[ 59.668403] sshd (6204) used greatest stack depth: 53392 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 59.918118] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 64.435338] random: sshd: uninitialized urandom read (32 bytes read) [ 64.954759] sshd (6276) used greatest stack depth: 53184 bytes left [ 64.988730] random: sshd: uninitialized urandom read (32 bytes read) [ 66.600144] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.76' (ECDSA) to the list of known hosts. [ 72.383603] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/09 13:54:46 fuzzer started [ 77.085568] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/09 13:54:51 dialing manager at 10.128.0.26:44001 2018/10/09 13:54:51 syscalls: 1 2018/10/09 13:54:51 code coverage: enabled 2018/10/09 13:54:51 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/09 13:54:51 setuid sandbox: enabled 2018/10/09 13:54:51 namespace sandbox: enabled 2018/10/09 13:54:51 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/09 13:54:51 fault injection: enabled 2018/10/09 13:54:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/09 13:54:51 net packed injection: enabled 2018/10/09 13:54:51 net device setup: enabled [ 83.397257] random: crng init done 13:56:54 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8983, &(0x7f0000000000)={"060000006170b002002000", @ifru_hwaddr}) [ 202.954559] IPVS: ftp: loaded support on port[0] = 21 [ 205.403728] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.410230] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.418983] device bridge_slave_0 entered promiscuous mode [ 205.586571] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.593226] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.601643] device bridge_slave_1 entered promiscuous mode [ 205.746200] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 205.889282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 206.333472] bond0: Enslaving bond_slave_0 as an active interface with an up link 13:56:58 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0) ioctl$VHOST_GET_FEATURES(r0, 0x80044df9, &(0x7f0000000040)) [ 206.482828] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 206.747850] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 206.754993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.012727] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.020116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.231213] IPVS: ftp: loaded support on port[0] = 21 [ 207.579944] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 207.588309] team0: Port device team_slave_0 added [ 207.793989] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 207.802070] team0: Port device team_slave_1 added [ 208.017271] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 208.024430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.033525] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.227172] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 208.234316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.243372] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.393600] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.401534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.410727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.589715] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 208.597408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.606706] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.991832] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.998456] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.007127] device bridge_slave_0 entered promiscuous mode [ 211.270417] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.277074] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.285825] device bridge_slave_1 entered promiscuous mode [ 211.351899] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.358474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.365546] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.372011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.381020] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.479528] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 211.728753] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.092985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.332601] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.506063] bond0: Enslaving bond_slave_1 as an active interface with an up link 13:57:04 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0xc04e27d3b503e3df, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000140)=0x2) [ 212.737216] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.748729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.649738] IPVS: ftp: loaded support on port[0] = 21 [ 214.043857] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 214.051886] team0: Port device team_slave_0 added [ 214.400977] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 214.409206] team0: Port device team_slave_1 added [ 214.682560] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.689638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.698502] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 215.070065] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 215.077307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 215.086434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.427661] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 215.435455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.444667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.764290] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 215.772049] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.781323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.289841] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.296444] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.305054] device bridge_slave_0 entered promiscuous mode [ 218.511545] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.518091] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.526736] device bridge_slave_1 entered promiscuous mode [ 218.795642] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 219.054807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 219.113855] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.120357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.127435] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.133962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.142723] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 219.932624] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.976087] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 220.194983] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 220.548762] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 220.556046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 220.898093] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 220.905250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 13:57:13 executing program 3: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) ftruncate(r0, 0x8200) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3, 0x12, r1, 0x0) mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) [ 221.840557] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 221.848688] team0: Port device team_slave_0 added [ 222.258391] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 222.266726] team0: Port device team_slave_1 added [ 222.269731] IPVS: ftp: loaded support on port[0] = 21 [ 222.671040] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 222.678261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.687301] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 223.090491] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 223.097669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 223.106725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 223.491037] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 223.498806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 223.508175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 223.864254] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 223.871830] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 223.880990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 223.967739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.311303] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 226.679167] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 226.685664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 226.693764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 227.140452] ip (6766) used greatest stack depth: 53056 bytes left [ 227.883718] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.890230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.897288] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.903845] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.912976] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.971818] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.299080] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.305756] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.314397] device bridge_slave_0 entered promiscuous mode [ 228.412951] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.764144] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.771614] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.780459] device bridge_slave_1 entered promiscuous mode [ 229.181911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 229.481091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 230.624287] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.003118] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.394052] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 231.401127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.737834] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 231.745039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 13:57:24 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000080)={0x10000009, 0xffffffffffffffff, 0x1, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x80003, 0xb) ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000240)=0x1) [ 232.946797] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.955351] team0: Port device team_slave_0 added [ 233.405866] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 233.414373] team0: Port device team_slave_1 added [ 233.430575] IPVS: ftp: loaded support on port[0] = 21 [ 233.816876] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 233.824161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.833296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 234.244523] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 234.251588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 234.261123] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.380616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.597377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 234.605073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 234.614146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.094963] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 235.102746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 235.111768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.133302] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 13:57:29 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000040c0), 0x1000) read$FUSE(r0, &(0x7f00000020c0), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open(&(0x7f0000000040)='./file0/file0\x00', 0x202700, 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="90000000000000000200000000000000010000000045000000000000000000000b08956d069e000000002066ce654d316e6f646576656d3100f9ff00000000000000000000000000000000000001000000000000002c00000000000008000000000000000000000000000000001c00000000841a174603385e000051a717000418b9b3cc002b73797374040000006586"], 0x90) pread64(r0, &(0x7f00000002c0), 0x194, 0x0) write$FUSE_LSEEK(r0, &(0x7f0000000180)={0x18, 0x0, 0x3}, 0x18) [ 237.966240] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 237.972832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.980597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 13:57:30 executing program 0: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x2, 0x2200) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000180)={{{@in=@loopback, @in6=@local}}, {{@in6=@dev}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000040)=0xe8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000180)) [ 239.623161] 8021q: adding VLAN 0 to HW filter on device team0 13:57:31 executing program 0: r0 = syz_open_dev$sndpcmp(&(0x7f0000000400)='/dev/snd/pcmC#D#p\x00', 0x1c000000000, 0x80) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000440)={0x0, 0x6}, &(0x7f0000000480)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000540)={r1, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x4e22, 0xffff, @local, 0x7}, @in6={0xa, 0x4e23, 0xfd9, @mcast1, 0x3}, @in={0x2, 0x4e24, @multicast2}, @in6={0xa, 0x4e20, 0x2, @loopback, 0x401}]}, &(0x7f0000000580)=0x10) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, &(0x7f0000000380), &(0x7f00000003c0)=0x4) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x80800400060003f, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f00000000c0)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000100)=0x14) mount(&(0x7f0000000240)=ANY=[@ANYBLOB="2c03030000000000005fe5"], &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='cpuset\x00', 0x1010000, &(0x7f0000000300)='&vmnet0md5sum\x00') setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f0000000140)={r4, @in6={{0xa, 0x4e20, 0x1, @mcast2, 0x1000}}}, 0x84) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000200)={r5, 0x9, 0x20}, 0xc) ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000000)={@remote, @empty, @mcast2, 0xfffffffffffffffc, 0x7ffe, 0x7, 0x0, 0x0, 0x2}) [ 240.204729] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.211304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.218383] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.224922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.233431] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 13:57:32 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x5, 0x10e, 0x3ff, 0x20000000000001, 0x0, 0x0}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000180)}, 0x10) sendfile(r0, r0, &(0x7f0000000000)=0x4dd, 0x7ff) [ 240.753458] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.759948] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.768428] device bridge_slave_0 entered promiscuous mode 13:57:33 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x5, 0x10e, 0x3ff, 0x20000000000001, 0x0, 0x0}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000180)}, 0x10) sendfile(r0, r0, &(0x7f0000000000)=0x4dd, 0x7ff) [ 241.054199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.185698] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.192398] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.200844] device bridge_slave_1 entered promiscuous mode 13:57:33 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000040)) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) [ 241.595555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 13:57:33 executing program 0: r0 = socket$inet(0x2, 0x3, 0x2) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x8, 0x400) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f00000000c0)={'rose0\x00', 0xe3}) setsockopt$inet_int(r0, 0x0, 0xc8, &(0x7f0000000040), 0x4) setsockopt$inet_int(r0, 0x0, 0x40000000000d0, &(0x7f0000000080), 0x32b) [ 242.097509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 13:57:34 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x1) mkdir(&(0x7f0000000040)='./control\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./control\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="020000000100000000000000040000000000000000000000", @ANYRES32=0x0, @ANYBLOB="10000000000000002000000000000000"], 0x2c, 0x0) open(&(0x7f0000000000)='./control\x00', 0xc40beb2474dfd22a, 0x0) [ 243.316106] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 243.632787] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 244.025933] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 244.033136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.425654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 244.432823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.029395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.386229] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 245.394338] team0: Port device team_slave_0 added [ 245.760075] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 245.768404] team0: Port device team_slave_1 added [ 246.143295] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 246.156604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 246.163702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.173551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.394657] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 246.401747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.410677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.642629] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 246.650278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 246.659762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 246.934095] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 246.941681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.950720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.422341] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 247.428718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.436727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 13:57:40 executing program 0: r0 = socket(0xc, 0x0, 0x0) write(r0, &(0x7f0000000040)="2ee7240000001a1c0a0b5aff6e10b500000780cc08001b00070000000000000000000000", 0x55) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000000)=@get={0x1, &(0x7f0000000080)=""/136, 0x7fff800000000000}) [ 248.559050] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.935681] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.942312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.949243] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.955802] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.964274] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 249.970853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.421488] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.145922] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 253.866464] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 253.872979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 253.880671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 254.102457] ion_buffer_destroy: buffer still mapped in the kernel 13:57:46 executing program 2: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0xc04e27d3b503e3df, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000140)=0x2) [ 254.301129] Not allocated shadow for addr ffff8801a28bf9f0 (page ffffea0009cf47a0) [ 254.308914] Attempted to access 8 bytes [ 254.312969] ------------[ cut here ]------------ [ 254.317747] kernel BUG at mm/kmsan/kmsan.c:1091! [ 254.322542] invalid opcode: 0000 [#1] SMP [ 254.326725] CPU: 1 PID: 6474 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #65 [ 254.333946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.343347] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 254.348991] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c [ 254.367918] RSP: 0018:ffff88015eccf780 EFLAGS: 00010046 [ 254.373324] RAX: 000000000000001b RBX: 0000000000000000 RCX: b26a1dd6cf6baa00 [ 254.380616] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 254.387915] RBP: ffff88015eccf7b0 R08: 0000000000000000 R09: ffff88021fd38f50 [ 254.395218] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001 [ 254.402515] R13: ffff8801a28bf9f0 R14: 0000000000000001 R15: 0000000000000008 [ 254.409808] FS: 0000000000ef3940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 254.418056] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 254.423962] CR2: 0000000000706158 CR3: 000000015f94a000 CR4: 00000000001406e0 [ 254.431248] Call Trace: [ 254.433877] kmsan_internal_unpoison_shadow+0x5c/0xe0 [ 254.439117] kmsan_unpoison_shadow+0x72/0xd0 [ 254.443578] vunmap_page_range+0x828/0xc20 [ 254.447890] remove_vm_area+0x39b/0x450 [ 254.451942] __vunmap+0x34c/0x5d0 [ 254.455456] vfree+0x79/0x170 [ 254.458608] do_arpt_get_ctl+0xddb/0xe80 [ 254.462736] ? compat_do_arpt_set_ctl+0x2e90/0x2e90 [ 254.467783] nf_getsockopt+0x481/0x4e0 [ 254.471721] ip_getsockopt+0x2b1/0x470 [ 254.475652] ? compat_ip_setsockopt+0x380/0x380 [ 254.480358] tcp_getsockopt+0x1c6/0x1f0 [ 254.484371] ? tcp_get_timestamping_opt_stats+0x1810/0x1810 [ 254.490117] sock_common_getsockopt+0x13f/0x180 [ 254.494824] ? sock_recv_errqueue+0x990/0x990 [ 254.499351] __sys_getsockopt+0x48c/0x550 [ 254.503549] __se_sys_getsockopt+0xe1/0x100 [ 254.507912] __x64_sys_getsockopt+0x62/0x80 [ 254.512279] do_syscall_64+0xbe/0x100 [ 254.516115] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 254.521325] RIP: 0033:0x45a0aa [ 254.524546] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd 88 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ba 88 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 254.543466] RSP: 002b:0000000000a3f648 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 [ 254.551202] RAX: ffffffffffffffda RBX: 0000000000a3f750 RCX: 000000000045a0aa [ 254.558500] RDX: 0000000000000061 RSI: 0000000000000000 RDI: 0000000000000003 [ 254.565807] RBP: 0000000000000003 R08: 0000000000a3f65c R09: 000000000000000a [ 254.573110] R10: 0000000000a3f750 R11: 0000000000000212 R12: 0000000000000000 [ 254.580403] R13: 000000000003e07c R14: 0000000000000001 R15: 0000000000000002 [ 254.587722] Modules linked in: [ 254.590979] ---[ end trace 8e89ea0578e7105a ]--- [ 254.595772] RIP: 0010:kmsan_get_shadow_address+0x2d6/0x3d0 [ 254.601418] Code: e9 89 00 00 00 c7 04 25 20 73 28 8c 01 00 00 00 65 48 8b 04 25 00 fd 02 00 c6 80 7b 09 00 00 01 80 3c 25 38 73 28 8c 00 74 0c <0f> 0b 0f 1f 84 00 00 00 00 00 eb fe 48 c7 c7 1c bc 57 8b 31 c0 4c [ 254.620353] RSP: 0018:ffff88015eccf780 EFLAGS: 00010046 [ 254.625756] RAX: 000000000000001b RBX: 0000000000000000 RCX: b26a1dd6cf6baa00 [ 254.633049] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 254.640340] RBP: ffff88015eccf7b0 R08: 0000000000000000 R09: ffff88021fd38f50 [ 254.647629] R10: 0000000000000000 R11: ffffffff862594e0 R12: 0000000000000001 [ 254.654935] R13: ffff8801a28bf9f0 R14: 0000000000000001 R15: 0000000000000008 [ 254.662235] FS: 0000000000ef3940(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000 [ 254.670485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 254.676385] CR2: 0000000000706158 CR3: 000000015f94a000 CR4: 00000000001406e0 [ 254.683685] Kernel panic - not syncing: Fatal exception [ 254.690111] Kernel Offset: disabled [ 254.693751] Rebooting in 86400 seconds..