Warning: Permanently added '10.128.0.117' (ECDSA) to the list of known hosts. 2018/11/11 06:22:23 fuzzer started 2018/11/11 06:22:28 dialing manager at 10.128.0.26:36043 2018/11/11 06:22:28 syscalls: 1 2018/11/11 06:22:28 code coverage: enabled 2018/11/11 06:22:28 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/11 06:22:28 setuid sandbox: enabled 2018/11/11 06:22:28 namespace sandbox: enabled 2018/11/11 06:22:28 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/11 06:22:28 fault injection: enabled 2018/11/11 06:22:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/11 06:22:28 net packed injection: enabled 2018/11/11 06:22:28 net device setup: enabled 06:25:19 executing program 0: msgrcv(0x0, &(0x7f0000003580)={0x0, ""/94}, 0x66, 0x0, 0x0) [ 255.335616] IPVS: ftp: loaded support on port[0] = 21 [ 259.253654] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.260147] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.269440] device bridge_slave_0 entered promiscuous mode [ 259.527179] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.533876] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.542741] device bridge_slave_1 entered promiscuous mode [ 259.774991] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 259.977687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 260.630013] bond0: Enslaving bond_slave_0 as an active interface with an up link 06:25:25 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) [ 260.969833] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 261.244836] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 261.251987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 261.534486] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 261.541745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 261.688275] IPVS: ftp: loaded support on port[0] = 21 [ 262.510699] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 262.519022] team0: Port device team_slave_0 added [ 262.873505] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 262.881873] team0: Port device team_slave_1 added [ 263.155231] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 263.163408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 263.172402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 263.540056] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 263.547292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 263.556369] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 263.868151] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 263.876043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 263.885446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 264.130325] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 264.138070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 264.147184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 265.318519] ip (7099) used greatest stack depth: 53216 bytes left [ 266.351949] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.358429] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.367200] device bridge_slave_0 entered promiscuous mode [ 266.523121] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.529594] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.538586] device bridge_slave_1 entered promiscuous mode [ 266.805360] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 267.174907] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 267.503141] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.509633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.516769] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.523340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.532137] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 267.982249] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 268.251935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 268.317261] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 268.635320] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 268.642490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 268.900702] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 268.907996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 06:25:34 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x12, 0x200, 0x4, 0x9}, 0x2c) close(r0) [ 269.643164] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 269.651288] team0: Port device team_slave_0 added [ 269.870499] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 269.878928] team0: Port device team_slave_1 added [ 270.119422] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 270.127682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 270.136756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 270.418398] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 270.425575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 270.434581] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 270.577356] IPVS: ftp: loaded support on port[0] = 21 [ 270.788901] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 270.796788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 270.806106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 271.125744] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 271.133997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 271.143300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 274.200357] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.206956] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.214042] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.220512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.229325] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 275.054485] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 275.501937] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.508413] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.517105] device bridge_slave_0 entered promiscuous mode [ 275.784948] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.791437] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.800374] device bridge_slave_1 entered promiscuous mode [ 276.069536] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 276.304185] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 277.047807] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 277.340380] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 277.671652] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 277.678728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 278.050403] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 278.057764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 06:25:43 executing program 3: bind$unix(0xffffffffffffffff, &(0x7f0000000040)=@file={0x0, "e91f7189591e9233614b00"}, 0x6e) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="4c0000001400197f09004b0101048c590188ffffcf3d34740600d4ff5bffff00e7e5ed7d00000000c855000000000f002758d60034650c0326356cdb47f6aaaa956086cbfe0db35200af4486", 0x4c}], 0x1) [ 278.990797] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 278.999155] team0: Port device team_slave_0 added [ 279.432403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 279.441301] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 279.450774] team0: Port device team_slave_1 added [ 279.788164] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 279.796439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 279.805434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 279.870027] IPVS: ftp: loaded support on port[0] = 21 [ 280.180985] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 280.188264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 280.197351] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 280.612358] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 280.620764] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 280.630147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 280.804184] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 280.970206] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 280.979214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 280.988264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 282.220188] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 282.226826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 282.235113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 283.635894] 8021q: adding VLAN 0 to HW filter on device team0 [ 284.965723] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.972423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.979370] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.986033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.995048] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 285.293400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 285.756968] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.763575] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.772354] device bridge_slave_0 entered promiscuous mode [ 286.117404] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.124296] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.132977] device bridge_slave_1 entered promiscuous mode [ 286.576709] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 286.916340] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 287.914635] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 288.020047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.305585] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 288.628267] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 288.635630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 288.966666] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 288.974206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 289.407748] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 290.025429] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 290.033804] team0: Port device team_slave_0 added [ 290.403602] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 290.412186] team0: Port device team_slave_1 added 06:25:55 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x2000b, 0xffffffffffff0001) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer2\x00', 0x141080, 0x0) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000480)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r3, 0x8991, &(0x7f0000000000)={'bond0\x00', @ifru_names='bond_slave_1\x00'}) ioctl$VIDIOC_ENCODER_CMD(r2, 0xc028564d, &(0x7f0000000680)={0x1, 0x1, [0xfff, 0x101, 0x3ff, 0x40, 0x0, 0xfffffffffffffffb, 0x8, 0x4f]}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r2, 0x80045400, &(0x7f00000004c0)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000240)='/dev/full\x00', 0x20a000, 0x0) ioctl$KDSKBSENT(r4, 0x4b49, &(0x7f0000000380)="e2da5cdea423495c8b5663b2d9e462f4e65c25cc8b2ba5e1349cd9ae758d94c045f53f48860fd0b3d8013a69034f6ac0d6e1e98dfe38d2d9e2e2c54d473c67bfa22bbf07fadb6002cda4dd466bf8b4ac1fd7837039b702b9d0fa204a8e5df87c3de67d40844e3ddd3c120aee61b90f3b98210922d8d4271c6df39457ffa88a8a1c33837414408c58e56e3fc11ec40ec466928864d45fe30bbdca4189941c975bc6fe8fb0e6bf8e2a58131d1b5d088066c68b8a6ee0c4e1fea78983de57627ebf6f449a310f966c64391d936f99802fb9320ae1cc") r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000780)='/dev/sequencer2\x00', 0x14003d, 0x0) sendto$inet(r1, &(0x7f00000000c0)="8dec431bb44aff53a310b4eabef65b9ca28574570c8753d962784ce7563c1f448215fd237bf4c9159a98e9205a38a1fef116825d2a67dccc355557378e26b4e71c9ead8245ce8f8727e4d5e348d6b048462955248e97e362bb149adcd5ad849873b82111c2ecfa383140f9d4c99f525041a886277a6592dbc6b9108911e88a440b93f5c0fae544676b44a19bf06aa255a549db9cb0a9221a90f33fec43b1d074bf", 0xa1, 0x1, &(0x7f0000000500)={0x2, 0x4e22}, 0x10) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000580)='fou\x00') sendmsg$FOU_CMD_DEL(r5, &(0x7f0000000640)={&(0x7f0000000540), 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r6, 0x0, 0x70bd28, 0x25dfdbfd, {}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0x3b}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e23}]}, 0x24}, 0x1, 0x0, 0x0, 0x20044000}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f0000000800)=ANY=[@ANYBLOB="817ac388b12f5258dcd9f0d1802d2d094bd0d0e7855bb65587033e35e4942bc9d0fb44b760ad4eb4f1c0e1b6b6018e46737c9f3ef43c0032446705d88e599dcf7b92381a"], 0x1}, 0x1, 0x0, 0x0, 0x8050}, 0x40) r7 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25d1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) keyctl$session_to_parent(0x12) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x200) dup2(r7, r5) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x100000c81, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) r9 = syz_open_dev$midi(&(0x7f00000006c0)='/dev/midi#\x00', 0x1, 0x40100) getsockopt$inet_pktinfo(r8, 0x0, 0x8, &(0x7f0000000300)={0x0, @remote, @loopback}, &(0x7f0000000340)=0xc) sendmsg$nl_route(r9, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="080001000000e82f"], 0x1}}, 0x4008000) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f00000007c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r10, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="01010000000000000000030000001400010008000100000000000800040000000000"], 0x1}}, 0x0) syz_open_dev$usb(&(0x7f0000000200)='/dev/bus/usb/00#/00#\x00', 0xff, 0x80000) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r9, 0x84, 0x65, &(0x7f0000000880), 0x7144e2a) [ 290.691047] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 290.697558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 290.705496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 290.871216] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 290.878599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 290.887409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 291.279509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 291.286780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 291.295900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 291.706997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 291.714771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 291.723976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 292.100209] IPVS: ftp: loaded support on port[0] = 21 [ 292.172457] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 292.181129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 292.190390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 292.432300] 8021q: adding VLAN 0 to HW filter on device team0 06:25:58 executing program 0: mkdir(&(0x7f00000004c0)='./file0\x00', 0x0) mount$fuseblk(&(0x7f0000000340)='/dev/loop0\x00', &(0x7f0000000600)='./file0\x00', &(0x7f0000000640)='fuseblk\x00', 0x0, &(0x7f0000000a40)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 06:25:58 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000280)='/dev/snd/seq\x00', 0x0, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000240), 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000200)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x2e400000, 0x0, 0x100000001, {0x0, 0x989680}, 0x81, 0x8}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$RTC_PIE_OFF(r2, 0x7006) connect$inet(r2, &(0x7f00000001c0)={0x2, 0x4e22, @rand_addr}, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x2, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f0000000380)={0x14, 0x88, 0xfa00, {r3, 0x3c, 0x0, @in6={0xa, 0x4e21, 0x5, @mcast1, 0x100}}}, 0x90) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r2, 0x40045731, &(0x7f0000000040)=0xffff) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f00000000c0)={0x1000000000, 0x3}) setsockopt$netlink_NETLINK_RX_RING(r2, 0x10e, 0x6, &(0x7f0000000080)={0xffffffff, 0xffffffff, 0xffffffff, 0x800}, 0x10) rt_sigreturn() setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f00000002c0)=[@in6={0xa, 0x6, 0xfff, @loopback, 0xfb46}], 0x1c) [ 293.559922] PANIC: double fault, error_code: 0x0 [ 293.564810] CPU: 1 PID: 7736 Comm: syz-executor0 Not tainted 4.19.0+ #82 [ 293.571708] ================================================================== [ 293.579107] BUG: KMSAN: uninit-value in irq_work_claim+0x153/0x390 [ 293.585452] CPU: 1 PID: 7736 Comm: syz-executor0 Not tainted 4.19.0+ #82 [ 293.592310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.601687] Call Trace: [ 293.604290] <#DF> [ 293.606469] dump_stack+0x32d/0x480 [ 293.610119] ? irq_work_claim+0x153/0x390 [ 293.614312] kmsan_report+0x19f/0x300 [ 293.618168] kmsan_internal_check_memory+0x35f/0x450 [ 293.623310] ? __msan_poison_alloca+0x1e0/0x2b0 [ 293.628028] kmsan_check_memory+0xd/0x10 [ 293.632114] irq_work_claim+0x153/0x390 [ 293.636133] irq_work_queue+0x44/0x280 [ 293.640053] vprintk_emit+0x693/0x790 [ 293.643922] vprintk_default+0x90/0xa0 [ 293.647860] vprintk_func+0x26b/0x2a0 [ 293.651704] printk+0x1a3/0x1f0 [ 293.655120] dump_stack_print_info+0x2c4/0x3c0 [ 293.659752] show_regs_print_info+0x37/0x40 [ 293.664108] show_regs+0x38/0x170 [ 293.667592] df_debug+0x86/0xb0 [ 293.670901] do_double_fault+0x362/0x480 [ 293.675007] double_fault+0x1e/0x30 [ 293.678676] RIP: 0010:kmsan_get_origin_address+0xa/0x370 [ 293.684155] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78 [ 293.703084] RSP: 0018:fffffe000003d000 EFLAGS: 00010086 [ 293.708471] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001 [ 293.715761] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150 [ 293.723055] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000 [ 293.730346] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088 [ 293.737648] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8 [ 293.744983] [ 293.747241] [ 293.750556] kmsan_memmove_origins+0xbd/0x1d0 [ 293.755087] ? kmsan_memmove_shadow+0xad/0xe0 [ 293.759620] __msan_memmove+0x6c/0x80 [ 293.763454] fixup_bad_iret+0x9b/0x130 [ 293.767380] error_entry+0xad/0xc0 [ 293.770936] RIP: 0000: (null) [ 293.774868] Code: Bad RIP value. [ 293.778251] RSP: a3fb7f:00007f3a54fe09c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 293.786159] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c [ 293.793450] RDX: e9ee43179c583e00 RSI: 0000000000000000 RDI: 0000000000000000 [ 293.800735] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 293.808023] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 293.815318] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 293.822625] ? general_protection+0x8/0x30 [ 293.826895] ? general_protection+0x8/0x30 [ 293.831162] [ 293.834533] [ 293.836177] Local variable description: ----__ai_ptr@irq_work_claim [ 293.842586] Variable was created at: [ 293.846326] irq_work_claim+0x4b/0x390 [ 293.850238] irq_work_queue+0x44/0x280 [ 293.854134] [ 293.855780] Byte 7 of 8 is uninitialized [ 293.859859] Memory access of size 8 starts at fffffe0000045a38 [ 293.865839] ================================================================== [ 293.873215] Disabling lock debugging due to kernel taint [ 293.878675] Kernel panic - not syncing: panic_on_warn set ... [ 293.878675] [ 293.886073] CPU: 1 PID: 7736 Comm: syz-executor0 Tainted: G B 4.19.0+ #82 [ 293.894315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.903689] Call Trace: [ 293.906288] <#DF> [ 293.908468] dump_stack+0x32d/0x480 [ 293.912148] panic+0x57e/0xb28 [ 293.915423] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 293.920907] kmsan_report+0x300/0x300 [ 293.924755] kmsan_internal_check_memory+0x35f/0x450 [ 293.929900] ? __msan_poison_alloca+0x1e0/0x2b0 [ 293.934625] kmsan_check_memory+0xd/0x10 [ 293.938713] irq_work_claim+0x153/0x390 [ 293.942735] irq_work_queue+0x44/0x280 [ 293.946655] vprintk_emit+0x693/0x790 [ 293.950512] vprintk_default+0x90/0xa0 [ 293.954434] vprintk_func+0x26b/0x2a0 [ 293.958267] printk+0x1a3/0x1f0 [ 293.962110] dump_stack_print_info+0x2c4/0x3c0 [ 293.966736] show_regs_print_info+0x37/0x40 [ 293.971092] show_regs+0x38/0x170 [ 293.974579] df_debug+0x86/0xb0 [ 293.977901] do_double_fault+0x362/0x480 [ 293.982004] double_fault+0x1e/0x30 [ 293.985664] RIP: 0010:kmsan_get_origin_address+0xa/0x370 [ 293.991139] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78 [ 294.010149] RSP: 0018:fffffe000003d000 EFLAGS: 00010086 [ 294.015542] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001 [ 294.022829] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150 [ 294.030127] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000 [ 294.038108] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088 [ 294.045398] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8 [ 294.052705] [ 294.054954] [ 294.058265] kmsan_memmove_origins+0xbd/0x1d0 [ 294.062793] ? kmsan_memmove_shadow+0xad/0xe0 [ 294.067322] __msan_memmove+0x6c/0x80 [ 294.071153] fixup_bad_iret+0x9b/0x130 [ 294.075075] error_entry+0xad/0xc0 [ 294.078633] RIP: 0000: (null) [ 294.082557] Code: Bad RIP value. [ 294.085937] RSP: a3fb7f:00007f3a54fe09c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 294.093841] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c [ 294.101136] RDX: e9ee43179c583e00 RSI: 0000000000000000 RDI: 0000000000000000 [ 294.108423] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 294.115709] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 294.122994] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 294.130294] ? general_protection+0x8/0x30 [ 294.134560] ? general_protection+0x8/0x30 [ 294.138829] [ 294.143169] Kernel Offset: disabled [ 294.146809] Rebooting in 86400 seconds..