000000f01c12e0f22420fc7a814590fc72d650f00d1670fae0af30f209c", 0x34}], 0x1, 0x0, &(0x7f0000000100), 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f00000003c0)="66b8410000000f23c80f21f86635080040000f23f8ba4300edf390baf80c66b8186f4a8666efbafc0c66b88d3f000066ef66b9e402000066b80080000066ba000000000f3066b9760100000f32b800008ec00f01c90f2202f3650f011b", 0x5d}], 0x0, 0x0, &(0x7f0000000640), 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 290.913126] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 01:11:18 executing program 0: r0 = socket(0xa, 0x200000000080002, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x2) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0x9}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={r2, 0x9}, 0x8) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x1}) setsockopt$inet_buf(r0, 0x0, 0x13, &(0x7f0000000040), 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x4, 0x129080) 01:11:18 executing program 0: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080)={0x10000}, 0x1) unshare(0x400) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x4, @multicast1, 0x4e20, 0x3, 'lblcr\x00', 0x3, 0xfffffffffffffffb, 0x7d}, {@rand_addr=0xfffffffffffffffc, 0x4e24, 0x1, 0x2, 0x4131e24e}}, 0x44) rt_sigreturn() fallocate(r0, 0x0, 0x0, 0x9) [ 291.953602] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.960119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.967205] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.973777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.982458] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 292.005584] PANIC: double fault, error_code: 0x0 [ 292.010431] CPU: 1 PID: 7512 Comm: syz-executor0 Not tainted 4.19.0+ #82 [ 292.017310] ================================================================== [ 292.024719] BUG: KMSAN: uninit-value in irq_work_claim+0x153/0x390 [ 292.031071] CPU: 1 PID: 7512 Comm: syz-executor0 Not tainted 4.19.0+ #82 [ 292.037926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.047306] Call Trace: [ 292.049905] <#DF> [ 292.052083] dump_stack+0x32d/0x480 [ 292.055736] ? irq_work_claim+0x153/0x390 [ 292.059931] kmsan_report+0x19f/0x300 [ 292.063773] kmsan_internal_check_memory+0x35f/0x450 [ 292.068907] ? __msan_poison_alloca+0x1e0/0x2b0 [ 292.073620] kmsan_check_memory+0xd/0x10 [ 292.077705] irq_work_claim+0x153/0x390 [ 292.081722] irq_work_queue+0x44/0x280 [ 292.085646] vprintk_emit+0x693/0x790 [ 292.089503] vprintk_default+0x90/0xa0 [ 292.093418] vprintk_func+0x26b/0x2a0 [ 292.097255] printk+0x1a3/0x1f0 [ 292.100623] dump_stack_print_info+0x2c4/0x3c0 [ 292.105260] show_regs_print_info+0x37/0x40 [ 292.109619] show_regs+0x38/0x170 [ 292.113105] df_debug+0x86/0xb0 [ 292.116418] do_double_fault+0x362/0x480 [ 292.120530] double_fault+0x1e/0x30 [ 292.124201] RIP: 0010:kmsan_get_origin_address+0xa/0x370 [ 292.129677] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78 [ 292.148603] RSP: 0018:fffffe000003d000 EFLAGS: 00010086 [ 292.153993] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001 [ 292.161295] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150 [ 292.168589] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000 [ 292.176381] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088 [ 292.183674] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8 [ 292.190983] [ 292.193237] [ 292.196558] kmsan_memmove_origins+0xbd/0x1d0 [ 292.201093] ? kmsan_memmove_shadow+0xad/0xe0 [ 292.205625] __msan_memmove+0x6c/0x80 [ 292.209461] fixup_bad_iret+0x9b/0x130 [ 292.213395] error_entry+0xad/0xc0 [ 292.216951] RIP: 0000: (null) [ 292.220878] Code: Bad RIP value. [ 292.224266] RSP: a3fb7f:00007f1e101679c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 292.232184] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c [ 292.239469] RDX: 734efe98a4100600 RSI: 0000000000000000 RDI: 0000000000000000 [ 292.246760] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 292.254053] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 292.261341] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 292.268650] ? general_protection+0x8/0x30 [ 292.272915] ? general_protection+0x8/0x30 [ 292.277182] [ 292.280554] [ 292.282197] Local variable description: ----__ai_ptr@irq_work_claim [ 292.288612] Variable was created at: [ 292.292351] irq_work_claim+0x4b/0x390 [ 292.296265] irq_work_queue+0x44/0x280 [ 292.300153] [ 292.301790] Byte 7 of 8 is uninitialized [ 292.305865] Memory access of size 8 starts at fffffe0000045a38 [ 292.311851] ================================================================== [ 292.319220] Disabling lock debugging due to kernel taint [ 292.324686] Kernel panic - not syncing: panic_on_warn set ... [ 292.324686] [ 292.332086] CPU: 1 PID: 7512 Comm: syz-executor0 Tainted: G B 4.19.0+ #82 [ 292.340329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.349704] Call Trace: [ 292.352307] <#DF> [ 292.354494] dump_stack+0x32d/0x480 [ 292.358173] panic+0x57e/0xb28 [ 292.361448] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 292.366937] kmsan_report+0x300/0x300 [ 292.370778] kmsan_internal_check_memory+0x35f/0x450 [ 292.375921] ? __msan_poison_alloca+0x1e0/0x2b0 [ 292.380639] kmsan_check_memory+0xd/0x10 [ 292.384729] irq_work_claim+0x153/0x390 [ 292.388753] irq_work_queue+0x44/0x280 [ 292.392678] vprintk_emit+0x693/0x790 [ 292.396534] vprintk_default+0x90/0xa0 [ 292.400459] vprintk_func+0x26b/0x2a0 [ 292.404306] printk+0x1a3/0x1f0 [ 292.407662] dump_stack_print_info+0x2c4/0x3c0 [ 292.412291] show_regs_print_info+0x37/0x40 [ 292.416649] show_regs+0x38/0x170 [ 292.420134] df_debug+0x86/0xb0 [ 292.423442] do_double_fault+0x362/0x480 [ 292.427544] double_fault+0x1e/0x30 [ 292.431197] RIP: 0010:kmsan_get_origin_address+0xa/0x370 [ 292.436666] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78 [ 292.455589] RSP: 0018:fffffe000003d000 EFLAGS: 00010086 [ 292.460983] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001 [ 292.468268] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150 [ 292.475570] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000 [ 292.482867] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088 [ 292.490165] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8 [ 292.497477] [ 292.499726] [ 292.503044] kmsan_memmove_origins+0xbd/0x1d0 [ 292.507572] ? kmsan_memmove_shadow+0xad/0xe0 [ 292.512100] __msan_memmove+0x6c/0x80 [ 292.515926] fixup_bad_iret+0x9b/0x130 [ 292.519841] error_entry+0xad/0xc0 [ 292.523404] RIP: 0000: (null) [ 292.527328] Code: Bad RIP value. [ 292.530713] RSP: a3fb7f:00007f1e101679c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 292.538618] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c [ 292.545904] RDX: 734efe98a4100600 RSI: 0000000000000000 RDI: 0000000000000000 [ 292.553189] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 292.560475] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 292.567759] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 292.575056] ? general_protection+0x8/0x30 [ 292.579319] ? general_protection+0x8/0x30 [ 292.583595] [ 292.587963] Kernel Offset: disabled [ 292.591609] Rebooting in 86400 seconds..