[ 76.363373] audit: type=1800 audit(1544188405.387:27): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 78.610199] kauditd_printk_skb: 1 callbacks suppressed [ 78.610227] audit: type=1800 audit(1544188407.657:29): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 78.635167] audit: type=1800 audit(1544188407.667:30): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. 2018/12/07 13:13:40 fuzzer started 2018/12/07 13:13:46 dialing manager at 10.128.0.26:45691 2018/12/07 13:13:46 syscalls: 1 2018/12/07 13:13:46 code coverage: enabled 2018/12/07 13:13:46 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/07 13:13:46 setuid sandbox: enabled 2018/12/07 13:13:46 namespace sandbox: enabled 2018/12/07 13:13:46 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/07 13:13:46 fault injection: enabled 2018/12/07 13:13:46 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/07 13:13:46 net packet injection: enabled 2018/12/07 13:13:46 net device setup: enabled 13:17:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getdents64(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syzkaller login: [ 316.220671] IPVS: ftp: loaded support on port[0] = 21 [ 318.748733] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.755402] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.764757] device bridge_slave_0 entered promiscuous mode [ 318.909829] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.916492] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.925740] device bridge_slave_1 entered promiscuous mode [ 319.069660] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 319.210821] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 319.658755] bond0: Enslaving bond_slave_0 as an active interface with an up link 13:17:28 executing program 1: clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x10001) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) getrandom(&(0x7f0000000080)=""/44, 0xfd30, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000040)='u', 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000001c0), &(0x7f00000002c0)=[&(0x7f0000000100)='u', &(0x7f0000000140)='/ppp0keyring*vboxnet1$/\\ppp0}\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='u', &(0x7f0000000240)='\'ppp0\x00', &(0x7f0000000280)='-@'], 0x1000) exit_group(0x0) [ 319.809337] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 320.350153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 320.357446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 320.492414] IPVS: ftp: loaded support on port[0] = 21 [ 321.143784] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 321.153314] team0: Port device team_slave_0 added [ 321.351754] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 321.360892] team0: Port device team_slave_1 added [ 321.520053] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 321.527320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 321.537290] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 321.740970] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 321.748406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 321.758322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 321.948666] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 321.956740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 321.966702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 322.259086] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 322.267007] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 322.276743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 324.517611] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.524401] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.533603] device bridge_slave_0 entered promiscuous mode [ 324.700347] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.707075] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.716569] device bridge_slave_1 entered promiscuous mode [ 324.809276] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.816117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 324.823552] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.830178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.840561] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 324.990114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 325.200945] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 325.623488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 325.941968] bond0: Enslaving bond_slave_0 as an active interface with an up link 13:17:35 executing program 2: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x0, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x7003, 0x0) preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/116, 0x74}], 0x1, 0x0) [ 326.256699] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 326.608653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 326.625218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 326.933432] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 326.940526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 327.081856] IPVS: ftp: loaded support on port[0] = 21 [ 327.905695] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 327.915024] team0: Port device team_slave_0 added [ 328.125283] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 328.134493] team0: Port device team_slave_1 added [ 328.424055] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 328.431405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 328.441176] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 328.677818] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 328.685130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 328.694899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 328.899590] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 328.907638] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 328.917510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.245556] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 329.253600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.263950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 332.383163] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.389764] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.399118] device bridge_slave_0 entered promiscuous mode [ 332.503004] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.509635] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.516941] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.523590] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.533741] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 332.660555] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.667217] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.676359] device bridge_slave_1 entered promiscuous mode [ 332.743412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 332.887772] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 333.203371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 333.899116] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 334.254326] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 334.527665] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 334.534947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 334.836880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 334.844091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 13:17:44 executing program 3: clone(0xfffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000000)=0x3, 0x4) [ 335.923952] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 335.932901] team0: Port device team_slave_0 added [ 336.166514] IPVS: ftp: loaded support on port[0] = 21 [ 336.325718] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 336.335022] team0: Port device team_slave_1 added [ 336.601626] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 336.608844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 336.618449] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 336.994919] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 337.001994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 337.011439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 337.280110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 337.368671] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 337.376601] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 337.386261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 337.690718] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 337.698692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 337.709307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 338.637432] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 339.944732] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 339.951183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 339.959868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 341.274953] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.845157] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.851763] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.859110] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.865796] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.875825] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 341.964582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 342.548813] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.555583] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.564854] device bridge_slave_0 entered promiscuous mode [ 343.056326] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.062915] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.072219] device bridge_slave_1 entered promiscuous mode [ 343.471040] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 343.820508] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 344.875741] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 345.258359] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 345.680790] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 345.688097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 346.080713] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 346.088025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 13:17:55 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x200000000000011, 0x4000000000080002, 0xdd86) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ip6_vti0\x00', 0x0}) bind$packet(r1, &(0x7f00000001c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) write(r1, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) [ 347.150849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.230946] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 347.240306] team0: Port device team_slave_0 added [ 347.630361] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 347.639635] team0: Port device team_slave_1 added [ 348.117613] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 348.124874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 348.134447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 348.166177] IPVS: ftp: loaded support on port[0] = 21 [ 348.610353] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 348.617622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 348.627223] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 348.807067] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 349.033363] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 349.041151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 349.050703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 349.445328] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 349.453334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 349.462851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 350.547395] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 350.553915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 350.562076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 13:17:59 executing program 0: r0 = inotify_init() creat(&(0x7f0000000240)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x2a) inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x228) 13:18:00 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) mmap$perf(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x0, 0x810, r0, 0x0) 13:18:00 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket(0x1e, 0x5, 0x0) bind(r1, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) bind(r1, &(0x7f0000afb000)=@generic={0x1e, "01030000000000b9000000004700000000a979f321b30c7bc8790405c7bad62e0a63a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb3151d24acef1f1622ca5bdb9c8ea31000077aeb81c90001d6d7c980400000000f70dc136cb184a"}, 0x80) socket$pppoe(0x18, 0x1, 0x0) r2 = socket(0x1e, 0x5, 0x0) sendmsg(r2, &(0x7f0000316000)={&(0x7f0000dd7000)=@generic={0x10000000001e, "010000000000000000000001e526cc573c5bf86c483724c71e14dd6a739effea1b48006be61ffe06d79f00000000000000076c3f010039d8f986ff03000000000000af50d5fe32c419d67bcbc7e3ad316a198356ed0008341c1fd45624281e27800ece70b076cf979ac40000bd767e2e78a1dfd300981a1565b3b16d7436"}, 0x80, 0x0}, 0x0) 13:18:01 executing program 0: unshare(0x20400) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) [ 352.284720] 8021q: adding VLAN 0 to HW filter on device team0 13:18:01 executing program 0: unshare(0x20400) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) 13:18:02 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x2) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@loopback, 0x3, 0x0, 0xff, 0xa, 0x4, 0x100000000, 0x10}, &(0x7f0000000100)=0x20) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @mcast2}, 0x3) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000140)=0xf, 0x4) preadv(r1, &(0x7f0000000180)=[{&(0x7f0000000080)=""/60, 0x3c}], 0x1, 0x134) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f00000001c0)={0x0, 0xcb, "51d152483fe85f2584db2569ec25fa61e38803040f911abc1e4468d7bf19e9ceb0faeec8925717c561671cda56ea272594e36cd97c955abd3b23426b98321f57b38130d08156a0e40777835e7762e50ba7000b4549bc85a4d7bddb46f81f7441b2bd485e3bc67cd83ff3836d89ef6fe43def2f6d5f4b706c65ab53c1351c60d45b7412a3314f83b9c4149682d314413996e657bc68848baaa407f765a54a9683c1c9ffa8a3a20657b310d345bf2eddfaa0ea016add0a020ae17d696cd4f4db266b62938a85e16788daa29e"}, &(0x7f00000002c0)=0xd3) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000300)={r2, 0x7d88}, &(0x7f0000000380)=0x8) 13:18:02 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc040564a, &(0x7f00000000c0)={0x0, 0x0, {0x3008}}) fcntl$setpipe(r0, 0x407, 0x20) ioctl$VIDIOC_QUERYSTD(r0, 0x8008563f, &(0x7f0000000000)=0x0) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000080)=r1) fstat(r0, &(0x7f0000000140)) 13:18:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) unshare(0x400) syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x1ff, 0x2) getsockopt$netlink(r0, 0x10e, 0xb, &(0x7f0000000180)=""/4, &(0x7f0000000000)=0x358a5c3375ca9c2f) [ 354.451714] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.458460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.465900] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.472514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.482103] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 354.723263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 355.945488] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.952078] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.961408] device bridge_slave_0 entered promiscuous mode [ 356.395272] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.401835] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.411214] device bridge_slave_1 entered promiscuous mode [ 356.730698] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 357.031396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 358.106768] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 358.249326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 358.506273] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 358.850033] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 358.857209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 359.149091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 359.156483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 359.414386] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 359.879364] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 359.888494] team0: Port device team_slave_0 added [ 360.120710] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 360.130206] team0: Port device team_slave_1 added [ 360.421550] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 360.428816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 360.438337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 360.546719] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 360.553209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 360.561433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 13:18:09 executing program 1: clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x2102001fec, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x10001) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) getrandom(&(0x7f0000000080)=""/44, 0xfd30, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000040)='u', 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000001c0), &(0x7f00000002c0)=[&(0x7f0000000100)='u', &(0x7f0000000140)='/ppp0keyring*vboxnet1$/\\ppp0}\x00', &(0x7f0000000180)='\x00', &(0x7f00000001c0)='u', &(0x7f0000000240)='\'ppp0\x00', &(0x7f0000000280)='-@'], 0x1000) exit_group(0x0) [ 360.739815] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 360.750292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 360.759893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 361.032435] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 361.040373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 361.050057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 361.301184] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 361.309331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 361.318735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 361.509264] 8021q: adding VLAN 0 to HW filter on device team0 [ 363.680958] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.687690] bridge0: port 2(bridge_slave_1) entered forwarding state [ 363.695025] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.701639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 363.711133] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 363.718112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 365.817107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 366.493744] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 367.111905] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 367.118469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 367.126785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 13:18:16 executing program 2: [ 367.816926] 8021q: adding VLAN 0 to HW filter on device team0 [ 370.559746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.050916] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 13:18:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000300)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) setsockopt$sock_int(r0, 0x1, 0x20000000000008, &(0x7f0000000140), 0x4) mq_notify(0xffffffffffffffff, &(0x7f0000000040)={0x20000000, 0x1000000003, 0x2}) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) r1 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000016) [ 371.547115] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 371.553616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 371.561819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 371.938514] 8021q: adding VLAN 0 to HW filter on device team0 [ 373.884400] ================================================================== [ 373.891873] BUG: KMSAN: uninit-value in vti6_tnl_xmit+0x521/0x2960 [ 373.898209] CPU: 1 PID: 8291 Comm: syz-executor4 Not tainted 4.20.0-rc5+ #110 [ 373.905482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 373.914839] Call Trace: [ 373.917458] dump_stack+0x32d/0x480 [ 373.921095] ? vti6_tnl_xmit+0x521/0x2960 [ 373.925267] kmsan_report+0x12d/0x290 [ 373.929109] __msan_warning+0x76/0xc0 [ 373.932965] vti6_tnl_xmit+0x521/0x2960 [ 373.936987] ? __msan_poison_alloca+0x1e0/0x270 [ 373.941715] ? validate_xmit_xfrm+0x99/0x14e0 [ 373.946263] ? __msan_poison_alloca+0x1e0/0x270 [ 373.950982] ? vti6_dev_uninit+0x670/0x670 [ 373.955253] dev_hard_start_xmit+0x6dc/0xde0 [ 373.959738] __dev_queue_xmit+0x2d9e/0x3e00 [ 373.964151] dev_queue_xmit+0x4b/0x60 [ 373.967986] ? __netdev_pick_tx+0x14c0/0x14c0 [ 373.972512] packet_sendmsg+0x8563/0x9240 [ 373.976696] ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70 [ 373.982177] ? kmsan_memcpy_metadata+0xb/0x10 [ 373.986717] ? sock_write_iter+0x102/0x4f0 [ 373.990981] ? __se_sys_write+0x17a/0x370 [ 373.995159] ? do_syscall_64+0xcd/0x110 [ 373.999185] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 374.004588] ? drop_futex_key_refs+0x209/0x340 [ 374.009226] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 374.014693] ? compat_packet_setsockopt+0x360/0x360 [ 374.019744] sock_write_iter+0x3f4/0x4f0 [ 374.023871] ? sock_read_iter+0x4e0/0x4e0 [ 374.028058] __vfs_write+0x888/0xb80 [ 374.031852] vfs_write+0x4b4/0x900 [ 374.035475] __se_sys_write+0x17a/0x370 [ 374.039524] __x64_sys_write+0x4a/0x70 [ 374.043465] do_syscall_64+0xcd/0x110 [ 374.047305] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 374.052519] RIP: 0033:0x457569 [ 374.055745] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 374.074669] RSP: 002b:00007ff071e24c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 374.082406] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 374.089722] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 374.097228] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 374.104523] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff071e256d4 [ 374.111814] R13: 00000000004c2bb4 R14: 00000000004d9440 R15: 00000000ffffffff [ 374.119126] [ 374.120768] Uninit was created at: [ 374.124340] kmsan_internal_poison_shadow+0x92/0x150 [ 374.129481] kmsan_kmalloc+0xa1/0x100 [ 374.133305] kmsan_slab_alloc+0xe/0x10 [ 374.137225] __kmalloc_node_track_caller+0x100e/0x1360 [ 374.142529] __alloc_skb+0x42b/0xeb0 [ 374.146270] alloc_skb_with_frags+0x1c9/0xa80 [ 374.150788] sock_alloc_send_pskb+0xde3/0x13f0 [ 374.155394] packet_sendmsg+0x6748/0x9240 [ 374.159587] sock_write_iter+0x3f4/0x4f0 [ 374.163676] __vfs_write+0x888/0xb80 [ 374.167415] vfs_write+0x4b4/0x900 [ 374.171009] __se_sys_write+0x17a/0x370 [ 374.175009] __x64_sys_write+0x4a/0x70 [ 374.178918] do_syscall_64+0xcd/0x110 [ 374.182742] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 374.187943] ================================================================== [ 374.195319] Disabling lock debugging due to kernel taint [ 374.200788] Kernel panic - not syncing: panic_on_warn set ... [ 374.206704] CPU: 1 PID: 8291 Comm: syz-executor4 Tainted: G B 4.20.0-rc5+ #110 [ 374.215389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 374.225408] Call Trace: [ 374.228062] dump_stack+0x32d/0x480 [ 374.231743] panic+0x5db/0xbb8 [ 374.235044] kmsan_report+0x290/0x290 [ 374.238901] __msan_warning+0x76/0xc0 [ 374.242747] vti6_tnl_xmit+0x521/0x2960 [ 374.246759] ? __msan_poison_alloca+0x1e0/0x270 [ 374.251490] ? validate_xmit_xfrm+0x99/0x14e0 [ 374.256031] ? __msan_poison_alloca+0x1e0/0x270 [ 374.260754] ? vti6_dev_uninit+0x670/0x670 [ 374.265025] dev_hard_start_xmit+0x6dc/0xde0 [ 374.269526] __dev_queue_xmit+0x2d9e/0x3e00 [ 374.273938] dev_queue_xmit+0x4b/0x60 [ 374.277772] ? __netdev_pick_tx+0x14c0/0x14c0 [ 374.282295] packet_sendmsg+0x8563/0x9240 [ 374.286497] ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70 [ 374.291979] ? kmsan_memcpy_metadata+0xb/0x10 [ 374.296506] ? sock_write_iter+0x102/0x4f0 [ 374.300771] ? __se_sys_write+0x17a/0x370 [ 374.304946] ? do_syscall_64+0xcd/0x110 [ 374.308975] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 374.314386] ? drop_futex_key_refs+0x209/0x340 [ 374.319042] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 374.324527] ? compat_packet_setsockopt+0x360/0x360 [ 374.329576] sock_write_iter+0x3f4/0x4f0 [ 374.333695] ? sock_read_iter+0x4e0/0x4e0 [ 374.337871] __vfs_write+0x888/0xb80 [ 374.341660] vfs_write+0x4b4/0x900 [ 374.345267] __se_sys_write+0x17a/0x370 [ 374.349305] __x64_sys_write+0x4a/0x70 [ 374.353226] do_syscall_64+0xcd/0x110 [ 374.357061] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 374.362271] RIP: 0033:0x457569 [ 374.365494] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 374.384416] RSP: 002b:00007ff071e24c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 374.392170] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 374.399478] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 374.406769] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 374.414064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff071e256d4 [ 374.421355] R13: 00000000004c2bb4 R14: 00000000004d9440 R15: 00000000ffffffff [ 374.429962] Kernel Offset: disabled [ 374.433610] Rebooting in 86400 seconds..