[ 75.769667] audit: type=1800 audit(1550081289.820:25): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 75.789104] audit: type=1800 audit(1550081289.830:26): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 75.808475] audit: type=1800 audit(1550081289.840:27): pid=9748 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 77.271138] sshd (9813) used greatest stack depth: 53632 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. 2019/02/13 18:08:25 fuzzer started 2019/02/13 18:08:30 dialing manager at 10.128.0.26:43529 2019/02/13 18:08:30 syscalls: 1 2019/02/13 18:08:30 code coverage: enabled 2019/02/13 18:08:30 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/02/13 18:08:30 extra coverage: extra coverage is not supported by the kernel 2019/02/13 18:08:30 setuid sandbox: enabled 2019/02/13 18:08:30 namespace sandbox: enabled 2019/02/13 18:08:30 Android sandbox: /sys/fs/selinux/policy does not exist 2019/02/13 18:08:30 fault injection: enabled 2019/02/13 18:08:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/02/13 18:08:30 net packet injection: enabled 2019/02/13 18:08:30 net device setup: enabled 18:10:37 executing program 0: syzkaller login: [ 224.347170] IPVS: ftp: loaded support on port[0] = 21 [ 224.480828] chnl_net:caif_netlink_parms(): no params data found [ 224.551025] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.557690] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.565838] device bridge_slave_0 entered promiscuous mode [ 224.574177] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.580635] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.588696] device bridge_slave_1 entered promiscuous mode [ 224.618862] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.630061] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.656496] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.664801] team0: Port device team_slave_0 added [ 224.670945] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.679162] team0: Port device team_slave_1 added [ 224.685182] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 224.693371] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 224.796735] device hsr_slave_0 entered promiscuous mode [ 224.922470] device hsr_slave_1 entered promiscuous mode [ 224.983572] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 224.991083] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 225.017663] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.024179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.031216] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.037751] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.128044] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 225.134506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.145721] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 225.158653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.203946] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.246151] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.290006] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 225.322886] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 225.329001] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.344047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.352290] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.358733] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.374590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.383199] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.389643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.437211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.446475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.455689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.471484] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 225.483022] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 225.489082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 225.499293] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.507668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 225.534886] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 225.554029] 8021q: adding VLAN 0 to HW filter on device batadv0 18:10:39 executing program 0: 18:10:39 executing program 0: 18:10:39 executing program 0: 18:10:40 executing program 0: 18:10:40 executing program 0: 18:10:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000001c0)={[{0x5}]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000840)={[{}, {0x0, 0x6, 0x2000000, 0x0, 0x3}]}) [ 226.134702] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 18:10:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000001c0)={[{0x5}]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000840)={[{}, {0x0, 0x6, 0x2000000, 0x0, 0x3}]}) 18:10:40 executing program 0: r0 = socket$tipc(0x1e, 0x7, 0x0) fcntl$setsig(r0, 0xa, 0x3f) 18:10:40 executing program 0: unshare(0x400) r0 = syz_open_dev$sndpcmc(&(0x7f0000000780)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x401, 0x4) ppoll(&(0x7f0000000000), 0x20000000000001b8, 0x0, 0x0, 0xfffffffffffffc99) 18:10:40 executing program 0: unshare(0x20400) r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = getpgrp(0x0) syz_open_procfs(r1, &(0x7f0000000000)='personality\x00') setsockopt$inet_int(r0, 0x0, 0x22, &(0x7f0000000080), 0x1) 18:10:40 executing program 0: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0x0, 0x61717779, 0x2, @stepwise={0x20, 0xd8, 0x2, 0xfffffffffffffffd, 0x5, 0x64}}) bind(r0, &(0x7f0000000180)=@vsock={0x28, 0x0, 0xffffffff, @host}, 0x80) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={0x0, 0x7}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0x3, 0x8000, 0x9, 0x7ff, r2}, 0x10) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) fcntl$setsig(r1, 0xa, 0x3d) ioctl$KVM_SET_TSS_ADDR(r3, 0xae47, 0xfffffdfd) 18:10:40 executing program 0: r0 = syz_open_dev$dmmidi(0x0, 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x0, 0x10000) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000001c0)={0x0, 0x401}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000340)={r2, 0x9}, 0xc) syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x20000000, 0x200040) epoll_pwait(r0, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}], 0x6, 0x9c, &(0x7f00000000c0)={0x80000000}, 0x8) r3 = memfd_create(&(0x7f0000000100)='-vmnet0\',^]$\x00', 0x0) r4 = syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x20000057d) r5 = dup2(r4, r3) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) fcntl$setpipe(r4, 0x407, 0xfffffffffffffffe) write$P9_RLINK(r5, &(0x7f0000000000)={0x7}, 0x285) 18:10:40 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x11, 0x68, &(0x7f0000000000), 0x4) close(r0) 18:10:41 executing program 0: open(&(0x7f0000000000)='./file0\x00', 0x20000, 0xe4) chdir(0x0) prctl$PR_SET_PDEATHSIG(0x1, 0x40000000038) symlink(&(0x7f0000000800)='./file0/file0\x00', &(0x7f0000000840)='./file0\x00') umount2(&(0x7f00000005c0)='./file0/../file0/file0\x00', 0x0) 18:10:41 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x104e20, 0x40, @remote}, 0x1c) listen(r0, 0x20000000) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) poll(&(0x7f0000000100)=[{r1}], 0x1, 0x0) 18:10:41 executing program 0: mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x6, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000040)=0x7f, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd320-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x159, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) 18:10:41 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x7, 0x1f, 0x3}, &(0x7f0000000280)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={r2, 0x800, 0x10001}, 0x8) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2000, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(r3, 0x40305652, &(0x7f00000000c0)={0x1f, 0x3, 0x7fc00000, 0x6, 0x51e, 0x1, 0x80000000}) sendmsg$nl_xfrm(r1, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)={@multicast2, @local, 0x0, 0x4}, 0x10) ioctl$FS_IOC_SETFSLABEL(r3, 0x41009432, &(0x7f0000000180)="fce4a52815e623b9adee40b0e77ab003d6b2fd24e2cebf121148a031919ff7f848ec79700d19e5eea23a90bc0c313f90ae01e50cf5817c13cd27db94115cf047af84b387cc9b57c759c10033b9fbb1d1cd00882fd04b6598a666135fd7d0ba7af0f00b58410f20863a1c7bb9102ae9bad7496ab7a816d0be271af798b4463d1d107d4a6d8f3d1561a37bb83cffebeef732bf5d08d3e3a93e03da2b9e77d82c2d2709ff55315032d73d094491b137d7480a3f2089b54de30843bbf994b388fdd4feb0eabf7e8bdd3464ffff57663a409697f48293bd9c40617992311669fabb9750f113ee4773c92ff6e7527a5041ae3a67ba72ed581fc9498f6f774e61cbe13c") 18:10:41 executing program 0: r0 = getpid() process_vm_writev(r0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/10, 0xa}], 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/37, 0x25}, {&(0x7f00000001c0)=""/10, 0xa}, {&(0x7f0000000cc0)=""/238, 0xee}], 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000740)=""/29, 0x1d}], 0x1}}], 0x1, 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000f40)=[{&(0x7f0000001fc0)=""/148, 0x94}, {&(0x7f0000002180)=""/223, 0xdf}], 0x2}, 0x40000000) process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000a00)=""/224, 0xe0}], 0x1, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f00000006c0)=@hci, 0x80, 0x0, 0x0, &(0x7f00000024c0)=""/129, 0x81}, 0x0) process_vm_writev(0x0, &(0x7f0000000b80)=[{&(0x7f00000007c0)=""/186, 0xba}, {&(0x7f0000000280)=""/19, 0x13}, {&(0x7f0000000900)=""/124, 0x7c}], 0x3, 0x0, 0x0, 0x0) socket$pptp(0x18, 0x1, 0x2) sendto(r1, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000c80)=[{&(0x7f0000000b00)=""/39, 0x27}, {&(0x7f0000000bc0)=""/139, 0x8b}], 0x2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) 18:10:42 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x85ce, 0x400) flock(r0, 0x1) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)="8194d49713c6c01cf049d3222060c7e766255aea6b76b92682c9d0c118f97afcebf1e274b578abc9a83b3427454d1f563070f30d996b492736ce3b2f57ab48f6e52b5f77e405a36f88cb972f4ff6a2665d71dd", 0x53, 0xfffffffffffffffa) r2 = add_key(&(0x7f0000000140)='rxrpc\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)="fea17bf578934e4032be4f0118dc1c4888bf9b877ca0648e7aa9a8abc8e888b5ce250dbab8f26a0616f21e68378f9f970b5bca6590bcb49f9d360431a5cc8e7aaca568f7cbccfecec20878c9f5ae0b13bead990200fd8c5cc8639c2fae5f839f1743008a1daa6675bcbf820b95e1bb047a2a1dc1dd42e469a10d7e1abb1283f95304b8b0278dabf9bef200115ffb9e4731c53b64c1c1776d537f1c5c3908714f8b1e85093a066c2cc25596cddd3e4519045c84db2f86ffa0c2f52389e64614822021e3", 0xc3, 0xfffffffffffffffe) keyctl$reject(0x13, r1, 0x42c1028a, 0x5, r2) r3 = syz_open_dev$vcsn(&(0x7f00000002c0)='/dev/vcs#\x00', 0x10001, 0x200000) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f0000000300)=""/59) keyctl$join(0x1, &(0x7f0000000340)={'syz', 0x0}) r4 = syz_open_dev$admmidi(&(0x7f0000000380)='/dev/admmidi#\x00', 0x5, 0x14201) ioctl$EVIOCGID(r4, 0x80084502, &(0x7f00000003c0)=""/118) ioctl$SG_GET_KEEP_ORPHAN(r3, 0x2288, &(0x7f0000000440)) getsockopt$IP_VS_SO_GET_SERVICES(r3, 0x0, 0x482, &(0x7f0000000480)=""/9, &(0x7f00000004c0)=0x9) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000500)={0x0, 0x7}, &(0x7f0000000540)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000580)={r5, 0x1000, 0x7}, 0x8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f00000005c0)={r5}, &(0x7f0000000600)=0x8) ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f0000000640)={0x7, 0x1, @raw_data=[0x1, 0x358b3f6c, 0x3, 0x4, 0x7, 0x9, 0xd5, 0x7, 0x9, 0x1, 0xff, 0x40, 0x2, 0x8000, 0xb69, 0x47b]}) pwritev(r0, &(0x7f0000000880)=[{&(0x7f00000006c0)="499cb31e5a5e210c640cfc6f2f42073e45fcc11c5443fdd845548bae60465e38959d2e52d8815c3a6202bbd0f9191bdae16905c0723a2c32bbcd06348eff29052e51028a57345e1782c6f81f58f5ad5833eec82122e8dd0b77751bac5d172da34d19a126072c902e53addcd4b37918de0e7f43a88a851e0ec20b17ee09316d78fdce22435d5d7bafc444baa34aa4833559dc46ea52541c9792958636ae518195e4f960c4cd54f84953981210c011a6447f086a616b0cf09fbba5b6424fa432b74cdbd87d5165c5a73a71e3b7397710529029db20e9aa9309af7044e7e3027fcb58b7b760d32dc41630b6718f", 0xec}, {&(0x7f00000007c0)="ecb074fd2e4bcd20f9a5bdcb33f510f331643e2a54adfccf45431bbceeaef97f0b2f2d05552bd979dd1fe8065073e8f32fcbf0f67f0f55555cd4e49cbc739baa20fa0d0b82d2f5dd9542d35247ef7e2256e04d95c81508080a7001e60a9113da588c2ef2c4807abe445d974819403cd68a40272534bc037de9a371ad9ae01842d80d3b07fa02c6893f698fd25edcc79a64f4851e5bb45c7804", 0x99}], 0x2, 0x0) ioctl$TIOCSLCKTRMIOS(r3, 0x5457, &(0x7f00000008c0)) getpeername$packet(r4, &(0x7f0000000900)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000940)=0x14) setsockopt$inet6_IPV6_PKTINFO(r4, 0x29, 0x32, &(0x7f0000000980)={@ipv4={[], [], @empty}, r6}, 0x14) ioctl$IOC_PR_PREEMPT_ABORT(r4, 0x401870cc, &(0x7f00000009c0)={0x1f, 0x7, 0x772, 0x1000}) socket$l2tp(0x18, 0x1, 0x1) prctl$PR_SET_DUMPABLE(0x4, 0x1) ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000a00)=[0x6, 0x800]) ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000a40)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r4, 0xc010641d, &(0x7f0000000b80)={r7, &(0x7f0000000a80)=""/249}) ioctl$UI_BEGIN_FF_UPLOAD(r4, 0xc06855c8, &(0x7f0000000bc0)={0x8, 0x67, {0x53, 0x5, 0x200, {0x8, 0x2}, {0x200, 0x7ff}, @ramp={0x1, 0xfffffffffffffffb, {0x401, 0x3, 0x7, 0x40}}}, {0x57, 0x143, 0x5, {0x100000000, 0x6}, {0x2, 0x7}, @cond=[{0x8, 0x9, 0x5c, 0x40, 0x9, 0x1}, {0x0, 0x7ff, 0x6, 0x6, 0x400, 0x1}]}}) ioctl$TCXONC(r4, 0x540a, 0x7) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000c40)={r4, 0x46, 0x7, r4}) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000c80)=0x80) 18:10:42 executing program 0: semget$private(0x0, 0x0, 0x4) r0 = semget$private(0x0, 0x3, 0x40) semctl$IPC_RMID(r0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, 0x0, &(0x7f0000000040)) semget$private(0x0, 0x7, 0x2) 18:10:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = msgget$private(0x0, 0x24) msgctl$MSG_INFO(r2, 0xc, &(0x7f0000000080)=""/85) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$NBD_SET_SIZE_BLOCKS(r3, 0xab07, 0xffffffffffff85bd) r4 = dup2(r3, r1) setsockopt$inet_icmp_ICMP_FILTER(r4, 0x1, 0x1, &(0x7f0000000000), 0x4) ioctl(r3, 0x1000008912, &(0x7f0000000040)="0af51f023c123f3188a070") r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$TIOCCBRK(r4, 0x5428) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0xffffffb9, 0x0, 0x0, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r5, 0xc008ae88, &(0x7f0000000340)={0x7b, 0x0, [0x20000048d]}) 18:10:42 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000280)='/dev/snd/seq\x00', 0x0, 0x0) syz_open_dev$vbi(0x0, 0xffffffffffffffff, 0x2) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x40201, 0x0) sync_file_range(r0, 0x7, 0x1, 0x1) select(0x40, &(0x7f0000001300), 0x0, &(0x7f0000001380)={0x3f}, &(0x7f00000013c0)={0x0, 0x2710}) [ 228.517678] IPVS: ftp: loaded support on port[0] = 21 18:10:42 executing program 0: r0 = open(&(0x7f0000000240)='./file0\x00', 0x20000, 0x104) setsockopt$inet_int(r0, 0x0, 0x1f, &(0x7f00000002c0)=0x100, 0x4) bind$rxrpc(r0, &(0x7f0000000300)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e22, @rand_addr=0x800000000}}, 0x24) syz_open_dev$sndctrl(&(0x7f0000000340)='/dev/snd/controlC#\x00', 0x0, 0x440002) fcntl$setlease(r0, 0x400, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x81}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x0, 0x4, 0x8, 0x25dfdbfb, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x880) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') ioctl$IMGETCOUNT(r0, 0x80044943, &(0x7f0000000380)) sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x21, 0x0, 0x0, {{}, 0x0, 0x4107}}, 0x1c}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'lapb0\x00', 0x200}) syz_open_dev$rtc(&(0x7f0000000140)='/dev/rtc#\x00', 0x9, 0x0) [ 228.694000] chnl_net:caif_netlink_parms(): no params data found [ 228.733364] ================================================================== [ 228.740782] BUG: KMSAN: uninit-value in tipc_nl_compat_doit+0x5b3/0xaf0 [ 228.747557] CPU: 0 PID: 9999 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 228.754664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 228.761213] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.764020] Call Trace: [ 228.764077] dump_stack+0x173/0x1d0 [ 228.764102] kmsan_report+0x12e/0x2a0 [ 228.764157] __msan_warning+0x82/0xf0 [ 228.770644] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.773144] tipc_nl_compat_doit+0x5b3/0xaf0 [ 228.773165] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 228.773197] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 228.773219] tipc_nl_compat_recv+0x14d1/0x2750 [ 228.773253] ? tipc_nl_node_dump+0x1300/0x1300 [ 228.778499] device bridge_slave_0 entered promiscuous mode [ 228.780664] ? tipc_nl_compat_link_dump+0x5f0/0x5f0 [ 228.780695] ? tipc_netlink_compat_stop+0x40/0x40 [ 228.787110] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.790790] genl_rcv_msg+0x185f/0x1a60 [ 228.790883] netlink_rcv_skb+0x431/0x620 [ 228.795397] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.800455] ? genl_unbind+0x390/0x390 [ 228.807249] device bridge_slave_1 entered promiscuous mode [ 228.810224] genl_rcv+0x63/0x80 [ 228.836792] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 228.840538] netlink_unicast+0xf3e/0x1020 [ 228.847677] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 228.850913] netlink_sendmsg+0x127f/0x1300 [ 228.872939] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 228.875458] ___sys_sendmsg+0xdb9/0x11b0 [ 228.875490] ? netlink_getsockopt+0x1460/0x1460 [ 228.884545] team0: Port device team_slave_0 added [ 228.887254] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 228.895318] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 228.897956] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 228.897974] ? __fget_light+0x6e1/0x750 [ 228.898000] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 228.898027] __se_sys_sendmsg+0x305/0x460 [ 228.904117] team0: Port device team_slave_1 added [ 228.907542] __x64_sys_sendmsg+0x4a/0x70 [ 228.913856] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 228.919350] do_syscall_64+0xbc/0xf0 [ 228.919373] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 228.919386] RIP: 0033:0x457e29 [ 228.919400] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 228.919418] RSP: 002b:00007ff7a9c45c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 228.926117] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 228.928732] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 228.928750] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 228.928760] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 228.928769] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff7a9c466d4 [ 228.928779] R13: 00000000004cb7d8 R14: 00000000004d8e30 R15: 00000000ffffffff [ 228.928810] [ 229.037528] Uninit was created at: [ 229.041085] kmsan_internal_poison_shadow+0x92/0x150 [ 229.046199] kmsan_kmalloc+0xa6/0x130 [ 229.050001] kmsan_slab_alloc+0xe/0x10 [ 229.053892] __kmalloc_node_track_caller+0xe9e/0xff0 [ 229.059001] __alloc_skb+0x309/0xa20 [ 229.062717] netlink_sendmsg+0xb82/0x1300 [ 229.066898] ___sys_sendmsg+0xdb9/0x11b0 [ 229.071092] __se_sys_sendmsg+0x305/0x460 [ 229.075243] __x64_sys_sendmsg+0x4a/0x70 [ 229.079327] do_syscall_64+0xbc/0xf0 [ 229.083055] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 229.088245] ================================================================== [ 229.095597] Disabling lock debugging due to kernel taint [ 229.101053] Kernel panic - not syncing: panic_on_warn set ... [ 229.106959] CPU: 0 PID: 9999 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 229.115448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.124813] Call Trace: [ 229.127412] dump_stack+0x173/0x1d0 [ 229.131055] panic+0x3d1/0xb01 [ 229.134294] kmsan_report+0x293/0x2a0 [ 229.138112] __msan_warning+0x82/0xf0 [ 229.141923] tipc_nl_compat_doit+0x5b3/0xaf0 [ 229.146342] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.151556] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.156856] tipc_nl_compat_recv+0x14d1/0x2750 [ 229.161549] ? tipc_nl_node_dump+0x1300/0x1300 [ 229.166158] ? tipc_nl_compat_link_dump+0x5f0/0x5f0 [ 229.171194] ? tipc_netlink_compat_stop+0x40/0x40 [ 229.176062] genl_rcv_msg+0x185f/0x1a60 [ 229.180093] netlink_rcv_skb+0x431/0x620 [ 229.184174] ? genl_unbind+0x390/0x390 [ 229.188097] genl_rcv+0x63/0x80 [ 229.191384] netlink_unicast+0xf3e/0x1020 [ 229.195555] netlink_sendmsg+0x127f/0x1300 [ 229.199827] ___sys_sendmsg+0xdb9/0x11b0 [ 229.203909] ? netlink_getsockopt+0x1460/0x1460 [ 229.208597] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.213809] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 229.219179] ? __fget_light+0x6e1/0x750 [ 229.223171] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.228372] __se_sys_sendmsg+0x305/0x460 [ 229.232558] __x64_sys_sendmsg+0x4a/0x70 [ 229.236623] do_syscall_64+0xbc/0xf0 [ 229.240348] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 229.245541] RIP: 0033:0x457e29 [ 229.248753] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 229.267668] RSP: 002b:00007ff7a9c45c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 229.275384] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 229.282653] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 229.289924] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 229.297198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff7a9c466d4 [ 229.304470] R13: 00000000004cb7d8 R14: 00000000004d8e30 R15: 00000000ffffffff [ 229.313008] Kernel Offset: disabled [ 229.316633] Rebooting in 86400 seconds..