[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.814559] audit: type=1800 audit(1544304722.863:25): pid=6661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 60.833763] audit: type=1800 audit(1544304722.863:26): pid=6661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 60.853199] audit: type=1800 audit(1544304722.883:27): pid=6661 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. 2018/12/08 21:32:16 fuzzer started 2018/12/08 21:32:20 dialing manager at 10.128.0.26:43913 2018/12/08 21:32:20 syscalls: 1 2018/12/08 21:32:20 code coverage: enabled 2018/12/08 21:32:20 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/08 21:32:20 setuid sandbox: enabled 2018/12/08 21:32:20 namespace sandbox: enabled 2018/12/08 21:32:20 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/08 21:32:20 fault injection: enabled 2018/12/08 21:32:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/08 21:32:20 net packet injection: enabled 2018/12/08 21:32:20 net device setup: enabled 21:34:43 executing program 0: r0 = gettid() timer_create(0x4, &(0x7f00000000c0), 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_nanosleep(0x9, 0x0, &(0x7f00000001c0)={0x0, r1+30000000}, &(0x7f0000000380)) timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000014) syzkaller login: [ 221.782655] IPVS: ftp: loaded support on port[0] = 21 [ 223.749143] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.755740] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.764618] device bridge_slave_0 entered promiscuous mode [ 223.896579] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.903218] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.912197] device bridge_slave_1 entered promiscuous mode [ 224.030653] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 224.147140] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 224.512163] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.633155] bond0: Enslaving bond_slave_1 as an active interface with an up link 21:34:46 executing program 1: r0 = socket$can_bcm(0x1d, 0x2, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000003c0)=0x30, 0x4) recvmmsg(r0, &(0x7f0000003500), 0x4000000000002c2, 0x40002002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000680)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000000500)={0x1d, r1}, 0x10) sendmsg$can_raw(r0, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f0000017ff0)={&(0x7f0000000000)=@canfd={{0x1}, 0x0, 0x0, 0x0, 0x0, "0327e19a2b010000037dc1250200000008990039966a7d5cb2bd00000000000000000007496e6866856b76b5010000000000000000060000000118fa1efd9b0b"}, 0x48}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.stat\x00', 0x0, 0x0) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, 0x0, 0x0) sendmsg$can_raw(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@canfd={{0x3}, 0x0, 0x0, 0x0, 0x0, "9e2bdeefaf92d92bd8f41d356221a9fe7f8a66fea837a21005db0dcd0630bf89dc773678e2876878856b76b55a7478c2e2d9c3f25b4678e6ab366fc67b080974"}, 0x48}}, 0x0) [ 225.409073] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.417641] team0: Port device team_slave_0 added [ 225.464847] IPVS: ftp: loaded support on port[0] = 21 [ 225.606088] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.614795] team0: Port device team_slave_1 added [ 225.842444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.853090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.862304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 226.105675] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.256951] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.264752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.274027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.453715] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.461353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.470746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.066868] ip (6919) used greatest stack depth: 53984 bytes left [ 228.745693] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.752311] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.760872] device bridge_slave_0 entered promiscuous mode [ 228.823219] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.829761] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.837000] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.843576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.852752] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 228.876476] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.883080] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.891764] device bridge_slave_1 entered promiscuous mode [ 228.898875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.158941] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 229.404044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 21:34:51 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) r1 = creat(&(0x7f0000000080)="e91f7189591e9233614b00", 0x109) r2 = dup2(r0, r1) execve(&(0x7f00000000c0)="e91f7189591e9233614b00", &(0x7f0000000140), &(0x7f0000001580)) fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000180)='trusted.overlay.redirect\x00', &(0x7f00000001c0)="e91f7189591e9233614b2f66696c653000", 0x11, 0x1) ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000002c0)="5693ecf7f5846de240ffbd4a0797b9e89b97695dfe02f7ad540b4fc16c1683e160854165823cd8a2319ee76b82fdaa67d981ce55cca488ce4e6acac682159922a892b1ce47f887bd0e2441b1e08fd26dd753851f1e92568b41b31913f711478c8213e4d7384fd05874a67ba9") [ 230.161519] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 230.422474] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 230.446982] IPVS: ftp: loaded support on port[0] = 21 [ 230.741752] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 230.748841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.973673] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 230.980770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 231.699063] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.707720] team0: Port device team_slave_0 added [ 231.982887] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.991432] team0: Port device team_slave_1 added [ 232.222878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.229942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.238984] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 232.473152] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 232.480245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 232.489353] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.718226] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.726072] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.735199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.884329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.892328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.901403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.465726] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.472374] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.481115] device bridge_slave_0 entered promiscuous mode [ 234.714433] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.720945] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.729572] device bridge_slave_1 entered promiscuous mode [ 234.970729] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 235.236482] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 235.754888] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.761442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.768748] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.775344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.785048] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 235.931034] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.093492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.168740] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.408825] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 236.416424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 21:34:58 executing program 3: r0 = socket(0x2000000011, 0x3, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaa00ffffffffffff0806000186dd"], 0x0) set_robust_list(0x0, 0x0) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0) [ 236.696882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 236.704067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.500376] IPVS: ftp: loaded support on port[0] = 21 [ 237.655904] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 237.664676] team0: Port device team_slave_0 added [ 237.936856] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 237.945476] team0: Port device team_slave_1 added [ 238.223991] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 238.231079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.240208] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.537528] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 238.544908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.554131] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.836309] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 238.844189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.853475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.144011] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 239.151607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.161008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.267679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.778987] ip (7224) used greatest stack depth: 53840 bytes left [ 240.475032] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.513789] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.520173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.528516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.387531] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.394205] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.402926] device bridge_slave_0 entered promiscuous mode [ 242.547627] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.554240] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.561361] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.567993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.577404] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 242.609360] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.709905] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.716704] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.725480] device bridge_slave_1 entered promiscuous mode [ 242.981889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 243.045679] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 243.271851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 244.118878] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 244.396983] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 244.694838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 244.702059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.999627] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 245.006846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.856541] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 245.865218] team0: Port device team_slave_0 added [ 246.191213] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 246.199982] team0: Port device team_slave_1 added 21:35:08 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000100)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") mknod(&(0x7f0000000300)='./file0\x00', 0x1044, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000002c0)=""/11, 0xb) r1 = creat(&(0x7f0000000080)="e91f7189591e9233614b00", 0x109) dup2(r0, r1) execve(&(0x7f0000000240)="e91f7189591e9233614b00", 0x0, 0x0) open$dir(&(0x7f00000001c0)='./file0\x00', 0x841, 0x0) clone(0x3102001ff0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)="e91f7189591e9233614b2f66696c653000", 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) [ 246.515613] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 246.523580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.532765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.812502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 246.819589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.828688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 247.125495] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 247.134055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 247.143493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.503818] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 247.511485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.521422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.922679] IPVS: ftp: loaded support on port[0] = 21 [ 248.673334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.117593] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 21:35:12 executing program 0: accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYBLOB="9d0007000000d791b848f4f5e3782a961d1db344659b1347a4202e9efeb1582af923e0bc76ffffffff70c44f4e3d24f326012a7446cef3f363dd12f6ecca4f646ff64be8721497fd7a158d0094731c9d72868ef306e756c9c6a10dcde9ea1f1301740df76eb9c5dd69487de456335fb6dac9b4f893dd66deb4e30af92fe5aee41a223ad012b954699eb9099cbd252023"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x214, 0xfffffffffffffffb) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x8000) [ 250.434123] Option 'à¼vÿÿÿÿpÄON' to dns_resolver key: bad/missing value 21:35:12 executing program 0: accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYBLOB="9d0007000000d791b848f4f5e3782a961d1db344659b1347a4202e9efeb1582af923e0bc76ffffffff70c44f4e3d24f326012a7446cef3f363dd12f6ecca4f646ff64be8721497fd7a158d0094731c9d72868ef306e756c9c6a10dcde9ea1f1301740df76eb9c5dd69487de456335fb6dac9b4f893dd66deb4e30af92fe5aee41a223ad012b954699eb9099cbd252023"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x214, 0xfffffffffffffffb) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x8000) [ 250.865300] Option 'à¼vÿÿÿÿpÄON' to dns_resolver key: bad/missing value 21:35:13 executing program 0: accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYBLOB="9d0007000000d791b848f4f5e3782a961d1db344659b1347a4202e9efeb1582af923e0bc76ffffffff70c44f4e3d24f326012a7446cef3f363dd12f6ecca4f646ff64be8721497fd7a158d0094731c9d72868ef306e756c9c6a10dcde9ea1f1301740df76eb9c5dd69487de456335fb6dac9b4f893dd66deb4e30af92fe5aee41a223ad012b954699eb9099cbd252023"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x214, 0xfffffffffffffffb) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x8000) [ 251.332968] Option 'à¼vÿÿÿÿpÄON' to dns_resolver key: bad/missing value [ 251.384666] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 251.391057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 251.399155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 21:35:13 executing program 0: accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYBLOB="9d0007000000d791b848f4f5e3782a961d1db344659b1347a4202e9efeb1582af923e0bc76ffffffff70c44f4e3d24f326012a7446cef3f363dd12f6ecca4f646ff64be8721497fd7a158d0094731c9d72868ef306e756c9c6a10dcde9ea1f1301740df76eb9c5dd69487de456335fb6dac9b4f893dd66deb4e30af92fe5aee41a223ad012b954699eb9099cbd252023"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x214, 0xfffffffffffffffb) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x0, 0x8000) [ 251.625865] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.632506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.639618] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.646294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.655242] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.917801] Option 'à¼vÿÿÿÿpÄON' to dns_resolver key: bad/missing value 21:35:14 executing program 0: accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYBLOB="9d0007000000d791b848f4f5e3782a961d1db344659b1347a4202e9efeb1582af923e0bc76ffffffff70c44f4e3d24f326012a7446cef3f363dd12f6ecca4f646ff64be8721497fd7a158d0094731c9d72868ef306e756c9c6a10dcde9ea1f1301740df76eb9c5dd69487de456335fb6dac9b4f893dd66deb4e30af92fe5aee41a223ad012b954699eb9099cbd252023"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x214, 0xfffffffffffffffb) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 21:35:14 executing program 0: accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYBLOB="9d0007000000d791b848f4f5e3782a961d1db344659b1347a4202e9efeb1582af923e0bc76ffffffff70c44f4e3d24f326012a7446cef3f363dd12f6ecca4f646ff64be8721497fd7a158d0094731c9d72868ef306e756c9c6a10dcde9ea1f1301740df76eb9c5dd69487de456335fb6dac9b4f893dd66deb4e30af92fe5aee41a223ad012b954699eb9099cbd252023"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x214, 0xfffffffffffffffb) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) [ 252.328696] Option 'à¼vÿÿÿÿpÄON' to dns_resolver key: bad/missing value [ 252.412244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.537917] Option 'à¼vÿÿÿÿpÄON' to dns_resolver key: bad/missing value 21:35:14 executing program 0: accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYBLOB="9d0007000000d791b848f4f5e3782a961d1db344659b1347a4202e9efeb1582af923e0bc76ffffffff70c44f4e3d24f326012a7446cef3f363dd12f6ecca4f646ff64be8721497fd7a158d0094731c9d72868ef306e756c9c6a10dcde9ea1f1301740df76eb9c5dd69487de456335fb6dac9b4f893dd66deb4e30af92fe5aee41a223ad012b954699eb9099cbd252023"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x214, 0xfffffffffffffffb) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) [ 252.793862] Option 'à¼vÿÿÿÿpÄON' to dns_resolver key: bad/missing value [ 252.912855] 8021q: adding VLAN 0 to HW filter on device team0 21:35:15 executing program 0: accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYBLOB="9d0007000000d791b848f4f5e3782a961d1db344659b1347a4202e9efeb1582af923e0bc76ffffffff70c44f4e3d24f326012a7446cef3f363dd12f6ecca4f646ff64be8721497fd7a158d0094731c9d72868ef306e756c9c6a10dcde9ea1f1301740df76eb9c5dd69487de456335fb6dac9b4f893dd66deb4e30af92fe5aee41a223ad012b954699eb9099cbd252023"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x214, 0xfffffffffffffffb) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 253.156112] Option 'à¼vÿÿÿÿpÄON' to dns_resolver key: bad/missing value [ 253.869395] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.876092] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.884823] device bridge_slave_0 entered promiscuous mode [ 254.174987] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.181505] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.190331] device bridge_slave_1 entered promiscuous mode [ 254.507139] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 254.809355] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 255.667986] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 255.866228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.990946] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 256.304612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 256.341990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 256.610333] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 256.617531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 256.964078] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 257.665192] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 257.674009] team0: Port device team_slave_0 added [ 257.994369] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 258.000746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.008865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 258.055071] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 258.063714] team0: Port device team_slave_1 added [ 258.306109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 258.313296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 258.322329] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 258.573607] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 258.580837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 258.589815] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 258.821361] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 258.829250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 258.838388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 258.968200] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.105234] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 259.113175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 259.122274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 21:35:21 executing program 1: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)=@sco={0x1f, {0x608}}, 0x80, 0x0}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f00000004c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000500)="c1bbf9010000000000881ee4ac141411e0", 0x11}], 0x1}, 0x0) [ 259.943662] ================================================================== [ 259.951091] BUG: KMSAN: uninit-value in __neigh_create+0x2698/0x2b00 [ 259.957602] CPU: 0 PID: 7828 Comm: syz-executor1 Not tainted 4.20.0-rc5+ #111 [ 259.964883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.974501] Call Trace: [ 259.977113] dump_stack+0x284/0x3b0 [ 259.980759] ? __neigh_create+0x2698/0x2b00 [ 259.985113] kmsan_report+0x12d/0x290 [ 259.988941] __msan_warning+0x76/0xc0 [ 259.992766] __neigh_create+0x2698/0x2b00 [ 259.996946] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 260.002348] ip_finish_output2+0xa28/0x1590 [ 260.006705] ip_finish_output+0xd84/0x10a0 [ 260.010974] ip_output+0x559/0x620 [ 260.014543] ? ip_mc_finish_output+0x410/0x410 [ 260.019135] ? ip_finish_output+0x10a0/0x10a0 [ 260.023815] ip_local_out+0x164/0x1d0 [ 260.027633] iptunnel_xmit+0x8d3/0xe20 [ 260.031554] ip_tunnel_xmit+0x38f6/0x3cb0 [ 260.035754] ipgre_xmit+0xe8e/0xfd0 [ 260.039409] ? ipgre_close+0x230/0x230 [ 260.043314] dev_hard_start_xmit+0x6a8/0xd80 [ 260.047755] __dev_queue_xmit+0x2e9d/0x3ad0 [ 260.052115] dev_queue_xmit+0x4b/0x60 [ 260.055923] ? __netdev_pick_tx+0x1390/0x1390 [ 260.060428] packet_sendmsg+0x83bb/0x9070 [ 260.064605] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 260.070065] ? rw_copy_check_uvector+0x149/0x6b0 [ 260.074830] ? __msan_poison_alloca+0x1e0/0x270 [ 260.079521] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 260.084898] ? aa_sk_perm+0x7ab/0x9e0 [ 260.088759] ___sys_sendmsg+0xdbc/0x11d0 [ 260.092850] ? compat_packet_setsockopt+0x360/0x360 [ 260.097917] __se_sys_sendmsg+0x305/0x460 [ 260.102096] __x64_sys_sendmsg+0x4a/0x70 [ 260.106172] do_syscall_64+0xcd/0x110 [ 260.110001] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 260.115200] RIP: 0033:0x457569 [ 260.118407] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 260.137326] RSP: 002b:00007f10f267fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 260.145052] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 260.152338] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 260.159617] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 260.166895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10f26806d4 [ 260.174180] R13: 00000000004c3f7d R14: 00000000004d65d8 R15: 00000000ffffffff [ 260.181467] [ 260.183098] Uninit was created at: [ 260.186633] No stack [ 260.188956] ================================================================== [ 260.196314] Disabling lock debugging due to kernel taint [ 260.201763] Kernel panic - not syncing: panic_on_warn set ... [ 260.207661] CPU: 0 PID: 7828 Comm: syz-executor1 Tainted: G B 4.20.0-rc5+ #111 [ 260.216332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 260.225690] Call Trace: [ 260.228308] dump_stack+0x284/0x3b0 [ 260.231961] panic+0x533/0xb02 [ 260.235207] kmsan_report+0x290/0x290 [ 260.239032] __msan_warning+0x76/0xc0 [ 260.242863] __neigh_create+0x2698/0x2b00 [ 260.247044] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 260.252447] ip_finish_output2+0xa28/0x1590 [ 260.256809] ip_finish_output+0xd84/0x10a0 [ 260.261074] ip_output+0x559/0x620 [ 260.264646] ? ip_mc_finish_output+0x410/0x410 [ 260.269245] ? ip_finish_output+0x10a0/0x10a0 [ 260.273774] ip_local_out+0x164/0x1d0 [ 260.277595] iptunnel_xmit+0x8d3/0xe20 [ 260.281525] ip_tunnel_xmit+0x38f6/0x3cb0 [ 260.285727] ipgre_xmit+0xe8e/0xfd0 [ 260.289382] ? ipgre_close+0x230/0x230 [ 260.293302] dev_hard_start_xmit+0x6a8/0xd80 [ 260.297752] __dev_queue_xmit+0x2e9d/0x3ad0 [ 260.302123] dev_queue_xmit+0x4b/0x60 [ 260.305939] ? __netdev_pick_tx+0x1390/0x1390 [ 260.310450] packet_sendmsg+0x83bb/0x9070 [ 260.314628] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 260.320097] ? rw_copy_check_uvector+0x149/0x6b0 [ 260.324864] ? __msan_poison_alloca+0x1e0/0x270 [ 260.329569] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 260.334947] ? aa_sk_perm+0x7ab/0x9e0 [ 260.338799] ___sys_sendmsg+0xdbc/0x11d0 [ 260.342877] ? compat_packet_setsockopt+0x360/0x360 [ 260.347948] __se_sys_sendmsg+0x305/0x460 [ 260.352128] __x64_sys_sendmsg+0x4a/0x70 [ 260.356209] do_syscall_64+0xcd/0x110 [ 260.360026] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 260.365221] RIP: 0033:0x457569 [ 260.368501] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 260.387498] RSP: 002b:00007f10f267fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 260.395231] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 260.402529] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 260.409815] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 260.417100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10f26806d4 [ 260.424384] R13: 00000000004c3f7d R14: 00000000004d65d8 R15: 00000000ffffffff [ 260.432887] Kernel Offset: disabled [ 260.436515] Rebooting in 86400 seconds..