[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 61.495982] sshd (6270) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 61.691599] random: sshd: uninitialized urandom read (32 bytes read) [ 61.878394] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 62.730688] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 65.183662] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts. [ 70.980750] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 02:44:27 fuzzer started [ 75.607034] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/11 02:44:32 dialing manager at 10.128.0.26:39089 2018/10/11 02:44:32 syscalls: 1 2018/10/11 02:44:32 code coverage: enabled 2018/10/11 02:44:32 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 02:44:32 setuid sandbox: enabled 2018/10/11 02:44:32 namespace sandbox: enabled 2018/10/11 02:44:32 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 02:44:32 fault injection: enabled 2018/10/11 02:44:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 02:44:32 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 02:44:32 net device setup: enabled [ 80.889113] random: crng init done 02:46:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c46000000086c0a00000000000000003f0000000000fb02000038000000ae020000000101000000200400006063eef458cee599ca0100000020000000bddfb3de320598bf1b186c6762f884a07327ab9268f0abffc77022b0e49f8c5497f0fedf324e39e9621ec45b0022c25fd80500f2a872b1e4f94e875487b772e28875c2b9b1f09fb717c5d0dea55318c52c7edefdad91f078cba017df92c99290ce3cb4fd53dd956bddfc023156150121d81586"], 0xb2) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f00000000c0)) r0 = creat(&(0x7f0000001140)='./file0\x00', 0x3) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB='#! ./file0 #'], 0xc) close(r0) execve(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240), &(0x7f0000000300)) unshare(0x0) [ 203.344897] IPVS: ftp: loaded support on port[0] = 21 [ 204.593446] ip (6386) used greatest stack depth: 53056 bytes left [ 204.745489] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.752312] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.761110] device bridge_slave_0 entered promiscuous mode [ 204.908239] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.914964] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.925509] device bridge_slave_1 entered promiscuous mode [ 205.071343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 205.214713] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 205.659080] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 205.811421] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 206.096216] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 206.103564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 02:46:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000033000/0x1000)=nil, 0x1000, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ptype\x00') ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000100)) r1 = socket$kcm(0x29, 0x5, 0x0) sendfile(r1, r0, &(0x7f0000301ff8), 0xffffffff) bind$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, {0x0, 0x0, 0x1, 0x9}, 0x9}, 0xa) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000440)=ANY=[]) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') [ 206.598924] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 206.607409] team0: Port device team_slave_0 added [ 206.753290] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 206.761526] team0: Port device team_slave_1 added [ 206.947964] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.092808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 207.099890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.109118] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.446372] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 207.454208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.464185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.615844] IPVS: ftp: loaded support on port[0] = 21 [ 207.655619] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 207.663412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.672837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.804821] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.811595] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.820389] device bridge_slave_0 entered promiscuous mode [ 210.081457] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.088108] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.096863] device bridge_slave_1 entered promiscuous mode [ 210.197174] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.203786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.210783] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.217940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.227417] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.367020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.569004] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.811967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.180278] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.376083] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.571985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.612339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.393494] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.401943] team0: Port device team_slave_0 added 02:46:46 executing program 2: add_key(&(0x7f00000001c0)='pkcs7_test\x00', &(0x7f0000000200)={'syz'}, &(0x7f0000000240), 0x0, 0xfffffffffffffffd) [ 212.626785] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.635337] team0: Port device team_slave_1 added [ 212.986615] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.994457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.003770] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.310164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 213.317442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.326635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.679201] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.687037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.696413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.923582] IPVS: ftp: loaded support on port[0] = 21 [ 214.062519] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 214.100658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.110194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.756529] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.763212] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.772061] device bridge_slave_0 entered promiscuous mode [ 217.049637] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.056419] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.065183] device bridge_slave_1 entered promiscuous mode [ 217.395715] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 217.506655] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.513246] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.520249] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.526923] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.535897] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.686860] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 218.412353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.432734] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 218.760636] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 219.078807] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 219.086232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 219.270247] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 219.277620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 220.039768] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 220.048277] team0: Port device team_slave_0 added [ 220.323231] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 220.331528] team0: Port device team_slave_1 added [ 220.667260] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 220.674763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 220.683970] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.975274] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 220.982560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.991922] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 02:46:55 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) capget(&(0x7f0000000040)={0x19980330, r1}, &(0x7f0000003840)) [ 221.192479] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 221.200149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.209628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.556651] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 221.564903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.574279] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.753590] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.651960] IPVS: ftp: loaded support on port[0] = 21 [ 223.165563] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 224.424212] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 224.430655] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.439243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.675868] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.682453] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.689472] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.696251] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.705590] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 225.736277] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.119552] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.126132] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.134747] device bridge_slave_0 entered promiscuous mode [ 226.412278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 226.471289] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.478200] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.486997] device bridge_slave_1 entered promiscuous mode [ 226.741980] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 227.101413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 228.195118] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 228.585748] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 229.003494] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 229.010620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.349882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 229.357254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.473577] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 230.482361] team0: Port device team_slave_0 added [ 230.877785] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 230.886330] team0: Port device team_slave_1 added [ 231.316963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 231.324221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.333223] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 02:47:05 executing program 4: openat$ipvs(0xffffffffffffff9c, &(0x7f0000001300)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000026c0)=[{{&(0x7f0000000080)=@can, 0x80, &(0x7f0000000480), 0x0, &(0x7f0000000500)=""/200, 0xc8}}], 0x1, 0x0, &(0x7f0000003280)) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') preadv(r0, &(0x7f00000017c0), 0x199, 0x0) [ 231.686839] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 231.694145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.703423] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.183394] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.191081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.200540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.652981] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.660736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.670105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 232.706351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.623918] IPVS: ftp: loaded support on port[0] = 21 [ 234.289834] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 02:47:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c46000000086c0a00000000000000003f0000000000fb02000038000000ae020000000101000000200400006063eef458cee599ca0100000020000000bddfb3de320598bf1b186c6762f884a07327ab9268f0abffc77022b0e49f8c5497f0fedf324e39e9621ec45b0022c25fd80500f2a872b1e4f94e875487b772e28875c2b9b1f09fb717c5d0dea55318c52c7edefdad91f078cba017df92c99290ce3cb4fd53dd956bddfc023156150121d81586"], 0xb2) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f00000000c0)) r0 = creat(&(0x7f0000001140)='./file0\x00', 0x3) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB='#! ./file0 #'], 0xc) close(r0) execve(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240), &(0x7f0000000300)) unshare(0x0) 02:47:10 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='clear_refs\x00') pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0) mlock2(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0) [ 236.049783] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 236.056411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.064568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 02:47:10 executing program 0: r0 = dup(0xffffffffffffff9c) epoll_wait(r0, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x9, 0x1f) r1 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r1, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) time(&(0x7f00000002c0)) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x20, &(0x7f0000000240)=[@in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e22, @rand_addr=0x5}]}, &(0x7f0000000300)=0x10) rt_sigsuspend(&(0x7f00000003c0)={0x5}, 0x8) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000340)={r2, 0xffffffffffffffff, 0x9}, &(0x7f0000000380)=0x8) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/qat_adf_ctl\x00', 0x8000, 0x0) bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x25dfdbfd, 0x200000}, 0xc) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000100)) [ 237.439770] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.446441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.453648] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.460176] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.469131] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.576942] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.583604] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.592472] device bridge_slave_0 entered promiscuous mode [ 237.624858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.936277] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.974530] bridge0: port 2(bridge_slave_1) entered blocking state 02:47:12 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) getsockopt$inet_dccp_int(r1, 0x21, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r2 = openat$cgroup_int(r0, &(0x7f0000000180)='notify_on_release\x00', 0x2, 0x0) r3 = openat$cgroup_ro(r0, &(0x7f00000003c0)='cpuacct.usage_percpu\x00', 0x0, 0x0) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) sendfile(r2, r3, &(0x7f0000000000), 0x1) [ 237.981018] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.989766] device bridge_slave_1 entered promiscuous mode [ 238.436507] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 02:47:12 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000040)=0x20) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={r2, 0x3}, 0x8) [ 238.829027] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 02:47:13 executing program 0: r0 = memfd_create(&(0x7f0000000000)="776c6197b000a8f602d0a2c2a582c3c86818b3bfd25a1f6a2d25749f377c03d1ba30a2dec37181251be19032789a3f9da8c9c1db30b7ee7596adae0096e8a1adf519d3ee845d75d985f3ce093d6d77aef1bd974bdda5428e53b9bd362a4c34540dcf267467324671ae9c80a0b1040a57cc4327db5b028df0149495f06358246100253f25d93a97bd9ae3e9b6ad8353ed8905a6db91f4e98a6a036ee84895e27e7126f712ccea596d582829b39105280374dee2d74eb8fd755880995d3c63953e65e5f57e2d290dc84e6cb48c6cf7fb88790a2b08122cd79d42626346660cb4739602fc8f0791b6d573d6d8e06c3f216c5aa37b72", 0x0) unshare(0x20400) close(r0) mq_timedsend(r0, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000180)) 02:47:13 executing program 0: r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz', 0x2}, &(0x7f0000000100)="000100", 0x3, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r1, r0, r1}, &(0x7f00000009c0)=""/240, 0x4a3, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KDGKBENT(r2, 0x4b46, &(0x7f0000000140)={0x8, 0x7, 0x9}) 02:47:13 executing program 0: r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz', 0x2}, &(0x7f0000000100)="000100", 0x3, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r1, r0, r1}, &(0x7f00000009c0)=""/240, 0x4a3, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KDGKBENT(r2, 0x4b46, &(0x7f0000000140)={0x8, 0x7, 0x9}) [ 240.199441] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 240.643322] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 241.021033] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 241.028289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 241.360542] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 241.367958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.494885] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 242.503476] team0: Port device team_slave_0 added [ 242.831922] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 242.840235] team0: Port device team_slave_1 added [ 242.870256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.222437] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 243.237341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 243.246532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 243.576417] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 243.583950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 243.593076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 243.963480] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 243.971225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 243.980511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.240481] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.330661] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 244.338613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.347893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.175197] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.201955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.210044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.367574] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.483792] hrtimer: interrupt took 44208 ns 02:47:21 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000033000/0x1000)=nil, 0x1000, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ptype\x00') ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000100)) r1 = socket$kcm(0x29, 0x5, 0x0) sendfile(r1, r0, &(0x7f0000301ff8), 0xffffffff) bind$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, {0x0, 0x0, 0x1, 0x9}, 0x9}, 0xa) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000440)=ANY=[]) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') [ 248.215833] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.222418] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.229430] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.236051] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.244763] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 248.251800] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 251.075304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.893154] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 252.494327] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 252.500753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 252.508998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 02:47:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) close(r0) openat$zero(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/zero\x00', 0x0, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x2011, r0, 0x0) [ 253.238809] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.994819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.543384] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 256.724343] capability: warning: `syz-executor3' uses 32-bit capabilities (legacy support in use) 02:47:30 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r1 = getpgrp(0x0) capget(&(0x7f0000000040)={0x19980330, r1}, &(0x7f0000003840)) [ 257.073063] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 257.079390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 257.087658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 257.385007] 8021q: adding VLAN 0 to HW filter on device team0 02:47:33 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000000140)="ba", 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) 02:47:33 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, 0x1000}, &(0x7f0000000040)=0x10) ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000080)) r3 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x835, 0x2000) flock(r3, 0x2) r4 = dup2(r1, r3) ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r2) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@ipv4={[], [], @local}, @in=@remote}}, {{@in6=@loopback}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) ioctl$PERF_EVENT_IOC_QUERY_BPF(r4, 0xc008240a, &(0x7f0000000300)={0x1, 0x0, [0x0]}) getsockopt$inet6_opts(r0, 0x29, 0x3f, &(0x7f0000000340)=""/58, &(0x7f0000000380)=0x3a) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/ptmx\x00', 0x20000, 0x0) ftruncate(r5, 0x0) ioctl$sock_SIOCDELDLCI(r4, 0x8981, &(0x7f0000000400)={'ip6_vti0\x00', 0x80}) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000440)) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000480)={0x0, 0x0, 0x4, 0x0, [], [{0x20, 0x9, 0x3ff, 0x100000001, 0xfffffffffffffff8, 0x7ff}, {0x10000, 0x1, 0x4, 0x4, 0x3, 0x6}], [[], [], [], []]}) r6 = open(&(0x7f0000000640)='./file0\x00', 0x800, 0x4) ioctl$TIOCSCTTY(r6, 0x540e, 0x3f) setsockopt$IP_VS_SO_SET_FLUSH(r6, 0x0, 0x485, 0x0, 0x0) ioctl$NBD_SET_BLKSIZE(r4, 0xab01, 0x8) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(r2, 0x8935, &(0x7f0000000680)={'veth0_to_team\x00', 0x1ff}) ioctl$KDADDIO(r4, 0x4b34, 0x0) ioctl$GIO_FONT(r4, 0x4b60, &(0x7f00000006c0)=""/161) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000780)=0x6, 0x4) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000800)={r6, 0x28, &(0x7f00000007c0)}, 0x10) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000840)={{0x101, 0xaa78, 0x3, 0x8}, 'syz1\x00', 0xb}) clone(0x0, &(0x7f00000008c0)="78708ee7af889264b2", &(0x7f0000000900), &(0x7f0000000940), &(0x7f0000000980)="2c753e4cf2d9fc5d4add77f6288ab655a0aefc3d7f8e95d29746baf2dfa83ef8b6784c39394f5c0bdeaa1004290924ec3228af110286a34ddc1e888be9d70ff17ea06f4db6b25773d475f9b34894cbd586636377") getsockopt$inet_sctp6_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f0000000a00)={0x0, 0x0, 0x9, 0x7ff, 0x9, 0x1}, &(0x7f0000000a40)=0x14) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000a80)={r7, 0x7}, &(0x7f0000000ac0)=0x8) 02:47:33 executing program 1: getpgid(0x0) clone(0x0, &(0x7f0000002080), &(0x7f0000002140), &(0x7f0000002180), &(0x7f00000021c0)) msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0) 02:47:33 executing program 2: msgget(0x2, 0x10) r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/attr/exec\x00', 0x2, 0x0) r1 = dup2(r0, 0xffffffffffffff9c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, r1, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) r2 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x2c5) ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000340)={0xfffffffffffffffd, 0x100001001, 0x8000000000000}) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000280)={0x0}) ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f00000002c0)={r3, 0x1}) r4 = msgget(0x3, 0x1) msgsnd(r4, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000000000000019eb56986f1f7a65627858835824cdabe2b2f38bdaa3221ac2f6bf00e541eba3a318387d1c105da4fc56f7de2213f985e73aa29b0662733dd89c5631419c52ae4b999458cca9a59942dfe1ff59dff206d66d58d34a67a61f8c3ca1d1dda946d43b4b746db4156ecc138ccdc556b19641ba471d4dd8edd02d59d37a9333b127fbca8d234400aa7b86ee18634ab260109671de2e1ad12283be656a588390015d1c485f0a8ea0ef52aec467d93e4db2cbcf9901a143e036c8414050003db331d1314dbfa6a93d2df53a0c800a68c42246ebce133f4b31eeb5a000000000000"], 0x1, 0x800) r5 = openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x80000, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, 0x0}) openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/uhid\x00', 0x2, 0x0) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000001c0)={[], 0x7, 0x5, 0x4, 0x9, 0xffffffff, r6}) write$binfmt_script(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="2321202e2f66696c73cc0a60ab51ed05df0d0d49d6ca010023df39a4a85312a0187080fa4242515e54235359f38670106700c423bbaae6cf9f4b0d4620b7d34b273b0faf499d4208dbc3632ca7032012345e217c489e0e0100000086b32d11860888ea9e9ad25d8852f678a3ada658d3bf28cbd8fc7575bbf060228e4e3eb9065ec6"], 0x82) fchdir(r1) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000480)={0x1753, 0x9, 0x9, 0x2f, 0x8}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) r7 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x80000, 0x0) write$FUSE_POLL(r7, &(0x7f0000000240)={0x18, 0x0, 0x7, {0x9}}, 0x18) 02:47:33 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x805, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f00000002c0)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000100)={@multicast2, @loopback, 0x0, 0x2, [@rand_addr=0x9, @empty]}, 0x18) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)={@multicast2, @loopback, 0x0, 0x1, [@multicast1]}, 0x14) 02:47:33 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) poll(&(0x7f0000000040)=[{r0, 0x2000}, {r0, 0x8000}, {r0, 0x40}, {r0, 0x8000}, {r0, 0x8002}, {r0, 0x8}, {r0, 0x420}, {r0, 0x8000}, {r0, 0x2b}], 0x9, 0x6000000000000) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000200)='ipddp0\x00') bind$alg(r0, &(0x7f0000000580)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="b7", 0x1) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x4c000, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000001c0)={&(0x7f0000000100)=""/163, 0x1316000, 0x800, 0x3}, 0x18) [ 259.639348] ================================================================== [ 259.646907] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 259.654061] CPU: 0 PID: 7644 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #66 [ 259.661406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.670789] Call Trace: [ 259.673418] dump_stack+0x306/0x460 [ 259.677208] ? vmap_page_range_noflush+0x975/0xed0 [ 259.682197] kmsan_report+0x1a2/0x2e0 [ 259.686048] __msan_warning+0x7c/0xe0 [ 259.689908] vmap_page_range_noflush+0x975/0xed0 [ 259.694771] map_vm_area+0x17d/0x1f0 [ 259.698554] kmsan_vmap+0xf2/0x180 [ 259.702147] vmap+0x3a1/0x510 [ 259.705308] ? relay_open_buf+0x81e/0x19d0 [ 259.709600] relay_open_buf+0x81e/0x19d0 [ 259.713739] relay_open+0xabb/0x1370 [ 259.717535] do_blk_trace_setup+0xaf7/0x1780 [ 259.722019] __blk_trace_setup+0x20b/0x380 [ 259.726332] blk_trace_ioctl+0x274/0x970 [ 259.730461] ? kmsan_set_origin_inline+0x6b/0x120 [ 259.735348] ? __msan_poison_alloca+0x17a/0x210 [ 259.740067] ? blkdev_ioctl+0x327/0x55e0 [ 259.744159] ? block_ioctl+0x16f/0x1d0 [ 259.748094] blkdev_ioctl+0x1aaa/0x55e0 [ 259.752130] ? task_kmsan_context_state+0x6b/0x120 [ 259.757101] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 259.762497] ? vmalloc_to_page+0x57d/0x6b0 [ 259.766792] ? kmsan_set_origin_inline+0x6b/0x120 [ 259.771707] block_ioctl+0x16f/0x1d0 [ 259.775459] ? block_llseek+0x190/0x190 [ 259.779471] do_vfs_ioctl+0xcf3/0x2810 [ 259.783402] ? security_file_ioctl+0x92/0x200 [ 259.787932] __se_sys_ioctl+0x1da/0x270 [ 259.791946] __x64_sys_ioctl+0x4a/0x70 [ 259.795864] do_syscall_64+0xbe/0x100 [ 259.799714] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 259.804929] RIP: 0033:0x457519 [ 259.808153] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 259.827090] RSP: 002b:00007ff9b78f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 259.834843] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 259.842149] RDX: 00000000200001c0 RSI: 00000000c0481273 RDI: 0000000000000007 [ 259.849449] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 259.856753] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff9b78f86d4 [ 259.864232] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 259.871602] [ 259.873268] Uninit was created at: [ 259.876850] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 259.881983] kmsan_kmalloc+0xa4/0x120 [ 259.885801] __kmalloc+0x14b/0x440 [ 259.889358] kmsan_vmap+0x9b/0x180 [ 259.892924] vmap+0x3a1/0x510 [ 259.896049] relay_open_buf+0x81e/0x19d0 [ 259.900137] relay_open+0xabb/0x1370 [ 259.903878] do_blk_trace_setup+0xaf7/0x1780 [ 259.908311] __blk_trace_setup+0x20b/0x380 [ 259.912572] blk_trace_ioctl+0x274/0x970 [ 259.916668] blkdev_ioctl+0x1aaa/0x55e0 [ 259.920679] block_ioctl+0x16f/0x1d0 [ 259.924427] do_vfs_ioctl+0xcf3/0x2810 [ 259.928345] __se_sys_ioctl+0x1da/0x270 [ 259.932425] __x64_sys_ioctl+0x4a/0x70 [ 259.936325] do_syscall_64+0xbe/0x100 [ 259.940145] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 259.945347] ================================================================== [ 259.952717] Disabling lock debugging due to kernel taint [ 259.958209] Kernel panic - not syncing: panic_on_warn set ... [ 259.958209] [ 259.965625] CPU: 0 PID: 7644 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #66 [ 259.974650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.984017] Call Trace: [ 259.986625] dump_stack+0x306/0x460 [ 259.990301] panic+0x54c/0xafa [ 259.993577] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 259.999061] kmsan_report+0x2d3/0x2e0 [ 260.002907] __msan_warning+0x7c/0xe0 [ 260.006751] vmap_page_range_noflush+0x975/0xed0 [ 260.011600] map_vm_area+0x17d/0x1f0 [ 260.015357] kmsan_vmap+0xf2/0x180 [ 260.018946] vmap+0x3a1/0x510 [ 260.022094] ? relay_open_buf+0x81e/0x19d0 [ 260.026381] relay_open_buf+0x81e/0x19d0 [ 260.030594] relay_open+0xabb/0x1370 [ 260.034363] do_blk_trace_setup+0xaf7/0x1780 [ 260.038828] __blk_trace_setup+0x20b/0x380 [ 260.043123] blk_trace_ioctl+0x274/0x970 [ 260.047240] ? kmsan_set_origin_inline+0x6b/0x120 [ 260.052129] ? __msan_poison_alloca+0x17a/0x210 [ 260.056845] ? blkdev_ioctl+0x327/0x55e0 [ 260.060940] ? block_ioctl+0x16f/0x1d0 [ 260.064867] blkdev_ioctl+0x1aaa/0x55e0 [ 260.068898] ? task_kmsan_context_state+0x6b/0x120 [ 260.074317] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 260.079711] ? vmalloc_to_page+0x57d/0x6b0 [ 260.083980] ? kmsan_set_origin_inline+0x6b/0x120 [ 260.088856] block_ioctl+0x16f/0x1d0 [ 260.092598] ? block_llseek+0x190/0x190 [ 260.096608] do_vfs_ioctl+0xcf3/0x2810 [ 260.100981] ? security_file_ioctl+0x92/0x200 [ 260.105541] __se_sys_ioctl+0x1da/0x270 [ 260.109574] __x64_sys_ioctl+0x4a/0x70 [ 260.113534] do_syscall_64+0xbe/0x100 [ 260.117392] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 260.122605] RIP: 0033:0x457519 [ 260.125829] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 260.144768] RSP: 002b:00007ff9b78f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 260.152513] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 260.159824] RDX: 00000000200001c0 RSI: 00000000c0481273 RDI: 0000000000000007 [ 260.167126] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 260.174431] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff9b78f86d4 [ 260.181730] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 260.189995] Kernel Offset: disabled [ 260.193642] Rebooting in 86400 seconds..