[ 60.939438] audit: type=1800 audit(1541381791.982:25): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 60.958833] audit: type=1800 audit(1541381792.002:26): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 60.978518] audit: type=1800 audit(1541381792.012:27): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 62.370505] sshd (6280) used greatest stack depth: 53712 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. 2018/11/05 01:36:46 fuzzer started 2018/11/05 01:36:51 dialing manager at 10.128.0.26:38635 2018/11/05 01:36:51 syscalls: 1 2018/11/05 01:36:51 code coverage: enabled 2018/11/05 01:36:51 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/05 01:36:51 setuid sandbox: enabled 2018/11/05 01:36:51 namespace sandbox: enabled 2018/11/05 01:36:51 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/05 01:36:51 fault injection: enabled 2018/11/05 01:36:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/05 01:36:51 net packed injection: enabled 2018/11/05 01:36:51 net device setup: enabled 01:39:49 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000c00)=@broute={'broute\x00', 0x20, 0x3, 0x2e0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000040], 0x0, &(0x7f0000000000), &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000110000000000000000000000ffffffff020000000d0000000000000000006e7230000000000000000000000000006970366772657461703000000000000073797a6b616c6c65723100000000000069703667726574617030000000000000aaaaaaaaaabb000000000000aaaaaaaaaa000000000000000000b0000000b0000000e000000074696d65000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000330000434c415353494659000000000000000000000000000000000000000000000000080000000000000000000000000000001100000000000000000069726c616e30000000000000000000006c6f00000000000000000000000000007465716c3000000000000000000000007465616d5f736c6176655f3100000000aaaaaaaaaa00000000000000aaaaaaaaaa0000000000000000007000000070000000b80000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000fcffffff000000000000000000000000000000000000000000df00000000000000000000000000000000000002000000ffffffff01000000130000000000000000007465716c30000000000000000000000069726c616e30000000000000000000006272696467655f736c6176655f31000062726964676530000000000000000000aaaaaaaaaabb0000000000000180c200000000000000000000007000000070000000b80000005241544545535400000000000000000000000000000000000000000000000000200000000000000073797a3100000000000000000000000000000000000000000000000000000000"]}, 0x358) syzkaller login: [ 259.243985] IPVS: ftp: loaded support on port[0] = 21 [ 261.232823] ip (6405) used greatest stack depth: 53696 bytes left [ 261.658595] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.665270] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.674098] device bridge_slave_0 entered promiscuous mode [ 261.817034] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.823701] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.832560] device bridge_slave_1 entered promiscuous mode [ 261.973028] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 262.112772] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 262.418120] ip (6421) used greatest stack depth: 53664 bytes left [ 262.558997] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 262.703843] bond0: Enslaving bond_slave_1 as an active interface with an up link 01:39:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400218) getrandom(&(0x7f0000000300)=""/174, 0xfffffffffffffde5, 0x2) [ 262.986404] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 262.993645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 263.581049] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 263.589598] team0: Port device team_slave_0 added [ 263.739114] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 263.747247] team0: Port device team_slave_1 added [ 263.840105] IPVS: ftp: loaded support on port[0] = 21 [ 264.004710] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 264.230408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 264.237630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 264.246834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 264.493237] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 264.500916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 264.510569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 264.733378] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 264.741040] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 264.750637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 265.848901] ip (6477) used greatest stack depth: 53216 bytes left [ 267.509085] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.515758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.523249] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.529858] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.539213] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 267.714261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 267.844279] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.850786] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.859741] device bridge_slave_0 entered promiscuous mode [ 268.039548] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.046144] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.054889] device bridge_slave_1 entered promiscuous mode [ 268.215246] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 268.420799] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 269.138854] bond0: Enslaving bond_slave_0 as an active interface with an up link 01:40:00 executing program 2: r0 = socket(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000c0], 0x0, &(0x7f0000000000), &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000030800000000000000006970360000653000000000000000000073797a6b616c6c65723100000000000069703603c56c3000000000000000000001616d61000000004ab2cec800000000aaaaaaaaaabb000000000000aaaaaaaaaabb00000000000000007000000070000000e80000006e666c6f770000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000339ebc4bb0c0fba43162d5c302d891b307544d821a0dcb492ba4aa23baaca6e53f392b79c58e0581db804208237c3df1c60b6b34da2747cd3200fbb3845112260000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fcffffff00000000"]}, 0x1f0) [ 269.405490] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 269.682146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 269.692548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 270.036600] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 270.043806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 270.202090] IPVS: ftp: loaded support on port[0] = 21 [ 270.921073] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 270.929373] team0: Port device team_slave_0 added [ 271.166566] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 271.174837] team0: Port device team_slave_1 added [ 271.421631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 271.428905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 271.437869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 271.706426] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 271.714145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 271.723090] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 271.966289] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 271.974506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 271.983693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 272.208460] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 272.216299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 272.225576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 275.098262] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.104989] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.113812] device bridge_slave_0 entered promiscuous mode [ 275.432282] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.438771] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.447774] device bridge_slave_1 entered promiscuous mode [ 275.476904] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.483495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.490547] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.497192] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.506160] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 275.622675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 275.787846] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 276.114510] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 276.909899] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 277.194900] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 277.546463] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 277.553724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 277.779380] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 277.787269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 278.586559] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 278.594657] team0: Port device team_slave_0 added [ 278.848730] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 278.856967] team0: Port device team_slave_1 added 01:40:10 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r1, &(0x7f0000000040)={'exec ', '&&\x00'}, 0xfffffed1) [ 279.227186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 279.234396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 279.243315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 279.554377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 279.666178] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 279.673435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 279.682362] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 279.917964] ip (6758) used greatest stack depth: 53072 bytes left [ 280.042524] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 280.050201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 280.059302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 280.245277] IPVS: ftp: loaded support on port[0] = 21 [ 280.420936] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 280.428829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 280.438243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 280.809390] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 282.134028] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 282.140464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 282.148464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 283.521218] 8021q: adding VLAN 0 to HW filter on device team0 [ 284.420525] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.427096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.434239] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.440737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.449822] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 284.457127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 286.415127] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.421611] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.430433] device bridge_slave_0 entered promiscuous mode [ 286.797388] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.804169] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.813012] device bridge_slave_1 entered promiscuous mode [ 287.160714] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 287.539148] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 287.998776] not chained 10000 origins [ 288.002644] CPU: 0 PID: 6945 Comm: ip Not tainted 4.19.0+ #77 [ 288.008541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.017904] Call Trace: [ 288.020526] dump_stack+0x32d/0x480 [ 288.024186] ? save_stack_trace+0xc6/0x110 [ 288.028463] kmsan_internal_chain_origin+0x222/0x240 [ 288.033592] ? br_port_fill_attrs+0x42b/0x1ea0 [ 288.038203] ? ___sys_recvmsg+0x444/0xae0 [ 288.042369] ? __se_sys_recvmsg+0x2fa/0x450 [ 288.046719] ? __x64_sys_recvmsg+0x4a/0x70 [ 288.050980] ? do_syscall_64+0xcf/0x110 [ 288.054981] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.060372] ? kmsan_internal_chain_origin+0x136/0x240 [ 288.065674] ? __msan_chain_origin+0x6d/0xd0 [ 288.070107] ? __save_stack_trace+0x8be/0xc60 [ 288.074626] ? save_stack_trace+0xc6/0x110 [ 288.078879] ? kmsan_internal_chain_origin+0x136/0x240 [ 288.084175] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 288.088869] ? __msan_memcpy+0x6f/0x80 [ 288.092780] ? nla_put+0x20a/0x2d0 [ 288.096340] ? br_port_fill_attrs+0x366/0x1ea0 [ 288.100946] ? br_port_fill_slave_info+0xff/0x120 [ 288.105807] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 288.110326] ? rtnl_dump_ifinfo+0xbe5/0x19b0 [ 288.114757] ? netlink_dump+0xb09/0x1750 [ 288.118835] ? netlink_recvmsg+0xec2/0x19d0 [ 288.123180] ? sock_recvmsg+0x1d1/0x230 [ 288.127173] ? ___sys_recvmsg+0x444/0xae0 [ 288.131343] ? __se_sys_recvmsg+0x2fa/0x450 [ 288.135682] ? __x64_sys_recvmsg+0x4a/0x70 [ 288.139944] ? do_syscall_64+0xcf/0x110 [ 288.143946] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.149350] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 288.154745] ? __module_address+0x6a/0x610 [ 288.159021] ? get_stack_info+0x863/0x9d0 [ 288.163207] __msan_chain_origin+0x6d/0xd0 [ 288.167478] ? netlink_dump+0xb09/0x1750 [ 288.171569] __save_stack_trace+0x8be/0xc60 [ 288.175946] ? netlink_dump+0xb09/0x1750 [ 288.180038] save_stack_trace+0xc6/0x110 [ 288.184133] kmsan_internal_chain_origin+0x136/0x240 [ 288.189276] ? kmsan_internal_chain_origin+0x136/0x240 [ 288.194578] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 288.199272] ? __msan_memcpy+0x6f/0x80 [ 288.203179] ? nla_put+0x20a/0x2d0 [ 288.206755] ? br_port_fill_attrs+0x42b/0x1ea0 [ 288.211366] ? br_port_fill_slave_info+0xff/0x120 [ 288.216284] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 288.220802] ? rtnl_dump_ifinfo+0xbe5/0x19b0 [ 288.225231] ? netlink_dump+0xb09/0x1750 [ 288.229315] ? netlink_recvmsg+0xec2/0x19d0 [ 288.233666] ? sock_recvmsg+0x1d1/0x230 [ 288.237668] ? ___sys_recvmsg+0x444/0xae0 [ 288.241838] ? __se_sys_recvmsg+0x2fa/0x450 [ 288.246183] ? __x64_sys_recvmsg+0x4a/0x70 [ 288.250445] ? do_syscall_64+0xcf/0x110 [ 288.254455] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.259856] ? __msan_poison_alloca+0x1e0/0x2b0 [ 288.264577] ? kmsan_set_origin+0x83/0x130 [ 288.268839] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 288.274237] kmsan_memcpy_origins+0x13d/0x1b0 [ 288.278772] __msan_memcpy+0x6f/0x80 [ 288.282519] nla_put+0x20a/0x2d0 [ 288.285924] br_port_fill_attrs+0x42b/0x1ea0 [ 288.290372] br_port_fill_slave_info+0xff/0x120 [ 288.295089] ? br_port_get_slave_size+0x30/0x30 [ 288.299786] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 288.304190] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 288.308573] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 288.313977] ? rtnl_getlink+0xde0/0xde0 [ 288.317973] netlink_dump+0xb09/0x1750 [ 288.321911] netlink_recvmsg+0xec2/0x19d0 [ 288.326128] sock_recvmsg+0x1d1/0x230 [ 288.329960] ? netlink_sendmsg+0x1440/0x1440 [ 288.334403] ___sys_recvmsg+0x444/0xae0 [ 288.338449] ? __msan_poison_alloca+0x1e0/0x2b0 [ 288.343171] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 288.348558] ? __fdget+0x23c/0x440 [ 288.352137] __se_sys_recvmsg+0x2fa/0x450 [ 288.356346] __x64_sys_recvmsg+0x4a/0x70 [ 288.360444] do_syscall_64+0xcf/0x110 [ 288.364277] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.369494] RIP: 0033:0x7f9be5518210 [ 288.373230] Code: 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 90 83 3d e5 d3 2a 00 00 75 10 b8 2f 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e bb 00 00 48 89 04 24 [ 288.392191] RSP: 002b:00007ffc7cb3cd78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 288.399927] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9be5518210 [ 288.407216] RDX: 0000000000000000 RSI: 00007ffc7cb3cdc0 RDI: 0000000000000003 [ 288.414511] RBP: 0000000000001c24 R08: 00007f9be57c1ec8 R09: 00007f9be555ec00 [ 288.421797] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006395c0 [ 288.429090] R13: 00007ffc7cb40e50 R14: 0000000000001c24 R15: 00007ffc7cb3ea24 [ 288.436394] Uninit was stored to memory at: [ 288.440757] kmsan_internal_chain_origin+0x136/0x240 [ 288.445882] __msan_chain_origin+0x6d/0xd0 [ 288.450137] __save_stack_trace+0x8be/0xc60 [ 288.454480] save_stack_trace+0xc6/0x110 [ 288.459078] kmsan_internal_chain_origin+0x136/0x240 [ 288.464204] kmsan_memcpy_origins+0x13d/0x1b0 [ 288.468729] __msan_memcpy+0x6f/0x80 [ 288.472465] nla_put+0x20a/0x2d0 [ 288.475853] br_port_fill_attrs+0x366/0x1ea0 [ 288.480282] br_port_fill_slave_info+0xff/0x120 [ 288.484969] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 288.489311] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 288.493569] netlink_dump+0xb09/0x1750 [ 288.497473] netlink_recvmsg+0xec2/0x19d0 [ 288.501643] sock_recvmsg+0x1d1/0x230 [ 288.505466] ___sys_recvmsg+0x444/0xae0 [ 288.509468] __se_sys_recvmsg+0x2fa/0x450 [ 288.513658] __x64_sys_recvmsg+0x4a/0x70 [ 288.517742] do_syscall_64+0xcf/0x110 [ 288.521560] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.526771] [ 288.528450] Uninit was stored to memory at: [ 288.532875] kmsan_internal_chain_origin+0x136/0x240 [ 288.538008] __msan_chain_origin+0x6d/0xd0 [ 288.542260] __save_stack_trace+0x8be/0xc60 [ 288.546603] save_stack_trace+0xc6/0x110 [ 288.550688] kmsan_internal_chain_origin+0x136/0x240 [ 288.555815] kmsan_memcpy_origins+0x13d/0x1b0 [ 288.560331] __msan_memcpy+0x6f/0x80 [ 288.564066] nla_put+0x20a/0x2d0 [ 288.567462] br_port_fill_attrs+0x366/0x1ea0 [ 288.571888] br_port_fill_slave_info+0xff/0x120 [ 288.576580] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 288.580922] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 288.585176] netlink_dump+0xb09/0x1750 [ 288.589082] netlink_recvmsg+0xec2/0x19d0 [ 288.593253] sock_recvmsg+0x1d1/0x230 [ 288.597072] ___sys_recvmsg+0x444/0xae0 [ 288.601064] __se_sys_recvmsg+0x2fa/0x450 [ 288.605229] __x64_sys_recvmsg+0x4a/0x70 [ 288.609306] do_syscall_64+0xcf/0x110 [ 288.613129] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.618327] [ 288.619960] Uninit was stored to memory at: [ 288.624321] kmsan_internal_chain_origin+0x136/0x240 [ 288.629606] __msan_chain_origin+0x6d/0xd0 [ 288.633863] __save_stack_trace+0x8be/0xc60 [ 288.638206] save_stack_trace+0xc6/0x110 [ 288.642291] kmsan_internal_chain_origin+0x136/0x240 [ 288.647413] kmsan_memcpy_origins+0x13d/0x1b0 [ 288.651944] __msan_memcpy+0x6f/0x80 [ 288.655681] nla_put+0x20a/0x2d0 [ 288.659073] br_port_fill_attrs+0x366/0x1ea0 [ 288.663529] br_port_fill_slave_info+0xff/0x120 [ 288.668223] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 288.672565] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 288.676815] netlink_dump+0xb09/0x1750 [ 288.680728] netlink_recvmsg+0xec2/0x19d0 [ 288.684904] sock_recvmsg+0x1d1/0x230 [ 288.688725] ___sys_recvmsg+0x444/0xae0 [ 288.692722] __se_sys_recvmsg+0x2fa/0x450 [ 288.696893] __x64_sys_recvmsg+0x4a/0x70 [ 288.700975] do_syscall_64+0xcf/0x110 [ 288.704800] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.709993] [ 288.711629] Uninit was stored to memory at: [ 288.715978] kmsan_internal_chain_origin+0x136/0x240 [ 288.721102] __msan_chain_origin+0x6d/0xd0 [ 288.725362] __save_stack_trace+0x8be/0xc60 [ 288.729714] save_stack_trace+0xc6/0x110 [ 288.733800] kmsan_internal_chain_origin+0x136/0x240 [ 288.738922] kmsan_memcpy_origins+0x13d/0x1b0 [ 288.743449] __msan_memcpy+0x6f/0x80 [ 288.747181] nla_put+0x20a/0x2d0 [ 288.750572] br_port_fill_attrs+0x366/0x1ea0 [ 288.755005] br_port_fill_slave_info+0xff/0x120 [ 288.759694] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 288.764041] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 288.768294] netlink_dump+0xb09/0x1750 [ 288.772195] netlink_recvmsg+0xec2/0x19d0 [ 288.776365] sock_recvmsg+0x1d1/0x230 [ 288.780180] ___sys_recvmsg+0x444/0xae0 [ 288.784175] __se_sys_recvmsg+0x2fa/0x450 [ 288.788340] __x64_sys_recvmsg+0x4a/0x70 [ 288.792427] do_syscall_64+0xcf/0x110 [ 288.796249] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.801453] [ 288.803086] Uninit was stored to memory at: [ 288.807438] kmsan_internal_chain_origin+0x136/0x240 [ 288.812567] __msan_chain_origin+0x6d/0xd0 [ 288.816823] __save_stack_trace+0x8be/0xc60 [ 288.821159] save_stack_trace+0xc6/0x110 [ 288.825255] kmsan_internal_chain_origin+0x136/0x240 [ 288.830377] kmsan_memcpy_origins+0x13d/0x1b0 [ 288.834907] __msan_memcpy+0x6f/0x80 [ 288.838645] nla_put+0x20a/0x2d0 [ 288.842030] br_port_fill_attrs+0x366/0x1ea0 [ 288.846467] br_port_fill_slave_info+0xff/0x120 [ 288.851160] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 288.855501] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 288.859778] netlink_dump+0xb09/0x1750 [ 288.863686] netlink_recvmsg+0xec2/0x19d0 [ 288.867860] sock_recvmsg+0x1d1/0x230 [ 288.871680] ___sys_recvmsg+0x444/0xae0 [ 288.875678] __se_sys_recvmsg+0x2fa/0x450 [ 288.879849] __x64_sys_recvmsg+0x4a/0x70 [ 288.883942] do_syscall_64+0xcf/0x110 [ 288.887763] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.892956] [ 288.894593] Uninit was stored to memory at: [ 288.898939] kmsan_internal_chain_origin+0x136/0x240 [ 288.904062] __msan_chain_origin+0x6d/0xd0 [ 288.908319] __save_stack_trace+0x8be/0xc60 [ 288.912660] save_stack_trace+0xc6/0x110 [ 288.916750] kmsan_internal_chain_origin+0x136/0x240 [ 288.921878] kmsan_memcpy_origins+0x13d/0x1b0 [ 288.926395] __msan_memcpy+0x6f/0x80 [ 288.930140] nla_put+0x20a/0x2d0 [ 288.933525] br_port_fill_attrs+0x366/0x1ea0 [ 288.937955] br_port_fill_slave_info+0xff/0x120 [ 288.942641] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 288.946985] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 288.951239] netlink_dump+0xb09/0x1750 [ 288.955149] netlink_recvmsg+0xec2/0x19d0 [ 288.959322] sock_recvmsg+0x1d1/0x230 [ 288.963141] ___sys_recvmsg+0x444/0xae0 [ 288.967133] __se_sys_recvmsg+0x2fa/0x450 [ 288.971301] __x64_sys_recvmsg+0x4a/0x70 [ 288.975384] do_syscall_64+0xcf/0x110 [ 288.979216] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 288.984409] [ 288.986058] Uninit was stored to memory at: [ 288.990397] kmsan_internal_chain_origin+0x136/0x240 [ 288.995529] __msan_chain_origin+0x6d/0xd0 [ 288.999788] __save_stack_trace+0x8be/0xc60 [ 289.004126] save_stack_trace+0xc6/0x110 [ 289.008206] kmsan_internal_chain_origin+0x136/0x240 [ 289.013336] kmsan_memcpy_origins+0x13d/0x1b0 [ 289.017852] __msan_memcpy+0x6f/0x80 [ 289.021584] nla_put+0x20a/0x2d0 [ 289.024971] br_port_fill_attrs+0x366/0x1ea0 [ 289.029399] br_port_fill_slave_info+0xff/0x120 [ 289.034099] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 289.038448] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 289.042700] netlink_dump+0xb09/0x1750 [ 289.046612] netlink_recvmsg+0xec2/0x19d0 01:40:20 executing program 4: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) sendfile(r0, r0, &(0x7f0000000540), 0x27) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000180)) [ 289.050778] sock_recvmsg+0x1d1/0x230 [ 289.054596] ___sys_recvmsg+0x444/0xae0 [ 289.058594] __se_sys_recvmsg+0x2fa/0x450 [ 289.062762] __x64_sys_recvmsg+0x4a/0x70 [ 289.066842] do_syscall_64+0xcf/0x110 [ 289.070664] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 289.075867] [ 289.077507] Local variable description: ----c.i.i@should_fail [ 289.083395] Variable was created at: [ 289.087136] should_fail+0x162/0x13c0 [ 289.090967] __alloc_pages_nodemask+0x6fd/0x6640 [ 289.586561] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 289.983268] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 290.409818] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 290.417066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 290.541155] IPVS: ftp: loaded support on port[0] = 21 [ 290.816936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.848501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 290.856237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 292.178288] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 292.186649] team0: Port device team_slave_0 added [ 292.478975] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 292.632600] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 292.640675] team0: Port device team_slave_1 added [ 292.997612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 293.005132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 293.014043] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 293.404410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 293.411522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 293.420539] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 293.846625] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 293.854734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 293.864048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 294.125547] xt_time: unknown flags 0x30 [ 294.262383] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 294.269081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 294.277316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 294.300803] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 01:40:25 executing program 0: semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000000)=[0x0, 0xffffffffffffffc0]) [ 294.352622] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 294.362046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 01:40:25 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000400)="0a5c2d0240316285717070") r1 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup(r1) ioctl$EVIOCGLED(r2, 0x80404519, &(0x7f00000002c0)=""/196) tee(r1, r1, 0x3323adfc, 0xf) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f000014f000)={&(0x7f00003c7ff4), 0xc, &(0x7f00000bfff0)={&(0x7f0000000140)=ANY=[@ANYBLOB="ffff0000000000000000b5cdd862bf323b560000000000000000000000000001e0000001000000000000000000000000000fb7a507239d4947000000000b00002d1e7b0f79b67bef0b0e7526f06a7ebc5e44f1733eb6868838f9708ed3fbf7f0bb3ebd3b13f243fed297ca7f5948824fff9d73314f26fe8adaa385ab95e57bcd5502bcfb0add25817a5ea5edca9409905e7634fa8512fd32a89eb9bbc0a3ea910d0dac09701db85dfedccec38da21655044ced188354d914ede788c3cdd9b4349e05e9cb89eeeffed6e3e85bea31cb96d2421d1862e3ea9dd230b7fd69484ac0cabc0c652d5f77f19cfc", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0xb8}}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@ipv4={[], [], @rand_addr}, 0x0, 0x1}, 0x20) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) 01:40:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000240)={@in6={{0xa, 0x0, 0x0, @local}}, 0x0, 0x7, 0x0, "4877bb1f56d48eb1fa5fac76a792a929a57f6062b013ec6b7a9ee231ea85a10000c8fdf3bcaf6c5bb203dab4011d7c6096609012d3e979295204aea5020f3f6af0b1d2fb5a00eb0900"}, 0xd8) r1 = socket$nl_crypto(0x10, 0x3, 0x15) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000200)={0x1, 0x10001, 0x6, 0x2}, 0x10) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x8, 0x0, "1c56400ef08dc0d7f6ffea3199772f0577915623cdca191dcc06ee3e04cd4eb98b6e444bdb49a176ca0be49468681ed3a055edd05610db8ffb464f1417af72c5677bdc0183e8da9f6e9d0d8071771351"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}}, 0x0, 0x8, 0x0, "f6782e3db35d3bd9543caba4902f4b8371e1f8b1b4e36be8fe9812abe7f60b5ab4d05855aa62267c16467582307ab6ffccf7276e0c519faba488871221ec4d55e9cfff359e6fcdcd487dda9bbe088107"}, 0xd8) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vga_arbiter\x00', 0x200, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x18, &(0x7f0000000380)=0x8, 0x4) 01:40:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r1, &(0x7f00000030c0), 0x1000) pipe2(&(0x7f0000000040), 0x0) read$FUSE(r1, &(0x7f0000002000), 0x1000) mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0/file0\x00', &(0x7f00000001c0)='ceph\x00', 0xf000, 0x0) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) fcntl$getownex(r0, 0x10, &(0x7f0000000240)={0x0, 0x0}) process_vm_readv(r2, &(0x7f0000001b40)=[{&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f0000000280)=""/36, 0x24}, {&(0x7f00000002c0)=""/216, 0xd8}, {&(0x7f00000015c0)=""/163, 0xa3}, {&(0x7f0000001680)=""/210, 0xd2}, {&(0x7f0000001780)=""/149, 0x95}, {&(0x7f0000001840)=""/189, 0xbd}, {&(0x7f0000001900)=""/179, 0xb3}, {&(0x7f00000019c0)=""/173, 0xad}, {&(0x7f0000001a80)=""/147, 0x93}], 0xa, &(0x7f00000004c0)=[{&(0x7f00000003c0)=""/20, 0x14}, {&(0x7f0000000480)=""/47, 0x2f}], 0x2, 0x0) umount2(&(0x7f0000000180)='./file0\x00', 0xa) write$FUSE_DIRENT(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="90000000000000000200000000000000010000001400c6da0000000b000000000066ce656d316e6f246576656d31000002000000000000f386616a1a0a3c0000000000002c0e0000000000619fcd3823b7c94f5a3276ce8c9461000000000000051c0005000000000079737465746a48be1b31486dcc6370757365746367726f757024a3d030914ce145fe700471595c"], 0x90) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 296.003032] 8021q: adding VLAN 0 to HW filter on device team0 01:40:27 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl$SIOCGIFMTU(r0, 0x8921, &(0x7f0000000000)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) connect$l2tp(r0, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @rand_addr}, 0x4, 0x1}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r0, 0x40047452, &(0x7f0000000180)) socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000001700)={0x0, @in6={{0xa, 0x4e22, 0x0, @mcast2, 0x9}}, 0x2, 0x3, 0x7, 0x73, 0x38}, &(0x7f00000017c0)=0x98) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000001800)={r4, 0x7, 0xfffffffffffffffb, 0x2, 0x1, 0x9}, 0x14) 01:40:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) mmap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x0, 0x20011, r0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x14, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="11634840", @ANYRES64=0x0, @ANYBLOB="00ef000000000000"], 0x0, 0x0, &(0x7f0000000080)}) [ 297.185921] binder: 7144:7145 ioctl c0306201 200000c0 returned -14 [ 297.242593] binder: 7146:7145 ioctl c0306201 200000c0 returned -14 01:40:28 executing program 0: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x640200, 0x0) select(0x40, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x30c00, 0x3}, &(0x7f0000000240), &(0x7f00000003c0), &(0x7f0000000400)) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01dfdde80f32d9e90f086665676426f7c5000000000f2245deef0f23f5", 0x23}], 0x1, 0x0, &(0x7f0000000140), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000001c0)="0f0f280dbaf80c66b8561eac8666efbafc0cecd8d80f01720cbad10466ed26900f019d848066b92902000066b80800000066ba000000000f300f01d10f013b", 0x3f}], 0x1, 0x0, &(0x7f0000000300), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 297.753858] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 297.842878] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.849360] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.858233] device bridge_slave_0 entered promiscuous mode 01:40:29 executing program 0: unshare(0x8000400) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/vcs\x00', 0x0, 0x0) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x4) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, &(0x7f0000000000)) r2 = dup(r1) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB="090000000094881b1ac9c1f71a"], &(0x7f00000004c0)=0x11) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000500)={r3, 0x101, 0x10}, &(0x7f0000000580)=0xc) ioctl$KVM_GET_DEBUGREGS(r2, 0x8080aea1, &(0x7f00000005c0)) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)=""/193, &(0x7f0000000280)=""/97, &(0x7f0000000040)=""/127}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000700)=ANY=[]) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x800000000000000c, 0x810, r2, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x1, 0x0, &(0x7f0000000380)=""/115, &(0x7f0000000700)=""/156, &(0x7f0000000400)=""/185}) lseek(r1, 0x0, 0x3) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000540)=0x4) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000680)='/dev/qat_adf_ctl\x00', 0x84840, 0x0) ioctl$KVM_REINJECT_CONTROL(r2, 0xae71, &(0x7f0000000640)={0xfffffffffffffffa}) ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af13, &(0x7f0000000140)) [ 298.361150] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.367873] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.376548] device bridge_slave_1 entered promiscuous mode [ 298.834319] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 299.235243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 299.363451] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.369937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.377111] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.383640] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.392659] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 299.433807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 300.416206] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 300.839851] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 301.237980] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 301.245297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 301.637328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 301.644519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 302.318472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 302.628692] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 302.636925] team0: Port device team_slave_0 added [ 302.949146] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 302.957494] team0: Port device team_slave_1 added [ 303.289737] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 303.313086] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 303.320129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 303.329054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 303.545100] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 303.552406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 303.561109] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 303.850079] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 303.857967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 303.867316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 304.144621] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 304.152387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 304.161411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 304.425563] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 304.432109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 304.439898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:40:35 executing program 1: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000180)="d4", 0x1, 0xfffffffffffffffb) keyctl$assume_authority(0x10, r0) [ 305.354162] 8021q: adding VLAN 0 to HW filter on device team0 [ 307.131733] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.138297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 307.145462] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.151988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 307.160586] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 307.167339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 310.413732] kernel msg: ebtables bug: please report to author: Unknown flag for bitmask 01:40:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f00000001c0)=0x5) r1 = memfd_create(&(0x7f0000000600)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978ff1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f6497176df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee01400000000000000aed89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a000000000000000000000000000000002e671048a8c91ffc1edf46164b07408c371d21fdb0ef578fb8198d53ce72005345dc44d2980c798d513f376d9ae3cab07edb2aa7bfef7456a1949131a78c596959d2ec46ecb42fca977e5e6fd7341127e1ce06e1eb56fdaa19d314adea3d6ff21567a9caa7c6d6aa86cc03cf44fe0fd4a79fd80a135483db197df1a9ac9e56b9158532fdae61ffcb86643a0a8580375d96b496bca6e686804779fe8c1a56ceb268fdee2af0b3c3386fac9659a6817e8e8b406b7f88dd3c7d9183b05bffe3b9c650d7c98720efc94da7bc1ca47e9bee94022698301096965c0000000000", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000200)=',', 0x1}], 0x1, 0x4081806) bind$bt_rfcomm(r1, &(0x7f0000000040)={0x1f, {0x5, 0x3f, 0x3, 0x7, 0xdf, 0x80000000}, 0xca12}, 0xa) sendfile(r0, r1, &(0x7f00000000c0)=0x8, 0x20020102000007) ftruncate(r1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000000)={'filter\x00'}, &(0x7f0000000100)=0x24) [ 310.569240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 311.183960] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 311.402148] hrtimer: interrupt took 46875 ns [ 311.833277] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 311.839665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 311.847803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 312.390933] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.997012] not chained 20000 origins [ 314.000923] CPU: 0 PID: 7606 Comm: ip Not tainted 4.19.0+ #77 [ 314.006846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.016216] Call Trace: [ 314.018839] dump_stack+0x32d/0x480 [ 314.022510] ? save_stack_trace+0xc6/0x110 [ 314.026782] kmsan_internal_chain_origin+0x222/0x240 [ 314.031912] ? br_port_fill_attrs+0x366/0x1ea0 [ 314.036522] ? ___sys_recvmsg+0x444/0xae0 [ 314.040690] ? __se_sys_recvmsg+0x2fa/0x450 [ 314.045045] ? __x64_sys_recvmsg+0x4a/0x70 [ 314.049306] ? do_syscall_64+0xcf/0x110 [ 314.053298] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 314.058687] ? kmsan_internal_chain_origin+0x136/0x240 [ 314.063974] ? __msan_chain_origin+0x6d/0xd0 [ 314.068393] ? __save_stack_trace+0x8be/0xc60 [ 314.072888] ? save_stack_trace+0xc6/0x110 [ 314.077114] ? kmsan_internal_chain_origin+0x136/0x240 [ 314.082444] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 314.087121] ? __msan_memcpy+0x6f/0x80 [ 314.091003] ? nla_put+0x20a/0x2d0 [ 314.094539] ? br_port_fill_attrs+0x366/0x1ea0 [ 314.099113] ? br_port_fill_slave_info+0xff/0x120 [ 314.103947] ? rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 314.108440] ? rtnl_dump_ifinfo+0xbe5/0x19b0 [ 314.112840] ? netlink_dump+0xb09/0x1750 [ 314.116909] ? netlink_recvmsg+0xec2/0x19d0 [ 314.121238] ? sock_recvmsg+0x1d1/0x230 [ 314.125226] ? ___sys_recvmsg+0x444/0xae0 [ 314.129372] ? __se_sys_recvmsg+0x2fa/0x450 [ 314.133695] ? __x64_sys_recvmsg+0x4a/0x70 [ 314.137926] ? do_syscall_64+0xcf/0x110 [ 314.141905] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 314.147288] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 314.152646] ? __module_address+0x6a/0x610 [ 314.156887] ? get_stack_info+0x863/0x9d0 [ 314.161038] __msan_chain_origin+0x6d/0xd0 [ 314.165271] ? nla_put+0x20a/0x2d0 [ 314.168817] __save_stack_trace+0x8be/0xc60 [ 314.173164] ? nla_put+0x20a/0x2d0 [ 314.176721] save_stack_trace+0xc6/0x110 [ 314.180779] kmsan_internal_chain_origin+0x136/0x240 [ 314.185886] ? kmsan_internal_chain_origin+0x136/0x240 [ 314.191151] ? kmsan_memcpy_origins+0x13d/0x1b0 [ 314.195819] ? __msan_memcpy+0x6f/0x80 [ 314.199712] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 314.205102] ? __msan_poison_alloca+0x1e0/0x2b0 [ 314.209784] ? kmsan_set_origin+0x83/0x130 [ 314.214016] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 314.219395] kmsan_memcpy_origins+0x13d/0x1b0 [ 314.223901] __msan_memcpy+0x6f/0x80 [ 314.227612] nla_put+0x20a/0x2d0 [ 314.230982] br_port_fill_attrs+0x366/0x1ea0 [ 314.235393] br_port_fill_slave_info+0xff/0x120 [ 314.240081] ? br_port_get_slave_size+0x30/0x30 [ 314.244759] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 314.249110] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 314.253416] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 314.258802] ? rtnl_getlink+0xde0/0xde0 [ 314.262773] netlink_dump+0xb09/0x1750 [ 314.266669] netlink_recvmsg+0xec2/0x19d0 [ 314.270830] sock_recvmsg+0x1d1/0x230 [ 314.274626] ? netlink_sendmsg+0x1440/0x1440 [ 314.279030] ___sys_recvmsg+0x444/0xae0 [ 314.283015] ? __msan_poison_alloca+0x1e0/0x2b0 [ 314.287712] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 314.293067] ? __fdget+0x23c/0x440 [ 314.296606] __se_sys_recvmsg+0x2fa/0x450 [ 314.300763] __x64_sys_recvmsg+0x4a/0x70 [ 314.304817] do_syscall_64+0xcf/0x110 [ 314.308614] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 314.313795] RIP: 0033:0x7f77d0f4f210 [ 314.317498] Code: 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 90 83 3d e5 d3 2a 00 00 75 10 b8 2f 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e bb 00 00 48 89 04 24 [ 314.336405] RSP: 002b:00007fff8c683ae8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 314.344131] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f77d0f4f210 [ 314.351393] RDX: 0000000000000000 RSI: 00007fff8c683b30 RDI: 0000000000000003 [ 314.358674] RBP: 0000000000001c28 R08: 00007f77d11f8ec8 R09: 00007f77d0f95c00 [ 314.365933] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006395c0 [ 314.373190] R13: 00007fff8c687bc0 R14: 0000000000001c28 R15: 00007fff8c685798 [ 314.380467] Uninit was stored to memory at: [ 314.384787] kmsan_internal_chain_origin+0x136/0x240 [ 314.389886] __msan_chain_origin+0x6d/0xd0 [ 314.394110] __save_stack_trace+0x8be/0xc60 [ 314.398420] save_stack_trace+0xc6/0x110 [ 314.402493] kmsan_internal_chain_origin+0x136/0x240 [ 314.407588] kmsan_memcpy_origins+0x13d/0x1b0 [ 314.412092] __msan_memcpy+0x6f/0x80 [ 314.415812] nla_put+0x20a/0x2d0 [ 314.419171] br_port_fill_attrs+0x366/0x1ea0 [ 314.423590] br_port_fill_slave_info+0xff/0x120 [ 314.428279] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 314.432616] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 314.436868] netlink_dump+0xb09/0x1750 [ 314.440767] netlink_recvmsg+0xec2/0x19d0 [ 314.444920] sock_recvmsg+0x1d1/0x230 [ 314.448713] ___sys_recvmsg+0x444/0xae0 [ 314.452677] __se_sys_recvmsg+0x2fa/0x450 [ 314.456811] __x64_sys_recvmsg+0x4a/0x70 [ 314.461085] do_syscall_64+0xcf/0x110 [ 314.464880] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 314.470054] [ 314.471665] Uninit was stored to memory at: [ 314.475979] kmsan_internal_chain_origin+0x136/0x240 [ 314.481087] __msan_chain_origin+0x6d/0xd0 [ 314.485318] __save_stack_trace+0x8be/0xc60 [ 314.489646] save_stack_trace+0xc6/0x110 [ 314.493704] kmsan_internal_chain_origin+0x136/0x240 [ 314.498802] kmsan_memcpy_origins+0x13d/0x1b0 [ 314.503290] __msan_memcpy+0x6f/0x80 [ 314.506993] nla_put+0x20a/0x2d0 [ 314.510351] br_port_fill_attrs+0x366/0x1ea0 [ 314.514750] br_port_fill_slave_info+0xff/0x120 [ 314.519416] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 314.523738] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 314.527977] netlink_dump+0xb09/0x1750 [ 314.531892] netlink_recvmsg+0xec2/0x19d0 [ 314.536061] sock_recvmsg+0x1d1/0x230 [ 314.539851] ___sys_recvmsg+0x444/0xae0 [ 314.543819] __se_sys_recvmsg+0x2fa/0x450 [ 314.547955] __x64_sys_recvmsg+0x4a/0x70 [ 314.552008] do_syscall_64+0xcf/0x110 [ 314.555818] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 314.560989] [ 314.562605] Uninit was stored to memory at: [ 314.566919] kmsan_internal_chain_origin+0x136/0x240 [ 314.572013] __msan_chain_origin+0x6d/0xd0 [ 314.576238] __save_stack_trace+0x8be/0xc60 [ 314.580546] save_stack_trace+0xc6/0x110 [ 314.584599] kmsan_internal_chain_origin+0x136/0x240 [ 314.589691] kmsan_memcpy_origins+0x13d/0x1b0 [ 314.594223] __msan_memcpy+0x6f/0x80 [ 314.597927] nla_put+0x20a/0x2d0 [ 314.601287] br_port_fill_attrs+0x366/0x1ea0 [ 314.605686] br_port_fill_slave_info+0xff/0x120 [ 314.610352] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 314.614662] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 314.618886] netlink_dump+0xb09/0x1750 [ 314.622773] netlink_recvmsg+0xec2/0x19d0 [ 314.626929] sock_recvmsg+0x1d1/0x230 [ 314.630720] ___sys_recvmsg+0x444/0xae0 [ 314.634684] __se_sys_recvmsg+0x2fa/0x450 [ 314.638823] __x64_sys_recvmsg+0x4a/0x70 [ 314.642876] do_syscall_64+0xcf/0x110 [ 314.646666] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 314.651864] [ 314.653495] Uninit was stored to memory at: [ 314.657809] kmsan_internal_chain_origin+0x136/0x240 [ 314.662919] __msan_chain_origin+0x6d/0xd0 [ 314.667146] __save_stack_trace+0x8be/0xc60 [ 314.671456] save_stack_trace+0xc6/0x110 [ 314.675511] kmsan_internal_chain_origin+0x136/0x240 [ 314.680621] kmsan_memcpy_origins+0x13d/0x1b0 [ 314.685110] __msan_memcpy+0x6f/0x80 [ 314.688818] nla_put+0x20a/0x2d0 [ 314.692179] br_port_fill_attrs+0x366/0x1ea0 [ 314.696577] br_port_fill_slave_info+0xff/0x120 [ 314.701234] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 314.705546] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 314.709767] netlink_dump+0xb09/0x1750 [ 314.713646] netlink_recvmsg+0xec2/0x19d0 [ 314.717785] sock_recvmsg+0x1d1/0x230 [ 314.721575] ___sys_recvmsg+0x444/0xae0 [ 314.725538] __se_sys_recvmsg+0x2fa/0x450 [ 314.729678] __x64_sys_recvmsg+0x4a/0x70 [ 314.733740] do_syscall_64+0xcf/0x110 [ 314.737533] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 314.742703] [ 314.744320] Uninit was stored to memory at: [ 314.748632] kmsan_internal_chain_origin+0x136/0x240 [ 314.753727] __msan_chain_origin+0x6d/0xd0 [ 314.757953] __save_stack_trace+0x8be/0xc60 [ 314.762267] save_stack_trace+0xc6/0x110 [ 314.766320] kmsan_internal_chain_origin+0x136/0x240 [ 314.771413] kmsan_memcpy_origins+0x13d/0x1b0 [ 314.775905] __msan_memcpy+0x6f/0x80 [ 314.779609] nla_put+0x20a/0x2d0 [ 314.782965] br_port_fill_attrs+0x366/0x1ea0 [ 314.787365] br_port_fill_slave_info+0xff/0x120 [ 314.792037] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 314.796364] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 314.800586] netlink_dump+0xb09/0x1750 [ 314.804463] netlink_recvmsg+0xec2/0x19d0 [ 314.808603] sock_recvmsg+0x1d1/0x230 [ 314.812393] ___sys_recvmsg+0x444/0xae0 [ 314.816388] __se_sys_recvmsg+0x2fa/0x450 [ 314.820529] __x64_sys_recvmsg+0x4a/0x70 [ 314.824579] do_syscall_64+0xcf/0x110 [ 314.828370] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 314.833540] [ 314.835151] Uninit was stored to memory at: [ 314.839463] kmsan_internal_chain_origin+0x136/0x240 [ 314.844560] __msan_chain_origin+0x6d/0xd0 [ 314.848784] __save_stack_trace+0x8be/0xc60 [ 314.853094] save_stack_trace+0xc6/0x110 [ 314.857144] kmsan_internal_chain_origin+0x136/0x240 [ 314.862262] kmsan_memcpy_origins+0x13d/0x1b0 [ 314.866752] __msan_memcpy+0x6f/0x80 [ 314.870455] nla_put+0x20a/0x2d0 [ 314.873814] br_port_fill_attrs+0x366/0x1ea0 [ 314.878212] br_port_fill_slave_info+0xff/0x120 [ 314.882873] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 314.887183] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 314.891407] netlink_dump+0xb09/0x1750 [ 314.895288] netlink_recvmsg+0xec2/0x19d0 [ 314.899444] sock_recvmsg+0x1d1/0x230 [ 314.903241] ___sys_recvmsg+0x444/0xae0 [ 314.907206] __se_sys_recvmsg+0x2fa/0x450 [ 314.911343] __x64_sys_recvmsg+0x4a/0x70 [ 314.915393] do_syscall_64+0xcf/0x110 [ 314.919191] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 314.924366] [ 314.925981] Uninit was stored to memory at: [ 314.930306] kmsan_internal_chain_origin+0x136/0x240 [ 314.935403] __msan_chain_origin+0x6d/0xd0 [ 314.939634] __save_stack_trace+0x8be/0xc60 [ 314.943948] save_stack_trace+0xc6/0x110 [ 314.947999] kmsan_internal_chain_origin+0x136/0x240 [ 314.953091] kmsan_memcpy_origins+0x13d/0x1b0 [ 314.957573] __msan_memcpy+0x6f/0x80 [ 314.961280] nla_put+0x20a/0x2d0 [ 314.964641] br_port_fill_attrs+0x366/0x1ea0 [ 314.969054] br_port_fill_slave_info+0xff/0x120 [ 314.973719] rtnl_fill_ifinfo+0x5b6e/0x6d80 [ 314.978028] rtnl_dump_ifinfo+0xbe5/0x19b0 [ 314.982264] netlink_dump+0xb09/0x1750 [ 314.986161] netlink_recvmsg+0xec2/0x19d0 [ 314.990298] sock_recvmsg+0x1d1/0x230 [ 314.994087] ___sys_recvmsg+0x444/0xae0 [ 314.998067] __se_sys_recvmsg+0x2fa/0x450 [ 315.002203] __x64_sys_recvmsg+0x4a/0x70 [ 315.006257] do_syscall_64+0xcf/0x110 [ 315.010048] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 315.015220] [ 315.016836] Local variable description: ----c.i.i@should_fail [ 315.022705] Variable was created at: [ 315.026416] should_fail+0x162/0x13c0 [ 315.030216] __alloc_pages_nodemask+0x6fd/0x6640 [ 315.460922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 316.007234] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 316.556915] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 316.564131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 316.572117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 317.007867] ================================================================== [ 317.015302] BUG: KMSAN: uninit-value in aa_fqlookupn_profile+0x336/0x730 [ 317.022171] CPU: 1 PID: 7665 Comm: syz-executor3 Not tainted 4.19.0+ #77 [ 317.029027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.038390] Call Trace: [ 317.041021] dump_stack+0x32d/0x480 [ 317.044679] ? _raw_spin_lock_irqsave+0x237/0x340 [ 317.049548] ? aa_fqlookupn_profile+0x336/0x730 [ 317.054270] kmsan_report+0x1a2/0x2e0 [ 317.058117] __msan_warning+0x74/0xd0 [ 317.061957] aa_fqlookupn_profile+0x336/0x730 [ 317.066494] ? __msan_unpoison_alloca+0xa1/0xc0 [ 317.071216] aa_label_strn_parse+0x17bb/0x1e70 [ 317.075858] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 317.081262] ? refcount_inc_not_zero_checked+0x5d7/0x6f0 [ 317.086759] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 317.092165] aa_label_parse+0x11f/0x130 [ 317.096193] aa_change_profile+0x959/0x3da0 [ 317.096878] 8021q: adding VLAN 0 to HW filter on device team0 [ 317.100573] ? __se_sys_write+0xc0/0x370 [ 317.110536] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 317.115936] ? task_kmsan_context_state+0x51/0x90 [ 317.120805] ? __msan_get_context_state+0x9/0x30 [ 317.125582] ? INIT_INT+0xc/0x30 [ 317.129008] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 317.134487] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 317.139868] ? strcmp+0x83/0x160 [ 317.143265] apparmor_setprocattr+0x1306/0x13a0 [ 317.147989] ? apparmor_getprocattr+0x660/0x660 [ 317.152678] security_setprocattr+0x139/0x210 [ 317.157211] proc_pid_attr_write+0x407/0x4f0 [ 317.161655] ? proc_pid_attr_read+0x530/0x530 [ 317.166171] __vfs_write+0x1f4/0xb80 [ 317.169931] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 317.175318] ? __sb_start_write+0x119/0x240 [ 317.179667] vfs_write+0x4a3/0x8f0 [ 317.183257] __se_sys_write+0x17a/0x370 [ 317.187274] __x64_sys_write+0x4a/0x70 [ 317.191181] do_syscall_64+0xcf/0x110 [ 317.195015] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 317.200230] RIP: 0033:0x457569 [ 317.203457] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.222385] RSP: 002b:00007f0cb7e5ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 317.230133] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 317.237439] RDX: 00000000fffffed1 RSI: 0000000020000040 RDI: 0000000000000005 [ 317.244724] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 317.252009] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0cb7e5b6d4 [ 317.259295] R13: 00000000004c5772 R14: 00000000004d9328 R15: 00000000ffffffff [ 317.266598] [ 317.268240] Local variable description: ----ns_name@aa_fqlookupn_profile [ 317.275082] Variable was created at: [ 317.278820] aa_fqlookupn_profile+0x79/0x730 [ 317.283252] aa_label_strn_parse+0x17bb/0x1e70 [ 317.287837] ================================================================== [ 317.295199] Disabling lock debugging due to kernel taint [ 317.300668] Kernel panic - not syncing: panic_on_warn set ... [ 317.300668] [ 317.308057] CPU: 1 PID: 7665 Comm: syz-executor3 Tainted: G B 4.19.0+ #77 [ 317.316312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.325678] Call Trace: [ 317.328296] dump_stack+0x32d/0x480 [ 317.331968] panic+0x57e/0xb28 [ 317.335245] kmsan_report+0x2d3/0x2e0 [ 317.339088] __msan_warning+0x74/0xd0 [ 317.342936] aa_fqlookupn_profile+0x336/0x730 [ 317.347479] ? __msan_unpoison_alloca+0xa1/0xc0 [ 317.352193] aa_label_strn_parse+0x17bb/0x1e70 [ 317.356837] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 317.362239] ? refcount_inc_not_zero_checked+0x5d7/0x6f0 [ 317.367727] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 317.373121] aa_label_parse+0x11f/0x130 [ 317.377133] aa_change_profile+0x959/0x3da0 [ 317.381480] ? __se_sys_write+0xc0/0x370 [ 317.385567] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 317.390964] ? task_kmsan_context_state+0x51/0x90 [ 317.395835] ? __msan_get_context_state+0x9/0x30 [ 317.400612] ? INIT_INT+0xc/0x30 [ 317.404036] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 317.409521] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 317.414901] ? strcmp+0x83/0x160 [ 317.418296] apparmor_setprocattr+0x1306/0x13a0 [ 317.423024] ? apparmor_getprocattr+0x660/0x660 [ 317.427719] security_setprocattr+0x139/0x210 [ 317.432254] proc_pid_attr_write+0x407/0x4f0 [ 317.436703] ? proc_pid_attr_read+0x530/0x530 [ 317.441223] __vfs_write+0x1f4/0xb80 [ 317.444984] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 317.450377] ? __sb_start_write+0x119/0x240 [ 317.454740] vfs_write+0x4a3/0x8f0 [ 317.458328] __se_sys_write+0x17a/0x370 [ 317.462355] __x64_sys_write+0x4a/0x70 [ 317.466272] do_syscall_64+0xcf/0x110 [ 317.470107] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 317.475318] RIP: 0033:0x457569 [ 317.478534] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.497462] RSP: 002b:00007f0cb7e5ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 317.505197] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 317.512489] RDX: 00000000fffffed1 RSI: 0000000020000040 RDI: 0000000000000005 [ 317.519775] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 317.527059] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0cb7e5b6d4 [ 317.534358] R13: 00000000004c5772 R14: 00000000004d9328 R15: 00000000ffffffff [ 317.542624] Kernel Offset: disabled [ 317.546282] Rebooting in 86400 seconds..