Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts.
[   64.123073] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/07 15:43:03 fuzzer started
[   68.420590] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/07 15:43:08 dialing manager at 10.128.0.26:36867
2018/10/07 15:43:08 syscalls: 1
2018/10/07 15:43:08 code coverage: enabled
2018/10/07 15:43:08 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/07 15:43:08 setuid sandbox: enabled
2018/10/07 15:43:08 namespace sandbox: enabled
2018/10/07 15:43:08 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/07 15:43:08 fault injection: enabled
2018/10/07 15:43:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/07 15:43:08 net packed injection: enabled
2018/10/07 15:43:08 net device setup: enabled
[   72.676397] random: crng init done
15:44:46 executing program 0:
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff)
mknod(&(0x7f0000000000)='./file0\x00', 0x8008, 0x0)
lsetxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='security.capability\x00', &(0x7f0000000100)=@v3, 0x18, 0x0)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f00000001c0))

[  168.902773] IPVS: ftp: loaded support on port[0] = 21
[  171.050160] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.056778] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.065073] device bridge_slave_0 entered promiscuous mode
[  171.186839] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.193372] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.201518] device bridge_slave_1 entered promiscuous mode
[  171.321908] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  171.443688] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  171.817583] bond0: Enslaving bond_slave_0 as an active interface with an up link
15:44:49 executing program 1:
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x805, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
dup(0xffffffffffffffff)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz1\x00'})
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8910, &(0x7f0000000000)=@req)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000040), 0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000200), &(0x7f0000000240)=0x8)

[  171.946601] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  172.507749] IPVS: ftp: loaded support on port[0] = 21
[  172.752354] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  172.760286] team0: Port device team_slave_0 added
[  172.916769] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  172.924745] team0: Port device team_slave_1 added
[  173.087258] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  173.097747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  173.106521] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  173.313900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  173.495160] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  173.502885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  173.511842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  173.658802] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  173.666453] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  173.675387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  175.708518] bridge0: port 2(bridge_slave_1) entered blocking state
[  175.715105] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.722030] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.728469] bridge0: port 1(bridge_slave_0) entered forwarding state
[  175.736967] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  175.780926] bridge0: port 1(bridge_slave_0) entered blocking state
[  175.787806] bridge0: port 1(bridge_slave_0) entered disabled state
[  175.796007] device bridge_slave_0 entered promiscuous mode
[  175.842674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  176.067743] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.074300] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.082531] device bridge_slave_1 entered promiscuous mode
[  176.290457] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  176.450623] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  177.103928] bond0: Enslaving bond_slave_0 as an active interface with an up link
15:44:55 executing program 2:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x10001}, &(0x7f0000000440)=0x8)
r2 = shmget$private(0x0, 0x2000, 0x200, &(0x7f0000ffb000/0x2000)=nil)
r3 = geteuid()
getresgid(&(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000200), &(0x7f0000000240))
stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = getegid()
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000500)=<r7=>0x0)
shmctl$IPC_SET(r2, 0x1, &(0x7f0000000680)={{0x2, r3, r4, r5, r6, 0x15, 0x800}, 0x4, 0x49c, 0x7, 0x7, r7, 0x0, 0x1})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000580)={{{@in6=@mcast1, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@multicast2}, 0x0, @in6=@local}}, &(0x7f0000000280)=0xe8)
getresgid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0)=<r9=>0x0)
lchown(&(0x7f0000000140)='./file0\x00', r8, r9)
sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100))
openat$cgroup_procs(r1, &(0x7f0000000180)='tasks\x00', 0x2, 0x0)
unshare(0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000040)={'tunl0\x00', @ifru_names='bridge0\x00'})
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(0xffffffffffffffff, 0x80dc5521, &(0x7f0000000780)=""/153)
r10 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x0)
ioctl$BLKTRACESETUP(r10, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0x100, 0x279d})
r11 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000b40)='/dev/mixer\x00', 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, 0x0)
write$FUSE_IOCTL(r11, &(0x7f0000000080)={0x20, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2}}, 0x20)
ioctl$BLKTRACETEARDOWN(r10, 0x1276, 0x0)

[  177.286817] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  177.496047] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  177.505399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  178.068684] IPVS: ftp: loaded support on port[0] = 21
[  178.459770] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  178.467770] team0: Port device team_slave_0 added
[  178.712833] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  178.720713] team0: Port device team_slave_1 added
[  178.936233] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  178.943450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  178.952110] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  179.155929] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  179.163146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  179.172031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  179.450936] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  179.458662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  179.467481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  179.751819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  179.759309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  179.768006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  181.988790] bridge0: port 1(bridge_slave_0) entered blocking state
[  181.995519] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.003582] device bridge_slave_0 entered promiscuous mode
[  182.127269] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.133994] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.142286] device bridge_slave_1 entered promiscuous mode
[  182.366431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  182.666194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  182.720662] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.727204] bridge0: port 2(bridge_slave_1) entered forwarding state
[  182.734232] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.740648] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.749172] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  182.982312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  183.476294] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  183.743763] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  183.971434] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  183.980213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  184.169556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  184.176677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
15:45:02 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @remote, @loopback}, 0xc)

[  185.030864] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  185.038925] team0: Port device team_slave_0 added
[  185.317649] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  185.325628] team0: Port device team_slave_1 added
[  185.570260] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  185.577404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  185.586131] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  185.626324] IPVS: ftp: loaded support on port[0] = 21
[  185.719194] 8021q: adding VLAN 0 to HW filter on device bond0
[  185.884949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  185.892132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  185.900659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  186.233953] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  186.241499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  186.250412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  186.517990] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  186.525676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  186.534601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  186.935143] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  187.976518] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  187.983003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  187.990857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  189.118892] 8021q: adding VLAN 0 to HW filter on device team0
[  189.971381] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.977955] bridge0: port 2(bridge_slave_1) entered forwarding state
[  189.984857] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.991276] bridge0: port 1(bridge_slave_0) entered forwarding state
[  189.999707] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  190.082096] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  190.264301] ip (6517) used greatest stack depth: 53056 bytes left
[  190.524407] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.530868] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.539210] device bridge_slave_0 entered promiscuous mode
[  190.826668] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.833227] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.841349] device bridge_slave_1 entered promiscuous mode
[  191.167274] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  191.488748] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  192.308591] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  192.614645] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  192.943112] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  192.950184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  193.240393] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  193.247571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
15:45:12 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000))
pipe(&(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000006280)={<r2=>0x0, @rand_addr, @broadcast}, &(0x7f00000062c0)=0xc)
ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000006300)={@mcast1, @empty, @remote, 0x1000, 0xffffffffffffba8b, 0x100000001, 0x400, 0x0, 0x80020000, r2})
write(r1, &(0x7f0000000340), 0x10000014c)
socket$vsock_dgram(0x28, 0x2, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000280)=0x2)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r3=>0x0})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000001c0)={0x0, 0x80000, r1})
pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8})
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  194.202027] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  194.209725] team0: Port device team_slave_0 added
[  194.523767] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  194.531544] team0: Port device team_slave_1 added
[  194.866917] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  194.874100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  194.882652] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  195.009895] 8021q: adding VLAN 0 to HW filter on device bond0
[  195.195891] IPVS: ftp: loaded support on port[0] = 21
[  195.231060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  195.238247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  195.247018] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  195.683211] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  195.690781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  195.699523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  196.045437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  196.053047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  196.061860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  196.516803] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
15:45:15 executing program 0:
socket$unix(0x1, 0x0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x0, "e91f7189591e9233614b00"}, 0x6e)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x2042, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000680)={<r1=>0x0, 0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000480)='(eth1\x00'}, 0x30)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r0, 0x50, &(0x7f0000000740)}, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000080)=0xc, 0x4)
perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(r1, &(0x7f0000000700)='net/raw6\x00')
r3 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000840)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000880))
tkill(r3, 0x1104000000016)
ioctl$SG_EMULATED_HOST(0xffffffffffffffff, 0x2203, &(0x7f0000000940))
listen(0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
waitid(0x0, r1, &(0x7f0000000a40), 0x1, &(0x7f0000000a80))
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x1}, &(0x7f0000000380)=0x8)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
readlinkat(r2, &(0x7f0000000800)='./file0\x00', &(0x7f00000008c0)=""/66, 0x42)
mkdir(&(0x7f00000004c0)='./file0\x00', 0x0)
perf_event_open(&(0x7f0000000000)={0x20000000000006, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff}, 0x20000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000500), &(0x7f0000000540)=0x8)
ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x6, 0xffffffff})
mount(&(0x7f0000000680)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000))

15:45:15 executing program 0:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
ioperm(0x4, 0x1, 0x6)
write$binfmt_script(r1, &(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0xffffffd6)
recvmsg(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/116, 0x74}, {&(0x7f00000002c0)=""/22, 0x16}, {&(0x7f00000013c0)=""/4096, 0x1000}], 0x3, &(0x7f00000007c0)=""/16, 0x10}, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/tcp\x00')
write$apparmor_current(r2, &(0x7f00000003c0)=@profile={'changeprofile ', 'net/tcp\x00'}, 0x16)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffff9c, 0x10, &(0x7f0000000280)={&(0x7f00000001c0)=""/29, 0x1d, <r3=>0x0}}, 0x10)
syz_emit_ethernet(0x71, &(0x7f0000000a80)=ANY=[@ANYBLOB="000000000000000000006d5245f4daec1d0043f89c6fb5933342f8e2ad7a938023c2addc65d11973a69b5db678cd547348c801b2ee8a2bf530462cfa170a6ee05f7c44afc68e031d497dbe67bd5220d68a8a1a40bddd72b4c3b32920f8956dc5573786b4212a44d6d899f69291a2745c73e5f2616524e9d5fd5725c0e9b8b462e72b86ad1a39c01e47d64fd9d76f8374dc6dfe09197bc1e5491ebe6b0574308423e6fbe4a00082f9f9369381363ffbbde33daf0d8133764cc8b1015e39c306502997a774d136dc1cce3fd69fb7b61f5f81f35222"], &(0x7f0000000440)={0x1, 0x2, [0x20f, 0xb52, 0xfd3, 0xfcb]})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000380)={r2, 0x10, &(0x7f0000000340)={&(0x7f0000000140)=""/51, 0x33, r3}}, 0x10)
recvmsg(r1, &(0x7f0000000780)={&(0x7f0000000000)=@pppol2tp, 0x80, &(0x7f0000000900)=[{&(0x7f0000000480)=""/185, 0xb9}, {&(0x7f0000000540)=""/224, 0xe0}, {&(0x7f0000000640)=""/126, 0x7e}, {&(0x7f00000006c0)=""/161, 0xa1}, {&(0x7f0000000840)=""/176, 0xb0}], 0x5, &(0x7f0000000980)=""/252, 0xfc, 0x7}, 0x40012000)

15:45:16 executing program 0:
r0 = socket(0x40000000002, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
recvfrom$inet(r0, &(0x7f0000000040)=""/124, 0x7c, 0x0, &(0x7f0000000100)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8915, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f00000000c0)=0x54d, 0x4)
sendto$unix(r0, &(0x7f0000000080), 0x7272, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e)
ftruncate(r0, 0x2)
ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000140)='ip_vti0\x00')

[  197.996339] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  198.002775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  198.010380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  198.230775] raw_sendmsg: syz-executor0 forgot to set AF_INET. Fix it!
15:45:16 executing program 0:
unshare(0x20400)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x2d3)
r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x20000)
ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000040))

15:45:17 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'kw(camellia-generic)\x00'}, 0x58)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000000)={{{@in6=@mcast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6}, 0x0, @in=@multicast2}}, &(0x7f0000000100)=0xe8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'bcsf0\x00', r1})

[  199.468987] 8021q: adding VLAN 0 to HW filter on device team0
15:45:17 executing program 0:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0xa407798e00a08580, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000d4a000)={0xc0000001})
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x2de, 0x0)

[  200.123385] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.129865] bridge0: port 2(bridge_slave_1) entered forwarding state
[  200.136814] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.143294] bridge0: port 1(bridge_slave_0) entered forwarding state
[  200.151264] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
15:45:18 executing program 0:
r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xffff, 0x80)
ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000080)={0x7, 0x40, 0x3f})
syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x29, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000000))

[  200.463368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
15:45:18 executing program 0:
r0 = syz_open_dev$sndtimer(&(0x7f00000b5ff1)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x3, 0x0, 0x0, 0xffeffffffffffffd}})
ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000300)=""/217)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r1=>0x0)
r2 = getpid()
kcmp(r1, r2, 0x7, r0, r0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x5420)

[  201.459605] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.466268] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.474368] device bridge_slave_0 entered promiscuous mode
[  201.808157] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.814858] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.822964] device bridge_slave_1 entered promiscuous mode
[  202.117846] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  202.454924] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  203.362664] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  203.633158] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  203.723854] 8021q: adding VLAN 0 to HW filter on device bond0
[  203.979716] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  203.986887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  204.260507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  204.267849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  204.685911] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  205.096882] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  205.104773] team0: Port device team_slave_0 added
[  205.276539] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  205.284534] team0: Port device team_slave_1 added
[  205.489952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  205.497977] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  205.506683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  205.560721] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  205.567170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  205.574984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  205.703659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  205.955225] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  205.962925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  205.971427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  206.201287] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  206.208931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  206.217923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  206.351098] input: syz1 as /devices/virtual/input/input5
[  206.560256] 8021q: adding VLAN 0 to HW filter on device team0
15:45:24 executing program 1:
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x805, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
dup(0xffffffffffffffff)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz1\x00'})
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8910, &(0x7f0000000000)=@req)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000040), 0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000200), &(0x7f0000000240)=0x8)

[  206.745498] input: syz1 as /devices/virtual/input/input7
[  208.833407] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.839885] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.846834] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.853340] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.862178] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  208.868728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  210.226619] 8021q: adding VLAN 0 to HW filter on device bond0
[  210.927963] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  210.942261] Not allocated shadow for addr ffff88014469e500 (page ffffea00079a7b40)
[  210.950002] Attempted to access 8 bytes
[  210.954025] ------------[ cut here ]------------
[  210.958784] kernel BUG at mm/kmsan/kmsan.c:1075!
[  210.963562] invalid opcode: 0000 [#1] SMP
[  210.967719] CPU: 0 PID: 7163 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #63
[  210.974906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  210.984275] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0
[  210.989905] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c
[  211.008820] RSP: 0018:ffff8801456af7a0 EFLAGS: 00010046
[  211.014198] RAX: 000000000000001b RBX: 0000000000000000 RCX: 2e754c1ca4985e00
[  211.021480] RDX: 0000000000000000 RSI: 0000000000004544 RDI: 0000000000004545
[  211.029043] RBP: ffff8801456af7d0 R08: 0000000000000000 R09: ffff88021fc38f50
[  211.036327] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001
[  211.043606] R13: ffff88014469e500 R14: 0000000000000001 R15: 0000000000000008
[  211.050888] FS:  00007fc7e9597700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
[  211.059123] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.065012] CR2: 00007f1099ae71b0 CR3: 00000001454ed000 CR4: 00000000001406f0
[  211.072300] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  211.079569] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  211.086839] Call Trace:
[  211.089437]  kmsan_internal_unpoison_shadow+0x5c/0xe0
[  211.094640]  kmsan_unpoison_shadow+0x72/0xd0
[  211.099068]  vunmap_page_range+0x828/0xc20
[  211.103335]  remove_vm_area+0x39b/0x450
[  211.107342]  __vunmap+0x34c/0x5d0
[  211.110827]  vunmap+0x69/0xb0
[  211.113947]  relay_destroy_buf+0xac/0x430
[  211.118129]  relay_close+0x470/0xa20
[  211.121868]  __blk_trace_remove+0x256/0x320
[  211.126211]  blk_trace_remove+0x5d/0xb0
[  211.130205]  sg_ioctl+0x846/0x58b0
[  211.133775]  ? do_vfs_ioctl+0x18a/0x2810
[  211.137850]  ? __se_sys_ioctl+0x1da/0x270
[  211.142016]  ? sg_poll+0x870/0x870
[  211.145570]  do_vfs_ioctl+0xcf3/0x2810
[  211.149489]  ? security_file_ioctl+0x92/0x200
[  211.154009]  __se_sys_ioctl+0x1da/0x270
[  211.158144]  __x64_sys_ioctl+0x4a/0x70
[  211.162049]  do_syscall_64+0xbe/0x100
[  211.165868]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  211.171057] RIP: 0033:0x457579
[  211.174260] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  211.193166] RSP: 002b:00007fc7e9596c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  211.200883] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  211.208180] RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000006
[  211.215459] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  211.222740] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc7e95976d4
[  211.230018] R13: 00000000004bea1e R14: 00000000004ce728 R15: 00000000ffffffff
[  211.237318] Modules linked in:
[  211.240534] ---[ end trace b4df7ccb13caa24b ]---
[  211.245299] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0
[  211.250933] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 11 bc 57 8b 31 c0 4c
[  211.269842] RSP: 0018:ffff8801456af7a0 EFLAGS: 00010046
[  211.275209] RAX: 000000000000001b RBX: 0000000000000000 RCX: 2e754c1ca4985e00
[  211.282480] RDX: 0000000000000000 RSI: 0000000000004544 RDI: 0000000000004545
[  211.289757] RBP: ffff8801456af7d0 R08: 0000000000000000 R09: ffff88021fc38f50
[  211.297379] R10: 0000000000000000 R11: ffffffff86258280 R12: 0000000000000001
[  211.304674] R13: ffff88014469e500 R14: 0000000000000001 R15: 0000000000000008
[  211.311956] FS:  00007fc7e9597700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
[  211.320189] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.323335] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  211.326073] CR2: 00007f1099ae71b0 CR3: 00000001454ed000 CR4: 00000000001406f0
[  211.326094] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  211.332444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  211.339438] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  211.339458] Kernel panic - not syncing: Fatal exception
[  211.347951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  211.354763] Kernel Offset: disabled
[  211.378146] Rebooting in 86400 seconds..