[ 56.948772] audit: type=1800 audit(1538891089.980:27): pid=6064 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.536677] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 62.848531] random: sshd: uninitialized urandom read (32 bytes read) [ 63.284966] random: sshd: uninitialized urandom read (32 bytes read) [ 65.419564] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts. [ 71.284011] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/07 05:45:06 fuzzer started [ 75.802006] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/07 05:45:11 dialing manager at 10.128.0.26:36867 2018/10/07 05:45:11 syscalls: 1 2018/10/07 05:45:11 code coverage: enabled 2018/10/07 05:45:11 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/07 05:45:11 setuid sandbox: enabled 2018/10/07 05:45:11 namespace sandbox: enabled 2018/10/07 05:45:11 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/07 05:45:11 fault injection: enabled 2018/10/07 05:45:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/07 05:45:11 net packed injection: enabled 2018/10/07 05:45:11 net device setup: enabled [ 80.501022] random: crng init done 05:47:09 executing program 0: syz_open_dev$vcsa(&(0x7f0000001400)='/dev/vcsa#\x00', 0x4, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f00000001c0)) clock_nanosleep(0x2, 0x0, &(0x7f0000000180)={0x0, 0x989680}, 0x0) mknod(&(0x7f0000000080)='./file0\x00', 0x1000, 0x0) move_pages(r0, 0x0, &(0x7f0000000040), &(0x7f0000000000)=[0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, &(0x7f0000001240)=""/85) write$P9_RSETATTR(0xffffffffffffffff, &(0x7f0000001380)={0x7, 0x1b, 0x2}, 0x7) tkill(r0, 0x1000000000016) rename(&(0x7f0000001300)='./file0\x00', &(0x7f0000001340)='./file0\x00') ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000040)={0x9, 0xffffffffffffff00}) [ 197.277621] IPVS: ftp: loaded support on port[0] = 21 [ 199.854281] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.860814] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.869621] device bridge_slave_0 entered promiscuous mode [ 200.011473] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.018122] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.026718] device bridge_slave_1 entered promiscuous mode [ 200.165331] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 200.304949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 05:47:13 executing program 1: r0 = socket$inet6(0xa, 0x2000000000001, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000080)=@fragment, 0x8) bind$inet6(r0, &(0x7f0000402000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000100)=0x4, 0x4) sendto$inet6(r0, &(0x7f00007a8fff), 0x3a7, 0x20000000, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 200.732834] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.885967] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.292257] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 201.299467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.490092] IPVS: ftp: loaded support on port[0] = 21 [ 201.876124] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 201.884501] team0: Port device team_slave_0 added [ 202.127850] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 202.136082] team0: Port device team_slave_1 added [ 202.393870] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 202.400928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.409991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.640091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 202.647351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.656477] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.906502] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 202.914560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.923960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.167748] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 203.175456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.184693] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.856758] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.863513] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.871924] device bridge_slave_0 entered promiscuous mode [ 205.175692] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.182189] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.190844] device bridge_slave_1 entered promiscuous mode [ 205.465151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 205.673993] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 205.897391] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.903981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.910901] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.917502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.926314] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 206.303541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.468875] bond0: Enslaving bond_slave_0 as an active interface with an up link 05:47:19 executing program 2: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, &(0x7f0000000100)}, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000040)=@nfc={0x27, 0x8}, 0x80, &(0x7f0000000540)}, 0x0) [ 206.762335] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.068004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 207.075244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.371404] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.378771] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.596991] IPVS: ftp: loaded support on port[0] = 21 [ 208.243816] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.251874] team0: Port device team_slave_0 added [ 208.543882] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 208.552050] team0: Port device team_slave_1 added [ 208.805018] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 208.812879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.821809] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.060622] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 209.067814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.076648] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.354338] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.361921] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.371203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.669470] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.677158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.686315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.235619] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.242140] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.251015] device bridge_slave_0 entered promiscuous mode [ 212.588843] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.595496] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.604093] device bridge_slave_1 entered promiscuous mode [ 212.835810] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.030435] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.037024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.044088] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.050548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.059379] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.066067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.123867] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 214.077243] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 214.353996] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 214.640190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.647435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 05:47:27 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000280), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000400)="6e65742f74637000cd5771e92a073467075e90b6e46b4832802f88b6bbeb60b84023837448aea4791d5c5d9393b565d9d4b8412320c82a73d0673e16ab4d7f6f4bec1766b97811bfab16c5cb94ff1ca001b3491cb9ccbbbe9cd02113e1bc2efa473385e02c") sendfile(r0, r1, &(0x7f0000000080), 0x80000003) [ 215.021537] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 215.029710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 215.719577] ip (6566) used greatest stack depth: 53040 bytes left [ 215.901505] IPVS: ftp: loaded support on port[0] = 21 [ 216.060872] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 216.068984] team0: Port device team_slave_0 added [ 216.427845] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 216.436156] team0: Port device team_slave_1 added [ 216.798361] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 216.805650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.814772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.219713] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 217.227013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.235680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.620447] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 217.628041] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.636956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.021310] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 218.029134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.038165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.394901] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.578489] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 220.973954] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.980863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.989298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.671542] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.678153] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.686636] device bridge_slave_0 entered promiscuous mode [ 222.032434] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.039146] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.047873] device bridge_slave_1 entered promiscuous mode [ 222.058913] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.065568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.072460] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.079105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.088006] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 222.325624] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.458644] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 222.806844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 222.973019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.896699] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.232378] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.533120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 224.540487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.891643] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 224.899298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 05:47:38 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000000013002d54036205001a0005cebafc22000000000000001ac600b2000003000000000000000000000000000a000028"], 0x38}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x20, 0x0) [ 225.997812] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.006019] team0: Port device team_slave_0 added [ 226.363345] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 226.371637] team0: Port device team_slave_1 added [ 226.489445] IPVS: ftp: loaded support on port[0] = 21 [ 226.718631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 226.725771] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 226.734889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.159318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 227.166713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 227.175612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 227.466552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.552257] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 227.559944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 227.568914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.032741] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 228.040392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.049495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 228.911181] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 230.612914] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 230.619284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 230.627462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 232.300638] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.647079] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.653662] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.660598] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.667277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.675916] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 05:47:45 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000640)={r0, 0xffffffffffffffff, 0xa}, 0x10) 05:47:46 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f000000a000), &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0)) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mknod(&(0x7f00000002c0)='./file0/file0/file0\x00', 0x0, 0x0) rename(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000000)='./file0/file1\x00') [ 233.610529] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.617451] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.625985] device bridge_slave_0 entered promiscuous mode [ 233.692881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:47:46 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x1e) ioctl$TCGETA(r2, 0x5405, &(0x7f0000000040)) recvmmsg(r1, &(0x7f0000000a00)=[{{&(0x7f00000007c0)=@l2, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000900)=""/252, 0xfc}}], 0x1eb, 0x0, 0x0) [ 234.140122] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.146898] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.155449] device bridge_slave_1 entered promiscuous mode 05:47:47 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x1e) ioctl$TCGETA(r2, 0x5405, &(0x7f0000000040)) recvmmsg(r1, &(0x7f0000000a00)=[{{&(0x7f00000007c0)=@l2, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000900)=""/252, 0xfc}}], 0x1eb, 0x0, 0x0) [ 234.617940] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 05:47:47 executing program 0: r0 = semget$private(0x0, 0x1, 0x0) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000000)=""/254) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000140)={{{@in=@multicast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@local}}, &(0x7f0000000240)=0xe8) r2 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0xbb, 0x1) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000340), &(0x7f0000000380)=0x4) r3 = getuid() lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r1, r3, r4) [ 235.036616] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 05:47:48 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000000c0)="ca67bd6d82f3cdadc79cd7ec3e66e562", 0x10) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000100)="f4304868681941a96edf472d957d2e23", 0x10) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000040), 0x4) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) getresuid(&(0x7f00000001c0)=0x0, &(0x7f0000000140), &(0x7f0000000080)) r4 = socket$inet6(0xa, 0x2, 0x3) setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000280)={{{@in, @in, 0x4e21, 0x2, 0x4e20, 0x80000001, 0xa, 0x80, 0x20, 0x84, r2, r3}, {0x4, 0x1, 0x80000001, 0x7ff, 0x842f, 0xffffffffffff7fff, 0xee, 0x1}, {0x2, 0x4, 0x0, 0x5}, 0xfffffffffffffffa, 0x6e6bb7, 0x0, 0x1, 0x3, 0x3}, {{@in6=@loopback, 0x4d5, 0x33}, 0xa, @in6=@mcast1, 0x0, 0x1, 0x2, 0x2, 0x200000, 0x200, 0xff}}, 0xe8) setsockopt$inet6_dccp_buf(r4, 0x21, 0xc0, &(0x7f0000000380)="d1920d5d0894f773d13cf7d0df99237e27838c719dbf0250b629b161d3eaa131de0080e69ccf9497ab02c76a1074d7ab268d6e59453f66fc8ab3dbe5c35d94e3f53448b8a6b9e027991d2e3a2ce4324070dbcd6669189f767ed1cd", 0x5b) sendmmsg$unix(r1, &(0x7f0000000ac0)=[{&(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000400)="1bddaa971c081d6d49bb4a6bb0fe856edf2ad8c25b2cfb359d62ebdbeccb0eeddd9f3c76b428ee54f090e9d5ae85da878c8b8488422632b3791773271a53f2fec7a64e893a15d20cf7b1839e2fb6174f4a28bdf5fbaf99373750adc5fe8f30295be8576f32ce1d952ef97c74ebe5964baf54e37b19802495bee4dee7b2232a948db0c3f655f7b7ad7d91f48d6a7653cab7", 0x91}, {&(0x7f00000004c0)="1f86257f2413acbdcbe17ed6011904616633e4144428b97ca6af8d6771000bf410bd9924d00fb7874e811c34b0778a527e6c4d9ab79e3ea51a5fb7b722058e134b4c20b82d85abc17cdb2151201de1ca6dc478e0c34ae70a11b5660c8a996b92b2792fb5984748a4c76b2f6abbaa92d1b370a3970a4742cf8f999b4b9dfde87f812d67c12e286852772114c464f1433e5af3c60f0a976053fed4d62bfcf13fd43da87424c8a0a489f1866ee4ea5f6595dd4df85d8436ece57fee7c81f8f41254648fbd1982a360e260255b253542cf0a7c7d741605f4796a67bbb65cb1307744a740e889a7246177ce", 0xe9}, {&(0x7f00000005c0)="31ee6e5ebedb94c87935", 0xa}, {&(0x7f0000000600)="8c39992cb7f1d6e46a6bf20b7197cb6f65a52e84230556cce8f64eeaaf577857066b229b2e1082b7f58b5d013e5d1d40593ba5d3aed139ea1f7c2bd88352a474cfce963e2eb1bdbcc18ea0ca39b87a00ecf1c4142a9a85871c8918880d1ece40a35faec3bedce31a24ee29429634883cefb5e7f22768ff295e7cf61fa9bc2050edf99ec400eaf8ce3d237f7ccda4d7b384cde40344b6c8a71b4a95fb5a0d9a93e8fde22ace09e2b5d8c494ea5bd5de0731808d4bfb37c1d697e20a63c853f296e7db5643320509d0b1280902fd9c44632e80975ea28c2f5c82fc06d4cd0f11e1e6933a500d042b36", 0xe8}, {&(0x7f0000000700)="79f1cf653575a893fceea62b6d9694d91a", 0x11}], 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="20000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r4, @ANYBLOB="001d0032"], 0x20, 0x4000}, {&(0x7f0000000800)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000a80)=[{&(0x7f0000000880)="8e10c68186b5f05741190105651f2e9f97755608882fc70af29e4250d48aba567db24803d6a5ebfab62aeab90eb53a0fb66a04c89f635b47022507b5736f0b32bfc722f054b7a9616814ba0bac9cae2b35caeaafbe7961c7c71f4217ff393252fb12db38ca5627e7fd1b79bdc3824d06d7300ba16d22a9164e5368641cd8da1dbb73bf366a3bf0ea91570215c7d3781aa61c8976b5391eff0b9877a72db988dfd165e6", 0xa3}, {&(0x7f0000000940)="0b26b78dea3b054d7a52ab6d1b5ec6529600d503b87a7448335044cd2bddff791e9546210e5dc3432a2f3d1f8632f6aaf72c934c5f1efd86bda9da44ce", 0x3d}, {&(0x7f0000000980)="a4853bc2e4d4e1ba5d7abe1aeb966b8cab71fb4c54ff7d4d1244cdd2ddc3545c83f652cfa5bba8cff907047171ecddaceb32274b957e797c24221802dc11bee4e1f781374582385d32deb7f5808189e0d6d96915e9c54dd72e70c83b53910138901238d80a7221667a7dca8a378895823ccd66bee0a201fa865d82ae21f01be1148fd849d638a35d3b70af19533473702ad6b936059939ee5ad0587ca5db700360", 0xa1}, {&(0x7f0000000a40)="102af3bca314d53574ac282f", 0xc}], 0x4, 0x0, 0x0, 0x20000000}], 0x2, 0x20000000) 05:47:49 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) bind$unix(r2, &(0x7f0000968ff6)=@file={0x1, './file0\x00'}, 0xa) r3 = open(&(0x7f0000000040)='./file0\x00', 0x200000, 0x0) recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f00000002c0)=""/248, 0xf8}}], 0x1, 0x0, &(0x7f00000001c0)) sendmmsg$unix(r1, &(0x7f00000034c0)=[{&(0x7f0000000240)=@abs, 0x6e, &(0x7f0000000080), 0x0, &(0x7f0000000580)=[@rights={0x18, 0x1, 0x1, [r3]}], 0x18}], 0x385, 0x0) [ 236.398709] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.753087] bond0: Enslaving bond_slave_1 as an active interface with an up link 05:47:50 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r0, &(0x7f0000007e00), 0x4000000000000f4, 0x0) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000340)=0x1, 0x4) ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000100)={0x0, @in={{0x2, 0x0, @multicast1}}}, &(0x7f00000001c0)=0x84) [ 237.206669] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 237.214739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.604898] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 237.611971] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.561527] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 238.569957] team0: Port device team_slave_0 added [ 238.642691] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.816105] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 238.824459] team0: Port device team_slave_1 added [ 239.092940] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 239.100013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.108778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.426883] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 239.434170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.443042] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 239.662991] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 239.670573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.679588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.818449] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 239.956944] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 239.964768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.973763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 240.819399] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.826035] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.833932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.346463] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 05:47:54 executing program 1: [ 241.954513] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.157864] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.164465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 243.171415] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.178038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.186962] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 243.193616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.200333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.038718] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 246.724536] ================================================================== [ 246.732011] BUG: KMSAN: uninit-value in sit_tunnel_xmit+0x1b14/0x3d10 [ 246.738646] CPU: 1 PID: 7371 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #63 [ 246.745851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.755241] Call Trace: [ 246.757881] dump_stack+0x306/0x460 [ 246.761546] ? sit_tunnel_xmit+0x1b14/0x3d10 [ 246.765993] kmsan_report+0x1a3/0x2d0 [ 246.769856] __msan_warning+0x7c/0xe0 [ 246.773698] sit_tunnel_xmit+0x1b14/0x3d10 [ 246.778017] ? ipip6_tunnel_uninit+0x7e0/0x7e0 [ 246.782640] dev_hard_start_xmit+0x6b8/0xdb0 [ 246.787116] __dev_queue_xmit+0x2e62/0x3d90 [ 246.791503] dev_queue_xmit+0x4b/0x60 [ 246.795329] ? __netdev_pick_tx+0x1490/0x1490 [ 246.799855] packet_sendmsg+0x840f/0x8fe0 [ 246.804118] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 246.809564] ___sys_sendmsg+0xe47/0x1200 [ 246.813654] ? compat_packet_setsockopt+0x360/0x360 [ 246.818697] ? __fget+0x8f7/0x940 [ 246.822216] __se_sys_sendmsg+0x307/0x460 [ 246.826420] __x64_sys_sendmsg+0x4a/0x70 [ 246.830542] do_syscall_64+0xbe/0x100 [ 246.834386] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 246.839607] RIP: 0033:0x457579 [ 246.842831] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 246.861777] RSP: 002b:00007fef0b8f4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 246.869531] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 246.876838] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 246.884179] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 246.891466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fef0b8f56d4 [ 246.898755] R13: 00000000004c3837 R14: 00000000004d5640 R15: 00000000ffffffff [ 246.906100] [ 246.907768] Uninit was created at: [ 246.911348] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 246.916985] kmsan_kmalloc+0xa4/0x120 [ 246.920826] kmsan_slab_alloc+0x10/0x20 [ 246.924850] __kmalloc_node_track_caller+0xb43/0x1400 [ 246.930103] __alloc_skb+0x422/0xe90 [ 246.933858] alloc_skb_with_frags+0x1d0/0xac0 [ 246.938385] sock_alloc_send_pskb+0xe00/0x1420 [ 246.943018] packet_sendmsg+0x6787/0x8fe0 [ 246.947211] ___sys_sendmsg+0xe47/0x1200 [ 246.951298] __se_sys_sendmsg+0x307/0x460 [ 246.955466] __x64_sys_sendmsg+0x4a/0x70 [ 246.959547] do_syscall_64+0xbe/0x100 [ 246.963381] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 246.968575] ================================================================== [ 246.975945] Disabling lock debugging due to kernel taint [ 246.981416] Kernel panic - not syncing: panic_on_warn set ... [ 246.981416] [ 246.988822] CPU: 1 PID: 7371 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #63 [ 246.997415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 247.006780] Call Trace: [ 247.009417] dump_stack+0x306/0x460 [ 247.013095] panic+0x54c/0xafa [ 247.016371] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 247.021873] kmsan_report+0x2cd/0x2d0 [ 247.025739] __msan_warning+0x7c/0xe0 [ 247.029579] sit_tunnel_xmit+0x1b14/0x3d10 [ 247.033888] ? ipip6_tunnel_uninit+0x7e0/0x7e0 [ 247.038507] dev_hard_start_xmit+0x6b8/0xdb0 [ 247.042975] __dev_queue_xmit+0x2e62/0x3d90 [ 247.047390] dev_queue_xmit+0x4b/0x60 [ 247.051219] ? __netdev_pick_tx+0x1490/0x1490 [ 247.055748] packet_sendmsg+0x840f/0x8fe0 [ 247.059963] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 247.065433] ___sys_sendmsg+0xe47/0x1200 [ 247.069531] ? compat_packet_setsockopt+0x360/0x360 [ 247.074703] ? __fget+0x8f7/0x940 [ 247.078234] __se_sys_sendmsg+0x307/0x460 [ 247.082443] __x64_sys_sendmsg+0x4a/0x70 [ 247.086574] do_syscall_64+0xbe/0x100 [ 247.090405] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 247.095620] RIP: 0033:0x457579 [ 247.098845] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 247.117760] RSP: 002b:00007fef0b8f4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.125532] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 247.132859] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 247.140168] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 247.147482] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fef0b8f56d4 [ 247.154775] R13: 00000000004c3837 R14: 00000000004d5640 R15: 00000000ffffffff [ 247.163118] Kernel Offset: disabled [ 247.166760] Rebooting in 86400 seconds..