[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 52.605512] kauditd_printk_skb: 4 callbacks suppressed [ 52.605537] audit: type=1800 audit(1545314732.659:29): pid=6351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 52.630290] audit: type=1800 audit(1545314732.659:30): pid=6351 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. 2018/12/20 14:05:44 fuzzer started 2018/12/20 14:05:48 dialing manager at 10.128.0.26:46613 2018/12/20 14:05:48 syscalls: 1 2018/12/20 14:05:48 code coverage: enabled 2018/12/20 14:05:48 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/20 14:05:48 setuid sandbox: enabled 2018/12/20 14:05:48 namespace sandbox: enabled 2018/12/20 14:05:48 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/20 14:05:48 fault injection: enabled 2018/12/20 14:05:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/20 14:05:48 net packet injection: enabled 2018/12/20 14:05:48 net device setup: enabled 14:06:05 executing program 0: unshare(0x400) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syzkaller login: [ 86.224785] IPVS: ftp: loaded support on port[0] = 21 [ 87.644089] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.650644] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.659242] device bridge_slave_0 entered promiscuous mode [ 87.745945] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.752544] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.760823] device bridge_slave_1 entered promiscuous mode [ 87.843549] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.925630] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 88.188386] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 88.279050] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 88.401172] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 88.408280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 88.533133] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 88.540144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 88.846551] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.855167] team0: Port device team_slave_0 added [ 88.951345] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.960151] team0: Port device team_slave_1 added [ 89.054508] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.145205] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.233232] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.240976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.250353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.339657] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.347515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.357087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 14:06:09 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x10000000c0085, 0x0) pwrite64(r1, &(0x7f0000000080)="83ca04cfdcfd9037b2d169c06315dba894000bfff3000062", 0x18, 0x0) [ 90.097982] IPVS: ftp: loaded support on port[0] = 21 [ 90.688426] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.695108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.702490] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.709132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.718130] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.724637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 92.587944] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.594556] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.602786] device bridge_slave_0 entered promiscuous mode [ 92.795416] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.802066] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.810616] device bridge_slave_1 entered promiscuous mode [ 93.008654] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 93.152584] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.586299] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.684196] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.904840] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 93.911942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 14:06:14 executing program 2: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x20000003) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) recvmmsg(r1, &(0x7f0000002080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x803, 0x3) ioctl(r2, 0x1000008912, &(0x7f0000000640)="0a5c2d023c126285718070") r3 = accept4(r0, 0x0, 0x0, 0x0) close(r3) [ 94.319791] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 94.328547] team0: Port device team_slave_0 added [ 94.427892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 94.436618] team0: Port device team_slave_1 added [ 94.584263] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.713637] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.856217] IPVS: ftp: loaded support on port[0] = 21 [ 94.899914] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 94.907622] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.916974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 95.161811] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 95.169406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 95.178790] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 96.859774] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.866436] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.873568] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.880090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.889298] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 96.984085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.499038] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.505755] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.514132] device bridge_slave_0 entered promiscuous mode [ 97.599891] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 97.697816] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.704454] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.712737] device bridge_slave_1 entered promiscuous mode [ 97.793026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 97.911400] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 97.994041] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 98.192204] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 98.198509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.206516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.514370] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 98.719468] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 98.874910] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 98.882059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 98.923895] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.103885] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 99.110943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 99.582037] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 99.590620] team0: Port device team_slave_0 added [ 99.706222] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 99.714734] team0: Port device team_slave_1 added [ 99.869504] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 99.876738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 99.885815] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 100.051311] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 100.058394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 100.067456] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 100.239711] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 100.247483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.256595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 100.467169] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 100.475049] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.484117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.238948] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.245581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.252860] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.259469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.268855] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 102.275482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 14:06:22 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0xffffffbf}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x1, 0xc3, &(0x7f0000000000)=""/195}, 0x48) [ 103.010783] IPVS: ftp: loaded support on port[0] = 21 14:06:23 executing program 0: unshare(0x400) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 14:06:23 executing program 0: unshare(0x400) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 103.546399] 8021q: adding VLAN 0 to HW filter on device bond0 14:06:23 executing program 0: unshare(0x400) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 14:06:23 executing program 0: sendto$inet(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0xb1aa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x40001, 0x0) ioctl$EVIOCGREP(r1, 0x40047440, 0x0) mkdir(0x0, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000200)) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000480)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8) gettid() clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000a00)={&(0x7f00000009c0)='./file0\x00'}, 0x10) [ 103.944871] hrtimer: interrupt took 28198 ns 14:06:24 executing program 0: sendto$inet(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0xb1aa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x40001, 0x0) ioctl$EVIOCGREP(r1, 0x40047440, 0x0) mkdir(0x0, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000200)) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000480)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8) gettid() clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000a00)={&(0x7f00000009c0)='./file0\x00'}, 0x10) 14:06:24 executing program 0: sendto$inet(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0xb1aa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x40001, 0x0) ioctl$EVIOCGREP(r1, 0x40047440, 0x0) mkdir(0x0, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000200)) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000480)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8) gettid() clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000a00)={&(0x7f00000009c0)='./file0\x00'}, 0x10) 14:06:24 executing program 0: sendto$inet(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0xb1aa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x40001, 0x0) ioctl$EVIOCGREP(r1, 0x40047440, 0x0) mkdir(0x0, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000200)) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000480)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8) gettid() clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000a00)={&(0x7f00000009c0)='./file0\x00'}, 0x10) [ 104.388515] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 14:06:24 executing program 0: sendto$inet(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0xb1aa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x40001, 0x0) ioctl$EVIOCGREP(r1, 0x40047440, 0x0) mkdir(0x0, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000200)) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000480)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8) gettid() clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000a00)={&(0x7f00000009c0)='./file0\x00'}, 0x10) 14:06:24 executing program 0: sendto$inet(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x0) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0xb1aa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x40001, 0x0) ioctl$EVIOCGREP(r1, 0x40047440, 0x0) mkdir(0x0, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000200)) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000480)='./file0\x00') symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000280)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8) gettid() clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000a00)={&(0x7f00000009c0)='./file0\x00'}, 0x10) [ 105.244357] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 105.250733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 105.258847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 105.922850] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.462351] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.468920] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.477531] device bridge_slave_0 entered promiscuous mode [ 106.675656] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.682253] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.690622] device bridge_slave_1 entered promiscuous mode [ 106.851006] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 106.990498] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 107.535134] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 107.734132] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 107.918747] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 107.927469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 108.499351] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 108.508043] team0: Port device team_slave_0 added [ 108.607510] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 108.616135] team0: Port device team_slave_1 added [ 108.710453] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 108.721404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 108.730314] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 108.929814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 109.090061] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 109.097773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 109.106748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 109.261603] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 109.269861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 109.279056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 14:06:30 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x10000000c0085, 0x0) pwrite64(r1, &(0x7f0000000080)="83ca04cfdcfd9037b2d169c06315dba894000bfff3000062", 0x18, 0x0) [ 110.302317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.769287] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 111.029528] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.036140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.043330] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.049863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.059068] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 111.066998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 111.106068] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 111.112415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.120253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.574485] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.858334] ================================================================== [ 114.865778] BUG: KMSAN: uninit-value in __siphash_aligned+0x512/0xae0 [ 114.872383] CPU: 0 PID: 7480 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #8 [ 114.879502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 114.888869] Call Trace: [ 114.891487] dump_stack+0x173/0x1d0 [ 114.895164] kmsan_report+0x120/0x290 [ 114.899032] kmsan_internal_check_memory+0x9a7/0xa20 [ 114.904205] __msan_instrument_asm_load+0x8a/0x90 [ 114.909136] __siphash_aligned+0x512/0xae0 [ 114.913435] secure_ipv6_port_ephemeral+0x110/0x220 [ 114.918498] inet6_hash_connect+0x11f/0x1a0 [ 114.922860] dccp_v6_connect+0x197e/0x1e20 [ 114.927142] ? __msan_poison_alloca+0x1e0/0x270 [ 114.931858] ? dccp_v6_exit_batch+0x40/0x40 [ 114.936204] __inet_stream_connect+0x2f9/0x1340 [ 114.940979] inet_stream_connect+0x101/0x180 [ 114.945445] __sys_connect+0x664/0x820 [ 114.949372] ? __inet_stream_connect+0x1340/0x1340 [ 114.954339] ? prepare_exit_to_usermode+0x114/0x420 [ 114.959386] ? syscall_return_slowpath+0x50/0x650 [ 114.964283] __se_sys_connect+0x8d/0xb0 [ 114.968304] __x64_sys_connect+0x4a/0x70 [ 114.972432] do_syscall_64+0xbc/0xf0 [ 114.976185] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 114.981398] RIP: 0033:0x457669 [ 114.984611] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.003544] RSP: 002b:00007fc253ac2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 115.011271] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 115.018560] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000004 [ 115.025845] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 115.033163] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc253ac36d4 [ 115.040452] R13: 00000000004bdc27 R14: 00000000004cd678 R15: 00000000ffffffff [ 115.047773] [ 115.049414] Local variable description: ----combined@secure_ipv6_port_ephemeral [ 115.056866] Variable was created at: [ 115.060594] secure_ipv6_port_ephemeral+0x6a/0x220 [ 115.065542] inet6_hash_connect+0x11f/0x1a0 [ 115.069861] [ 115.071500] Bytes 2-7 of 8 are uninitialized [ 115.075937] Memory access of size 8 starts at ffff888169d7fa08 [ 115.081919] ================================================================== [ 115.089293] Disabling lock debugging due to kernel taint [ 115.094771] Kernel panic - not syncing: panic_on_warn set ... [ 115.100683] CPU: 0 PID: 7480 Comm: syz-executor2 Tainted: G B 4.20.0-rc7+ #8 [ 115.109176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 115.118543] Call Trace: [ 115.121154] dump_stack+0x173/0x1d0 [ 115.124816] panic+0x3ce/0x961 [ 115.128077] kmsan_report+0x285/0x290 [ 115.131910] kmsan_internal_check_memory+0x9a7/0xa20 [ 115.137074] __msan_instrument_asm_load+0x8a/0x90 [ 115.141943] __siphash_aligned+0x512/0xae0 [ 115.146271] secure_ipv6_port_ephemeral+0x110/0x220 [ 115.151369] inet6_hash_connect+0x11f/0x1a0 [ 115.155731] dccp_v6_connect+0x197e/0x1e20 [ 115.160017] ? __msan_poison_alloca+0x1e0/0x270 [ 115.164741] ? dccp_v6_exit_batch+0x40/0x40 [ 115.169092] __inet_stream_connect+0x2f9/0x1340 [ 115.173820] inet_stream_connect+0x101/0x180 [ 115.178272] __sys_connect+0x664/0x820 [ 115.182196] ? __inet_stream_connect+0x1340/0x1340 [ 115.187170] ? prepare_exit_to_usermode+0x114/0x420 [ 115.192211] ? syscall_return_slowpath+0x50/0x650 [ 115.197099] __se_sys_connect+0x8d/0xb0 [ 115.201111] __x64_sys_connect+0x4a/0x70 [ 115.205199] do_syscall_64+0xbc/0xf0 [ 115.209012] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 115.214216] RIP: 0033:0x457669 [ 115.217435] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 115.236348] RSP: 002b:00007fc253ac2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 115.244071] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 115.251359] RDX: 000000000000001c RSI: 0000000020419000 RDI: 0000000000000004 [ 115.258636] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 115.265948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc253ac36d4 [ 115.273271] R13: 00000000004bdc27 R14: 00000000004cd678 R15: 00000000ffffffff [ 115.281552] Kernel Offset: disabled [ 115.285181] Rebooting in 86400 seconds..