[ 55.265830] audit: type=1800 audit(1539110620.297:27): pid=5978 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 56.842754] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.420207] random: sshd: uninitialized urandom read (32 bytes read) [ 61.830403] random: sshd: uninitialized urandom read (32 bytes read) [ 64.214889] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. [ 70.150428] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/09 18:43:57 fuzzer started [ 74.645583] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/09 18:44:01 dialing manager at 10.128.0.26:44001 2018/10/09 18:44:01 syscalls: 1 2018/10/09 18:44:01 code coverage: enabled 2018/10/09 18:44:01 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/09 18:44:01 setuid sandbox: enabled 2018/10/09 18:44:01 namespace sandbox: enabled 2018/10/09 18:44:01 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/09 18:44:01 fault injection: enabled 2018/10/09 18:44:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/09 18:44:01 net packed injection: enabled 2018/10/09 18:44:01 net device setup: enabled [ 78.767434] random: crng init done 18:45:53 executing program 0: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x10400, 0x0) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f00000006c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x802, 0x0) r2 = socket(0x0, 0x801, 0x1) vmsplice(r1, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1, 0x2) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f00000001c0)) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={"7465616d30001000", 0xffffffffffbfdffc}) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000300)) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, &(0x7f0000000280)) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000100)={{0x2, 0x3, 0xffffffffffff09b9, 0x0, 0x3}, 0x101, 0x0, 0x80}) getpid() fcntl$getown(0xffffffffffffffff, 0x9) getpid() recvfrom(r2, &(0x7f00000007c0)=""/123, 0x7b, 0x10102, &(0x7f0000000840)=@vsock={0x28, 0x0, 0x2710, @my=0x1}, 0x80) fcntl$setpipe(r1, 0x407, 0x0) r3 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x0, 0x100) ioctl$SNDRV_TIMER_IOCTL_INFO(r3, 0x80e05411, &(0x7f0000000340)=""/253) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000440)={{{@in=@rand_addr, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000680)=0xfffffffffffffecc) setsockopt$packet_drop_memb(r3, 0x107, 0x2, &(0x7f0000000200)={r4, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) getsockname$packet(r1, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000005c0)=0x14) write$binfmt_script(r3, &(0x7f00000009c0)=ANY=[@ANYBLOB="2321202e2f66696c6530202f6465762f7663732300206d696d655f747970650ac15bacf15cd73024c4c2885eac792f8a9644feee579472c774f1af8687f947f35bc24ae7e2c3141682e4f5417e33677058583993b45278e8147acf69abc5f7b128f272a23cbb30cb6b4d1578de83125550f5a43e76eabfabbff9198645b391613c9dd23bcd07c361d176fc52ca1cf4cb167c2abe147ca97406d4fa0b186150ad8822cc69be9ee216d5afdb6fb393717746ec30f81e9a17bd5aebf2f90c8a5bb0e77fd3a847dff56aea78951383ad7d5e027685708517d690295e3c5c13edd41d383caeb3608f73abc73a0753cb77bd6a61380a8b0749bbe1ae44fa3ef0767bb53a8b0ff310f00b496cf2f86ad5253de2ef88d5a9bd18862d2e101a93499f18be4158c6b21538ee259bb4ab241d6976c6cdc2a58b36d470444c07d3dc9788e6cd15fc373aa6d0ec6095dda505b557bfb377a5e6a22fa3fca8143b0c751639d7e80ba47a9b4d992040d651f8445edc6b06cb47c942c6f9b555fbebdc7f2ac7c41ceb12106d9a064d8147db883719a23dcb50848311680b9dbbf57d509194fdf2df99ac2656e2b4054312a08bb816c5f0e64dd9d3c018340c9173c235af"], 0x1bc) sendmsg$nl_netfilter(r3, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000600)={&(0x7f0000000900)=ANY=[@ANYBLOB="20000000100f000127bd70f4dbdf2505000004000057ecd1f69a88e1ed14f34cf208fd20a65c05c62d23586268c58589279c7e2f33bc99f036f9c74b6b2fbff76fcc70f9e5900e913b0c4b9ae8a0f9f3537ed7d659aaa7e779e3d6f0a56e20bdc9540769955412f18656f0945de876c8bf3980147ecf655f837d787152d4274beaf412ecd7228eca72be0000023bf3b45b0fc32d1197368923a600"], 0x9b}, 0x1, 0x0, 0x0, 0x4004880}, 0x4000000) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, &(0x7f00000006c0)=ANY=[]) ioctl$ASHMEM_GET_PIN_STATUS(r3, 0x7709, 0x0) bind$netlink(r3, &(0x7f00000002c0)={0x10, 0x0, 0x25dfdbfe}, 0xc) setsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f00000008c0)=0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000240)={"7465616d300000ffffffc000", 0x4bfd}) fchmod(0xffffffffffffffff, 0x0) [ 189.156857] IPVS: ftp: loaded support on port[0] = 21 [ 191.540773] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.547587] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.556287] device bridge_slave_0 entered promiscuous mode [ 191.722304] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.728767] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.737305] device bridge_slave_1 entered promiscuous mode [ 191.877860] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 192.019858] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 192.454333] bond0: Enslaving bond_slave_0 as an active interface with an up link 18:45:57 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='rdma.max\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x0) [ 192.631370] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.073228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 193.080295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.186295] IPVS: ftp: loaded support on port[0] = 21 [ 193.577943] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 193.586183] team0: Port device team_slave_0 added [ 193.849214] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 193.857503] team0: Port device team_slave_1 added [ 194.113378] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 194.120444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.129553] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.318783] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 194.325930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.334875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.479521] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 194.487247] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.496737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.720063] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 194.727721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.736900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 197.074964] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.081423] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.090104] device bridge_slave_0 entered promiscuous mode [ 197.127069] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.133634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.140559] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.147151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.156052] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 197.380121] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.386833] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.395350] device bridge_slave_1 entered promiscuous mode [ 197.634537] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 197.816888] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 197.942584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 18:46:03 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000540)='/dev/usbmon#\x00', 0x0, 0x0) close(r0) [ 198.450915] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.835357] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.995732] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 199.002899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.251198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.258376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.399177] IPVS: ftp: loaded support on port[0] = 21 [ 200.140021] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 200.148288] team0: Port device team_slave_0 added [ 200.410886] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.419067] team0: Port device team_slave_1 added [ 200.733695] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.741235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.750644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.079379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 201.086636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.095701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.340379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.348035] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.357206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.557121] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.564992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.573991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.878316] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.884943] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.893411] device bridge_slave_0 entered promiscuous mode [ 204.169512] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.176176] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.184724] device bridge_slave_1 entered promiscuous mode [ 204.493832] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.785075] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.891258] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.897797] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.904825] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.911297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.920140] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.681192] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 205.703582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.014976] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 206.264398] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 206.271471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 206.484717] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 206.492111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 18:46:11 executing program 3: mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount(&(0x7f0000000200)=ANY=[], &(0x7f0000000380)='./file0\x00', &(0x7f0000005440)='hugetlbfs\x00', 0x0, &(0x7f0000001d80)) [ 207.187956] ip (6477) used greatest stack depth: 53040 bytes left [ 207.448824] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 207.456981] team0: Port device team_slave_0 added [ 207.830958] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 207.839133] team0: Port device team_slave_1 added [ 208.000698] IPVS: ftp: loaded support on port[0] = 21 [ 208.216650] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 208.223808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.232785] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.531362] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 208.538529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.547436] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.951289] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.959006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.968133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.341987] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.349556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.358738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.680607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.001169] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 212.428652] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.435159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.443269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.353108] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.359605] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.366706] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.373226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.382114] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.766623] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.773259] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.781787] device bridge_slave_0 entered promiscuous mode [ 213.886849] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.942655] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.175207] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.182106] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.190544] device bridge_slave_1 entered promiscuous mode [ 214.663776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 214.989309] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.079911] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.394090] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.684607] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 216.691816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 18:46:22 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@local, @in6=@loopback}}, {{@in6=@mcast2}, 0x0, @in6=@loopback, 0x0, 0x1}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[]}}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@nl, 0x80, &(0x7f0000000200)=[{&(0x7f0000000300)=""/80, 0x50}, {&(0x7f0000000380)=""/152, 0x98}], 0x2, &(0x7f0000002040)=""/4096, 0x1000}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)={0x2, 0xd, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="021200001100000026bd7000fcdbdf2501001400790000000800120003000000000000003800000046003270b4a69956a98fe40000000000ac1414bb0000000000000000000400000000000000000000000000000000000004000400170000001f0000da000700003f00000000000000030000000000120002000b00050000000100000000000000"], 0x88}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x400000000000117, 0x0) [ 217.043688] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 217.050743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.297635] IPVS: ftp: loaded support on port[0] = 21 [ 218.405284] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.413383] team0: Port device team_slave_0 added [ 218.863731] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.871935] team0: Port device team_slave_1 added [ 219.298327] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 219.305898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.314849] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.622692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.738984] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.746640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.755532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.213771] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.221360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.230550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.672210] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 220.679882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.689020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.244599] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 222.866075] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 222.872631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.880565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.323056] hrtimer: interrupt took 104440 ns [ 223.548320] device team0 entered promiscuous mode [ 223.571684] device team_slave_0 entered promiscuous mode [ 223.612572] device team_slave_1 entered promiscuous mode [ 223.845762] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.169982] 8021q: adding VLAN 0 to HW filter on device team0 18:46:29 executing program 0: ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000080)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000500)) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)="2f70726f632f737900080000742f697076342f76732f73ec6f7070795f74637008", 0x2, 0x0) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000200)) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000011c0)={[], 0x0, 0x3, 0x8001, 0x5}) [ 224.744324] 8021q: adding VLAN 0 to HW filter on device team0 18:46:30 executing program 0: ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000080)) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000500)) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)="2f70726f632f737900080000742f697076342f76732f73ec6f7070795f74637008", 0x2, 0x0) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000200)) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000011c0)={[], 0x0, 0x3, 0x8001, 0x5}) [ 225.029093] Not allocated shadow for addr ffff88014f21a308 (page ffffea0007dac9c0) [ 225.036845] Attempted to access 8 bytes [ 225.040869] ------------[ cut here ]------------ [ 225.045636] kernel BUG at mm/kmsan/kmsan.c:1091! [ 225.050423] invalid opcode: 0000 [#1] SMP [ 225.054592] CPU: 1 PID: 6141 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #65 [ 225.061790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.071175] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 225.076822] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c [ 225.095743] RSP: 0018:ffff880171b5f780 EFLAGS: 00010046 [ 225.101128] RAX: 000000000000001b RBX: 0000000000000000 RCX: 6493dbecbbbc9b00 [ 225.108410] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 225.115699] RBP: ffff880171b5f7b0 R08: 0000000000000000 R09: ffff88021fd38f50 [ 225.122986] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001 [ 225.130277] R13: ffff88014f21a308 R14: 0000000000000001 R15: 0000000000000008 [ 225.137575] FS: 0000000000b06940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 225.145814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 225.151712] CR2: 0000000000706158 CR3: 0000000171b18000 CR4: 00000000001406e0 [ 225.159005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 225.166292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 225.173574] Call Trace: [ 225.176192] kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 225.181408] kmsan_unpoison_shadow+0x72/0xd0 [ 225.185854] vunmap_page_range+0x828/0xc20 [ 225.190156] remove_vm_area+0x39b/0x450 [ 225.194169] __vunmap+0x34c/0x5d0 [ 225.197661] vfree+0x79/0x170 [ 225.200799] do_arpt_get_ctl+0xddb/0xe80 [ 225.204914] ? compat_do_arpt_set_ctl+0x2e90/0x2e90 [ 225.209957] nf_getsockopt+0x481/0x4e0 [ 225.213895] ip_getsockopt+0x2b1/0x470 [ 225.217822] ? compat_ip_setsockopt+0x380/0x380 [ 225.222528] tcp_getsockopt+0x1c6/0x1f0 [ 225.226538] ? tcp_get_timestamping_opt_stats+0x1810/0x1810 [ 225.232279] sock_common_getsockopt+0x13f/0x180 [ 225.236980] ? sock_recv_errqueue+0x990/0x990 [ 225.241519] __sys_getsockopt+0x48c/0x550 [ 225.245714] __se_sys_getsockopt+0xe1/0x100 [ 225.250081] __x64_sys_getsockopt+0x62/0x80 [ 225.254427] do_syscall_64+0xbe/0x100 [ 225.258259] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 225.263473] RIP: 0033:0x45a0aa [ 225.266701] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 88 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 88 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 225.285628] RSP: 002b:0000000000a3f648 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 [ 225.293367] RAX: ffffffffffffffda RBX: 0000000000a3f750 RCX: 000000000045a0aa [ 225.300654] RDX: 0000000000000061 RSI: 0000000000000000 RDI: 0000000000000003 [ 225.307946] RBP: 0000000000000003 R08: 0000000000a3f65c R09: 000000000000000a [ 225.315240] R10: 0000000000a3f750 R11: 0000000000000212 R12: 0000000000000000 [ 225.322531] R13: 0000000000036da3 R14: 0000000000000002 R15: 0000000000000000 [ 225.329835] Modules linked in: [ 225.333073] ---[ end trace 982ec86eaf9a80a0 ]--- [ 225.337857] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 225.343514] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c [ 225.362441] RSP: 0018:ffff880171b5f780 EFLAGS: 00010046 [ 225.367842] RAX: 000000000000001b RBX: 0000000000000000 RCX: 6493dbecbbbc9b00 [ 225.375124] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 225.382409] RBP: ffff880171b5f7b0 R08: 0000000000000000 R09: ffff88021fd38f50 [ 225.389696] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001 [ 225.396979] R13: ffff88014f21a308 R14: 0000000000000001 R15: 0000000000000008 [ 225.404284] FS: 0000000000b06940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 225.413220] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 225.419117] CR2: 0000000000706158 CR3: 0000000171b18000 CR4: 00000000001406e0 [ 225.426404] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 225.433690] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 225.440974] Kernel panic - not syncing: Fatal exception [ 225.447364] Kernel Offset: disabled [ 225.451006] Rebooting in 86400 seconds..