[ 53.178890] audit: type=1800 audit(1545350812.189:28): pid=6452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 54.393836] sshd (6516) used greatest stack depth: 53856 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 54.875077] audit: type=1800 audit(1545350813.929:29): pid=6452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 54.894495] audit: type=1800 audit(1545350813.929:30): pid=6452 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. 2018/12/21 00:07:06 fuzzer started 2018/12/21 00:07:11 dialing manager at 10.128.0.26:46613 2018/12/21 00:07:13 syscalls: 1 2018/12/21 00:07:13 code coverage: enabled 2018/12/21 00:07:13 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/21 00:07:13 setuid sandbox: enabled 2018/12/21 00:07:13 namespace sandbox: enabled 2018/12/21 00:07:13 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/21 00:07:13 fault injection: enabled 2018/12/21 00:07:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/21 00:07:13 net packet injection: enabled 2018/12/21 00:07:13 net device setup: enabled 00:09:58 executing program 0: r0 = memfd_create(&(0x7f00000000c0)='#em1#+\x00', 0x0) write(r0, &(0x7f0000000380)="0638ef5df8aaf5c6", 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) nanosleep(&(0x7f0000000000)={0x0, 0x1c9c380}, 0x0) syzkaller login: [ 240.231677] IPVS: ftp: loaded support on port[0] = 21 [ 241.624461] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.631040] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.639738] device bridge_slave_0 entered promiscuous mode [ 241.735431] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.742164] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.750548] device bridge_slave_1 entered promiscuous mode [ 241.835962] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 241.920922] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 242.183802] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 242.275246] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 242.360538] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 242.367688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.454613] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.461650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.722961] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 242.731680] team0: Port device team_slave_0 added [ 242.816516] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 242.825494] team0: Port device team_slave_1 added [ 242.913181] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 243.006659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 243.096422] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 243.104764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 243.114229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 243.202216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 243.209896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 243.219449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 00:10:02 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000100)=0xfffffffffffffffd, 0x360) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000200)={0x1, 0x8000}, 0x8) listen(r1, 0x0) sendto$inet6(r0, &(0x7f00004e8000), 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x1c) close(r0) [ 244.161785] IPVS: ftp: loaded support on port[0] = 21 [ 244.403731] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.410326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.417670] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.424297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.433903] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 244.440467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 246.358238] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.364947] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.373214] device bridge_slave_0 entered promiscuous mode [ 246.542706] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.549268] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.557729] device bridge_slave_1 entered promiscuous mode [ 246.703345] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 246.851311] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 247.208119] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 247.331838] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 247.977702] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 247.986356] team0: Port device team_slave_0 added [ 248.155820] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 248.164643] team0: Port device team_slave_1 added [ 248.292434] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 248.299523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 248.308694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.423482] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 248.430546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 248.439735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 248.579695] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 248.587960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 248.596998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 248.714708] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 248.722468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 248.731635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 00:10:07 executing program 2: syz_emit_ethernet(0x300600, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300002, 0x0, 0x0, @ipv4={[0x88caffff], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0x29, 0x0, 0x0, 0x0, [0x9, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}, @ipv4={[], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) [ 249.303121] IPVS: ftp: loaded support on port[0] = 21 [ 250.480480] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.487128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 250.494325] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.500859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 250.510084] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 250.516675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.617470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.219619] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 251.876152] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 251.882703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 251.890744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 252.106552] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.113284] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.121563] device bridge_slave_0 entered promiscuous mode [ 252.255301] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.262523] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.270764] device bridge_slave_1 entered promiscuous mode [ 252.418873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 252.489653] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.617994] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 253.108369] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 253.294365] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 253.569691] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 253.576840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 254.112124] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 254.120664] team0: Port device team_slave_0 added [ 254.247942] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 254.256733] team0: Port device team_slave_1 added [ 254.395749] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 254.591107] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 254.598182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 254.607129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 254.773932] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 254.781550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 254.790673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 254.997103] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 255.004886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 255.014114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 00:10:15 executing program 0: unshare(0x400) r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x40044102, &(0x7f0000000100)) 00:10:15 executing program 0: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x803, 0x1000000000003) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") listen(r0, 0x1) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) write(r2, &(0x7f0000000840), 0xff98) [ 256.795318] dccp_xmit_packet: Payload too large (65432) for featneg. 00:10:15 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) unshare(0x20400) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) ioctl$PPPIOCSFLAGS(r0, 0x40047459, 0xffffffffffffffff) [ 256.850252] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.856868] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.864160] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.870708] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.879688] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 256.886298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 00:10:16 executing program 3: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040), &(0x7f0000000080)=0x4) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000000c0)={0x4, [0x8, 0x100, 0x0, 0x8]}, &(0x7f0000000100)=0xc) setsockopt$inet6_int(r0, 0x29, 0x7f, &(0x7f0000000140)=0x80, 0x4) connect$vsock_dgram(r0, &(0x7f0000000180)={0x28, 0x0, 0x2711, @my=0x0}, 0x10) ioctl$BLKIOMIN(r0, 0x1278, &(0x7f00000001c0)) ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000200)=0x1) fallocate(r0, 0x2, 0x972e, 0x80) ioctl$DRM_IOCTL_AGP_INFO(r0, 0x80386433, &(0x7f0000000240)=""/245) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000340)={'NETMAP\x00'}, &(0x7f0000000380)=0x1e) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000003c0)=0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000400)=r1) r2 = socket$inet6(0xa, 0x0, 0x3) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000440)={0xf, @pix_mp={0x70c96491, 0x10000, 0x7d777f7f, 0xc, 0x2, [{0x2, 0xffff}, {0x8, 0x6}, {0x1000, 0x7}, {0x5f6, 0xc64}, {0x4ec4, 0x5}, {0x6, 0x40}, {0x414e, 0x3f}, {0x180, 0x8}], 0x0, 0xfffffffffffff4fc, 0x1, 0x1, 0x5}}) getsockopt$packet_int(r0, 0x107, 0x1b, &(0x7f0000000540), &(0x7f0000000580)=0x4) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f00000005c0)={0xffff, 0xffffffffffffff81, 0x3, 0x122, 0x0, 0x7}) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x3) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000640)={0xf, @sdr={0xb5315258, 0x5}}) r3 = add_key$user(&(0x7f0000000740)='user\x00', &(0x7f0000000780)={'syz', 0x0}, &(0x7f00000007c0)="7db156844b381ef8496530e6202b16ad46", 0x11, 0xfffffffffffffffd) keyctl$assume_authority(0x10, r3) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000800)={@hyper}) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc028ae92, &(0x7f0000000840)={0x7, 0x2}) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000880)={0x2}) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000900)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000a00)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x2000002}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)={0x68, r4, 0x10, 0x70bd2d, 0x25dfdbff, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x9, @media='udp\x00'}}}, ["", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x24000040}, 0x40) timer_create(0x0, &(0x7f0000000a40)={0x0, 0xc, 0x6, @tid=r1}, &(0x7f0000000a80)) getpeername$inet6(r2, &(0x7f0000000ac0)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, &(0x7f0000000b00)=0x1c) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000b40)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000bc0)={0xf, 0x8, 0xfa00, {r5, 0x8}}, 0x10) memfd_create(&(0x7f0000000c00)='user\x00', 0x4) 00:10:16 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) unshare(0x20400) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) ioctl$PPPIOCSFLAGS(r0, 0x40047459, 0xffffffffffffffff) [ 257.504438] IPVS: ftp: loaded support on port[0] = 21 [ 257.538965] 8021q: adding VLAN 0 to HW filter on device bond0 00:10:16 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) unshare(0x20400) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) ioctl$PPPIOCSFLAGS(r0, 0x40047459, 0xffffffffffffffff) 00:10:17 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) unshare(0x20400) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) ioctl$PPPIOCSFLAGS(r0, 0x40047459, 0xffffffffffffffff) 00:10:17 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_sctp(0xa, 0x200000405, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000000)={r2}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x7b, &(0x7f0000000040)={r2}, &(0x7f0000000100)=0x8) [ 258.257654] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 00:10:17 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) syz_open_pts(r0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2800) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x3, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000040)={0x1b7}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xe) 00:10:18 executing program 0: r0 = gettid() r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/arp\x00') fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x1, r0}) fcntl$getownex(r1, 0x10, &(0x7f00000001c0)) [ 258.973066] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 258.979579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.988001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.717297] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.630890] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.637644] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.645880] device bridge_slave_0 entered promiscuous mode [ 260.783274] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.789859] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.798368] device bridge_slave_1 entered promiscuous mode [ 260.949381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 261.148254] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 261.644348] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 261.862385] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 262.185925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 262.193045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 262.664117] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 262.672801] team0: Port device team_slave_0 added [ 262.811243] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 262.820029] team0: Port device team_slave_1 added [ 262.954344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 263.118083] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 263.125222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 263.134227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 263.338364] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 263.346240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 263.355348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 263.603768] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 263.611483] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 263.620756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 263.962251] ================================================================== [ 263.969708] BUG: KMSAN: uninit-value in __siphash_aligned+0x512/0xae0 [ 263.976327] CPU: 1 PID: 7420 Comm: syz-executor1 Not tainted 4.20.0-rc7+ #8 [ 263.983456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.992825] Call Trace: [ 263.995464] dump_stack+0x173/0x1d0 [ 263.999134] kmsan_report+0x120/0x290 [ 264.002987] kmsan_internal_check_memory+0x9a7/0xa20 [ 264.008259] __msan_instrument_asm_load+0x8a/0x90 [ 264.013156] __siphash_aligned+0x512/0xae0 [ 264.017511] secure_ipv6_port_ephemeral+0x110/0x220 [ 264.022593] inet6_hash_connect+0x11f/0x1a0 [ 264.026974] tcp_v6_connect+0x20ba/0x2890 [ 264.031191] ? __msan_poison_alloca+0x1e0/0x270 [ 264.035948] ? tcp_v6_pre_connect+0x130/0x130 [ 264.040487] __inet_stream_connect+0x2f9/0x1340 [ 264.045215] ? kmem_cache_alloc_trace+0x55a/0xb90 [ 264.050087] ? tcp_sendmsg_locked+0x6394/0x6be0 [ 264.054807] tcp_sendmsg_locked+0x65d5/0x6be0 [ 264.059333] ? aa_label_sk_perm+0xda/0x940 [ 264.063610] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 264.069004] ? aa_label_sk_perm+0x6d6/0x940 [ 264.073364] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 264.078760] ? futex_wait+0x912/0xc40 [ 264.082649] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 264.088054] ? ntfs_fill_super+0x1a64/0x10ca0 [ 264.092679] tcp_sendmsg+0xb2/0x100 [ 264.096340] ? tcp_sendmsg_locked+0x6be0/0x6be0 [ 264.101039] inet_sendmsg+0x54a/0x720 [ 264.104873] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 264.110259] ? security_socket_sendmsg+0x1bd/0x200 [ 264.115229] ? inet_getname+0x490/0x490 [ 264.119240] __sys_sendto+0x8c4/0xac0 [ 264.123117] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 264.128587] ? prepare_exit_to_usermode+0x114/0x420 [ 264.133617] ? syscall_return_slowpath+0x50/0x650 [ 264.138487] __se_sys_sendto+0x107/0x130 [ 264.142601] __x64_sys_sendto+0x6e/0x90 [ 264.146592] do_syscall_64+0xbc/0xf0 [ 264.150334] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 264.155542] RIP: 0033:0x457669 [ 264.158755] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.177689] RSP: 002b:00007ff05079dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 264.185445] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457669 [ 264.192729] RDX: 0000000000000000 RSI: 00000000204e8000 RDI: 0000000000000003 [ 264.200010] RBP: 000000000072bf00 R08: 0000000020b63fe4 R09: 000000000000001c [ 264.207290] R10: 0000000020000004 R11: 0000000000000246 R12: 00007ff05079e6d4 [ 264.214570] R13: 00000000004c4539 R14: 00000000004d75a8 R15: 00000000ffffffff [ 264.221875] [ 264.223557] Local variable description: ----combined@secure_ipv6_port_ephemeral [ 264.231008] Variable was created at: [ 264.234741] secure_ipv6_port_ephemeral+0x6a/0x220 [ 264.239688] inet6_hash_connect+0x11f/0x1a0 [ 264.244004] [ 264.245639] Bytes 2-7 of 8 are uninitialized [ 264.250056] Memory access of size 8 starts at ffff88814c2ff5f0 [ 264.256027] ================================================================== [ 264.263427] Disabling lock debugging due to kernel taint [ 264.268890] Kernel panic - not syncing: panic_on_warn set ... [ 264.274810] CPU: 1 PID: 7420 Comm: syz-executor1 Tainted: G B 4.20.0-rc7+ #8 [ 264.283306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.292668] Call Trace: [ 264.295336] dump_stack+0x173/0x1d0 [ 264.299015] panic+0x3ce/0x961 [ 264.302273] kmsan_report+0x285/0x290 [ 264.306109] kmsan_internal_check_memory+0x9a7/0xa20 [ 264.311262] __msan_instrument_asm_load+0x8a/0x90 [ 264.316387] __siphash_aligned+0x512/0xae0 [ 264.320682] secure_ipv6_port_ephemeral+0x110/0x220 [ 264.325752] inet6_hash_connect+0x11f/0x1a0 [ 264.330104] tcp_v6_connect+0x20ba/0x2890 [ 264.334302] ? __msan_poison_alloca+0x1e0/0x270 [ 264.339010] ? tcp_v6_pre_connect+0x130/0x130 [ 264.343525] __inet_stream_connect+0x2f9/0x1340 [ 264.348227] ? kmem_cache_alloc_trace+0x55a/0xb90 [ 264.353128] ? tcp_sendmsg_locked+0x6394/0x6be0 [ 264.357911] tcp_sendmsg_locked+0x65d5/0x6be0 [ 264.362467] ? aa_label_sk_perm+0xda/0x940 [ 264.366729] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 264.372164] ? aa_label_sk_perm+0x6d6/0x940 [ 264.376521] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 264.381899] ? futex_wait+0x912/0xc40 [ 264.385793] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 264.391225] ? ntfs_fill_super+0x1a64/0x10ca0 [ 264.395781] tcp_sendmsg+0xb2/0x100 [ 264.399441] ? tcp_sendmsg_locked+0x6be0/0x6be0 [ 264.404131] inet_sendmsg+0x54a/0x720 [ 264.407963] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 264.413341] ? security_socket_sendmsg+0x1bd/0x200 [ 264.418293] ? inet_getname+0x490/0x490 [ 264.422290] __sys_sendto+0x8c4/0xac0 [ 264.426149] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 264.431619] ? prepare_exit_to_usermode+0x114/0x420 [ 264.436652] ? syscall_return_slowpath+0x50/0x650 [ 264.441665] __se_sys_sendto+0x107/0x130 [ 264.445763] __x64_sys_sendto+0x6e/0x90 [ 264.449798] do_syscall_64+0xbc/0xf0 [ 264.453544] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 264.458747] RIP: 0033:0x457669 [ 264.461959] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.480870] RSP: 002b:00007ff05079dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 264.488628] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457669 [ 264.495954] RDX: 0000000000000000 RSI: 00000000204e8000 RDI: 0000000000000003 [ 264.503275] RBP: 000000000072bf00 R08: 0000000020b63fe4 R09: 000000000000001c [ 264.510553] R10: 0000000020000004 R11: 0000000000000246 R12: 00007ff05079e6d4 [ 264.517834] R13: 00000000004c4539 R14: 00000000004d75a8 R15: 00000000ffffffff [ 264.526220] Kernel Offset: disabled [ 264.529865] Rebooting in 86400 seconds..