[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 96.363755] audit: type=1800 audit(1548315123.428:25): pid=10547 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 96.382952] audit: type=1800 audit(1548315123.428:26): pid=10547 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 96.402391] audit: type=1800 audit(1548315123.448:27): pid=10547 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. 2019/01/24 07:32:16 fuzzer started 2019/01/24 07:32:22 dialing manager at 10.128.0.26:34019 2019/01/24 07:32:22 syscalls: 1 2019/01/24 07:32:22 code coverage: enabled 2019/01/24 07:32:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/24 07:32:22 extra coverage: extra coverage is not supported by the kernel 2019/01/24 07:32:22 setuid sandbox: enabled 2019/01/24 07:32:22 namespace sandbox: enabled 2019/01/24 07:32:22 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/24 07:32:22 fault injection: enabled 2019/01/24 07:32:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/24 07:32:22 net packet injection: enabled 2019/01/24 07:32:22 net device setup: enabled 07:35:16 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x200000b8) mmap(&(0x7f00006ff000/0x3000)=nil, 0x3000, 0x0, 0x2000000012, r0, 0x0) read(r0, 0x0, 0x0) syzkaller login: [ 290.682627] IPVS: ftp: loaded support on port[0] = 21 [ 290.861497] chnl_net:caif_netlink_parms(): no params data found [ 290.937273] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.944035] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.952598] device bridge_slave_0 entered promiscuous mode [ 290.962653] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.969174] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.977697] device bridge_slave_1 entered promiscuous mode [ 291.013297] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 291.024813] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 291.056657] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 291.065513] team0: Port device team_slave_0 added [ 291.073031] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 291.081698] team0: Port device team_slave_1 added [ 291.088582] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 291.097325] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 291.277441] device hsr_slave_0 entered promiscuous mode [ 291.423098] device hsr_slave_1 entered promiscuous mode [ 291.683886] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 291.691508] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 291.724717] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.731273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.738630] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.745224] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.842603] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.854018] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.876842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 291.890226] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 291.904126] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 291.910903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 291.919407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 291.932378] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 291.938489] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.950973] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 291.958250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 291.967166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 291.975574] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.982271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.997481] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 292.009963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 292.017816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 292.026522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 292.035453] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.042000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.051100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 292.068987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 292.081474] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 292.094850] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 292.102384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 292.111957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 292.121274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 292.130532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 292.140665] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 292.152491] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 292.166288] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 292.175235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 292.184042] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 292.202387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 292.209334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 292.217961] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 292.234844] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 292.240946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 292.272687] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 292.298029] 8021q: adding VLAN 0 to HW filter on device batadv0 07:35:19 executing program 0: setreuid(0x0, 0xee01) r0 = msgget(0x1, 0x0) msgctl$IPC_SET(r0, 0x1, 0x0) 07:35:19 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp\x00') sendfile(r1, r2, 0x0, 0x100000001) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x0) 07:35:19 executing program 0: shmget(0x3, 0x4000, 0x378, &(0x7f0000ff9000/0x4000)=nil) 07:35:20 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0xa102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000002c0)={@ipv4, 0x0, 0x0, 0x0, 0x5}, 0x16d) socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, 0x0, &(0x7f0000000080)) [ 293.024922] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 293.060665] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable 07:35:20 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xe, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8", 0x0, 0x1200}, 0x28) 07:35:20 executing program 0: ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0xf0577d56a951a69, 0xffffffffffffff9c}) pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000040)="96fdac58fde35a478d322407f4f3c4ee9a8d42aae11efdda1dd0de32184804b5020a0a9da7c58b3ea66a88c7dcc467d42dffc6a7f293156d51c1c1ad5160d28a965903ae5722610943c839ee859bfae50793e8cd0eec7a5a914a44b29df73bc6a76358dd7f1aee1dda79fd2170ca52609582399c51cc9f6bd823c444dc8c7892", 0x80}, {&(0x7f0000000300)="e64e7c6f918f572dc4894755f3e13f846f6b744431da2742e2b06287b1e0f8760a50337c9a89d13f45250725417bf12d79ebcfbb56c1e9e4ba5ec8d3bc439af2b6b06acd58bd11bb9ec55c5f8c92f9e84b2c7695387c5f80b19807415d652105b8d80491eea2a18cb1dc2401071bbec870172a802e33ba3819ac3fb6009c42eabc799cb066aee04d4ac0fdd036c918ec00d1354cd8757771398a78b131c8b2a1fa06dab733b9ca7d141b7b1317d071f780217874cc54b6c45aa0fd8e7a8c3d74d176bcf6206adeaa571b128876f48667aba3fef480ccbb6084042b12f12a40997f14d650a602fc3ee8", 0xe9}, {&(0x7f0000000580)="286d003c628c6e7526368d9138629deecb28065cfb03b4a5e5d495541c883d1d0c9663a9a85176c11878558e62d791d2825ea1a8746d6a3c4e24e632230b2d8c5c5a6e11a601a346f02639978549c8b8a5b48688107261016982d7d2c0c70a832585762e72aa48fae59139cd7f8b46323efe08e7abdd45bb6a45a872fe9e9534a586c75000df08ac24962bad2e2a227749b9215dec4ee7e9b4ec7303c20bf8a616d5ff86253d7f456f5b5300fd11840841d64053727944fd67ba0ddc843f106e421f2f59d83927e12c474e43b39678645a99e91a1db32a2bae339963730127", 0xdf}, {&(0x7f0000000680)="f95f99754b3fac70af25e5a8b2931e74a1df648efd4582b2f1c25478c81aac7e6dea7b9e12b16e76e12e57310bd1e133789de32717ad1c91bf556dfcc9721ccbefae4e8f1821f6a79643a57c5ac7b466991101cbb37f05e1b14314fed177d916466eb661e7c4cd986998cf1b46f433c0b34b90c1efc02069235b08509b284e27ee22d9dd11ccd98d461baf4c409cea1c6f5c7cef19da8a3cbefe56c7e13a147e8277531f22769692878b22612647159efcd1a0335ba335f6d570d3355064f33be79a", 0xc2}, {&(0x7f0000000100)="3eab9dd02d618bdfb5", 0x9}, {&(0x7f0000000780)="b537900ad7028016f2c55a70109a3bbe8c80e90e7c7ac73bbf758b806ed46425e732dcca1584ced3ff20d7977f8018615a324833585f696bb210b3b8288c2eadb6d93525b2ed8cbdfae6e279e85c3761a1b099dbd6bafa242a4dcd29fae25e2067f15656456a39f4f64ad24422a1522bf8bf5b9ce401d35519f66a8a44fe5a40c0240b85398bd552ee5fb805d1bc3acd45b5ffbf334cc04136473f10c2a119afc6828db28ec7cad7519febfa6f6233fc15d7ff3616f6aefa5cbda63e67505584e9258e82f7a16f", 0xc7}, {&(0x7f0000000880)="ed694d324dc617aef2b13252dfcb21d5e8996498b526f6e5bd5c709b7cc5aa964fee82a183afa2d244794bc96f8d5bb99beef51879c3f70daabc73c0827090f56b0f053a60de3a5f7f8af0693c4e967e0c8cae0ea2226969c5a479c22339395e0bc026f49bb425c63a89efacb07b0129434fe139a1764da81a31e845d26c2dbd0859cefe8bb4d3f4587b950d408dbb0b6aeababf9d8ad41af4974291c8d7a86a5d3b6c1a", 0xa4}], 0x7, 0x3b) r1 = syz_open_dev$usbmon(&(0x7f0000000400)='/dev/usbmon#\x00', 0x6, 0x501000) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000480)={0x1, 0x6, 0x3}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r3 = accept$alg(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)="326fa862b92be1fb480b4a6b55541ada3596f347cd6748e364284bd2e2046aa373b2e3e40a57e2dc7a783e1365f3db340124ab754d76abedee3fbd5d5e0f1b9969", 0x41}], 0x1, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r3, &(0x7f0000000140)={0x0, 0xfffffde8, &(0x7f0000001600)=[{&(0x7f0000000500)=""/84, 0x1b}, {&(0x7f0000001640)=""/4096, 0x11f8}], 0x2, &(0x7f00000000c0)=""/50, 0x32}, 0x0) 07:35:20 executing program 0: ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0xf0577d56a951a69, 0xffffffffffffff9c}) pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000040)="96fdac58fde35a478d322407f4f3c4ee9a8d42aae11efdda1dd0de32184804b5020a0a9da7c58b3ea66a88c7dcc467d42dffc6a7f293156d51c1c1ad5160d28a965903ae5722610943c839ee859bfae50793e8cd0eec7a5a914a44b29df73bc6a76358dd7f1aee1dda79fd2170ca52609582399c51cc9f6bd823c444dc8c7892", 0x80}, {&(0x7f0000000300)="e64e7c6f918f572dc4894755f3e13f846f6b744431da2742e2b06287b1e0f8760a50337c9a89d13f45250725417bf12d79ebcfbb56c1e9e4ba5ec8d3bc439af2b6b06acd58bd11bb9ec55c5f8c92f9e84b2c7695387c5f80b19807415d652105b8d80491eea2a18cb1dc2401071bbec870172a802e33ba3819ac3fb6009c42eabc799cb066aee04d4ac0fdd036c918ec00d1354cd8757771398a78b131c8b2a1fa06dab733b9ca7d141b7b1317d071f780217874cc54b6c45aa0fd8e7a8c3d74d176bcf6206adeaa571b128876f48667aba3fef480ccbb6084042b12f12a40997f14d650a602fc3ee8", 0xe9}, {&(0x7f0000000580)="286d003c628c6e7526368d9138629deecb28065cfb03b4a5e5d495541c883d1d0c9663a9a85176c11878558e62d791d2825ea1a8746d6a3c4e24e632230b2d8c5c5a6e11a601a346f02639978549c8b8a5b48688107261016982d7d2c0c70a832585762e72aa48fae59139cd7f8b46323efe08e7abdd45bb6a45a872fe9e9534a586c75000df08ac24962bad2e2a227749b9215dec4ee7e9b4ec7303c20bf8a616d5ff86253d7f456f5b5300fd11840841d64053727944fd67ba0ddc843f106e421f2f59d83927e12c474e43b39678645a99e91a1db32a2bae339963730127", 0xdf}, {&(0x7f0000000680)="f95f99754b3fac70af25e5a8b2931e74a1df648efd4582b2f1c25478c81aac7e6dea7b9e12b16e76e12e57310bd1e133789de32717ad1c91bf556dfcc9721ccbefae4e8f1821f6a79643a57c5ac7b466991101cbb37f05e1b14314fed177d916466eb661e7c4cd986998cf1b46f433c0b34b90c1efc02069235b08509b284e27ee22d9dd11ccd98d461baf4c409cea1c6f5c7cef19da8a3cbefe56c7e13a147e8277531f22769692878b22612647159efcd1a0335ba335f6d570d3355064f33be79a", 0xc2}, {&(0x7f0000000100)="3eab9dd02d618bdfb5", 0x9}, {&(0x7f0000000780)="b537900ad7028016f2c55a70109a3bbe8c80e90e7c7ac73bbf758b806ed46425e732dcca1584ced3ff20d7977f8018615a324833585f696bb210b3b8288c2eadb6d93525b2ed8cbdfae6e279e85c3761a1b099dbd6bafa242a4dcd29fae25e2067f15656456a39f4f64ad24422a1522bf8bf5b9ce401d35519f66a8a44fe5a40c0240b85398bd552ee5fb805d1bc3acd45b5ffbf334cc04136473f10c2a119afc6828db28ec7cad7519febfa6f6233fc15d7ff3616f6aefa5cbda63e67505584e9258e82f7a16f", 0xc7}, {&(0x7f0000000880)="ed694d324dc617aef2b13252dfcb21d5e8996498b526f6e5bd5c709b7cc5aa964fee82a183afa2d244794bc96f8d5bb99beef51879c3f70daabc73c0827090f56b0f053a60de3a5f7f8af0693c4e967e0c8cae0ea2226969c5a479c22339395e0bc026f49bb425c63a89efacb07b0129434fe139a1764da81a31e845d26c2dbd0859cefe8bb4d3f4587b950d408dbb0b6aeababf9d8ad41af4974291c8d7a86a5d3b6c1a", 0xa4}], 0x7, 0x3b) r1 = syz_open_dev$usbmon(&(0x7f0000000400)='/dev/usbmon#\x00', 0x6, 0x501000) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f0000000480)={0x1, 0x6, 0x3}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r3 = accept$alg(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)="326fa862b92be1fb480b4a6b55541ada3596f347cd6748e364284bd2e2046aa373b2e3e40a57e2dc7a783e1365f3db340124ab754d76abedee3fbd5d5e0f1b9969", 0x41}], 0x1, &(0x7f0000000100)}], 0x1, 0x0) recvmsg(r3, &(0x7f0000000140)={0x0, 0xfffffde8, &(0x7f0000001600)=[{&(0x7f0000000500)=""/84, 0x1b}, {&(0x7f0000001640)=""/4096, 0x11f8}], 0x2, &(0x7f00000000c0)=""/50, 0x32}, 0x0) 07:35:20 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="2e0000003100818be45ae087185082cf0324b0eba06ec400002339ef0586f9075b3f00169148790700d90080e230", 0x2e}], 0x1}, 0x0) r1 = accept4(r0, &(0x7f0000000100)=@nl, &(0x7f0000000200)=0x80, 0x80000) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000240)={0x0, 0xfff}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000002c0)={r2, 0xff, 0x1, [0xd0]}, 0xa) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x400, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000480)=ANY=[@ANYBLOB="0200000000000000070000c0050000000400000059000000018000000000000002000080fdb0000001000000ff0700000100000000000000b89dbe447ec541eb64fe2f7d15243353157b7a85f67d2a0bbd29711209cc874d34ebcb0fd13ff9ead56b2ebc5161b89d802442b7b71de49f91df42e6b4824d467cd346e6a4b4af930f5c2237bf6635e01a0ffaa85ba7fec9cbaf8a003d0968d163d80a3d1b6276f582bbdba959f99e4300c7cd5d2fced3913bd9d3ae26fdcffad2e4cb17b5730027defe773c4ef225123fe4cf7158811114c7a294be76543a6b1f306a018b2aa5a66b0a5a48f4df56b380c04ba756406aa63f9bd9fb48af49883ceabd1491a0f0c22c58171905e16a420d46"]) r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x81, 0x200400) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x2) 07:35:20 executing program 0: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x18000, 0x0) ioctl$SG_GET_LOW_DMA(r0, 0x227a, &(0x7f0000000080)) r1 = socket(0x113, 0x80000, 0x40) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x10, 0x110, 0x2}], 0x10}}], 0x1, 0x0) r2 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000100)='NET_DM\x00') sendmsg$NET_DM_CMD_STOP(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x1, 0x70bd28, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) 07:35:20 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x8) perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r1, &(0x7f00000001c0)={0x2002}) write$FUSE_WRITE(r2, &(0x7f0000000180)={0x18, 0xfffffffffffffffe, 0x6, {0x800}}, 0x18) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6tnl0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000100)={@local, 0x56, r3}) listen(0xffffffffffffffff, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x0, 0x0) r4 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x10001, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x0, 0x0, &(0x7f0000000000)) fsync(r4) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000240)=0x1, 0x4) 07:35:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) mmap(&(0x7f0000abb000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000abaff9)={0x3, 0xfff}, 0x10) 07:35:21 executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x100, 0x10) ioctl$KVM_ASSIGN_DEV_IRQ(r0, 0x4040ae70, &(0x7f0000000080)={0x9, 0x4, 0x7, 0x5}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x13) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{}, {}, {}, {0x0}, {}, {}]}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r0, 0xc010641d, &(0x7f0000000280)={r2, &(0x7f00000002c0)=""/112}) r3 = fcntl$dupfd(r1, 0x0, r1) read$eventfd(r3, 0x0, 0x0) lsetxattr$security_smack_transmute(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000140)='TRUE', 0x4, 0x3) 07:35:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000001180)='./file0\x00', 0x600200, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x4001ef) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f00000011c0)={'ip6gre0\x00', {0x2, 0x4e20, @loopback}}) r2 = syz_open_dev$radio(&(0x7f0000001100)='/dev/radio#\x00', 0x3, 0x2) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000001140)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r3, &(0x7f0000000040), 0x1000) write$FUSE_ENTRY(r3, &(0x7f0000001040)={0x90, 0x0, 0x2, {0x20000000007, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9}}}, 0x90) [ 294.253319] CUSE: zero length info key specified [ 294.263515] CUSE: zero length info key specified 07:35:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open(&(0x7f0000001180)='./file0\x00', 0x600200, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x4001ef) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f00000011c0)={'ip6gre0\x00', {0x2, 0x4e20, @loopback}}) r2 = syz_open_dev$radio(&(0x7f0000001100)='/dev/radio#\x00', 0x3, 0x2) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000001140)) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r3, &(0x7f0000000040), 0x1000) write$FUSE_ENTRY(r3, &(0x7f0000001040)={0x90, 0x0, 0x2, {0x20000000007, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9}}}, 0x90) [ 294.379916] CUSE: zero length info key specified 07:35:21 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000080)=0x34) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) read(r1, &(0x7f0000000180)=""/166, 0x183) ioctl$int_in(r1, 0x80000040045010, &(0x7f0000000100)) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000000)) 07:35:21 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x4000, 0x0) write$FUSE_GETXATTR(r0, &(0x7f0000000040)={0x18, 0x0, 0x4, {0x80000000}}, 0x18) poll(&(0x7f0000000080)=[{r0, 0x4003}], 0x1, 0x20) write$FUSE_GETXATTR(r0, &(0x7f00000000c0)={0x18, 0x0, 0x2, {0xfffffffffffffffe}}, 0x18) fgetxattr(r0, &(0x7f0000000100)=@known='trusted.overlay.nlink\x00', &(0x7f0000000140)=""/254, 0xfe) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000240)={0x0, 0xca, 0x2, [0x2, 0xfffffffffffffff8]}, &(0x7f0000000280)=0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000002c0)={r1, 0x0, 0x20}, &(0x7f0000000300)=0xc) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000340)={r1, @in6={{0xa, 0x4e23, 0x6, @mcast2, 0xcc}}, 0x80, 0x80000000, 0x7, 0x1}, 0x98) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000440)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x54, r2, 0x408, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1f}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x76}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0x24}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0xedc8397f44b5975e}, 0x8000) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000580), &(0x7f00000005c0)=0x14) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000640)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000600)={0xffffffffffffffff}, 0x106, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000680)={0x4, 0x8, 0xfa00, {r3, 0xffffffff}}, 0x10) r4 = shmget$private(0x0, 0x1000, 0x200, &(0x7f0000ffd000/0x1000)=nil) shmctl$IPC_RMID(r4, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f00000006c0)=0x100000001) modify_ldt$write(0x1, &(0x7f0000000700)={0x7ff, 0x20000000, 0x3000, 0x6, 0x8, 0x8, 0x7ff, 0x4, 0x2, 0x3}, 0x10) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000740)={0x100000000, 0x4, 0x3, 0x5, 0xb, 0xffff, 0xffffffffffffffc1, 0x3, 0x9, 0x3ff, 0x5, 0x7ff}) ioctl$DRM_IOCTL_AGP_ENABLE(r0, 0x40086432, &(0x7f0000000780)=0x40) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000007c0), &(0x7f0000000800)=0x14) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000840)={0x6, 0x3, 0x6}) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000880)={r0, 0x0, 0x2, 0x1000, 0x10001}) ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f00000008c0)) ioctl$PPPIOCSCOMPRESS(r0, 0x4010744d) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000940)={0x0, 0x0}, &(0x7f0000000980)=0xc) lstat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(r0, &(0x7f0000000900)='system.posix_acl_default\x00', &(0x7f0000000a80)={{}, {0x1, 0x1}, [{0x2, 0x7, r5}], {0x4, 0x4}, [{0x8, 0x4, r6}], {0x10, 0x3}, {0x20, 0x2}}, 0x34, 0x2) write$P9_RSETATTR(r0, &(0x7f0000000ac0)={0x7, 0x1b, 0x2}, 0x7) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000b00)={0x5, 0xc, 0x6}) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000b40)={r1, 0x401}, &(0x7f0000000b80)=0x8) 07:35:22 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000080)=0x34) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) read(r1, &(0x7f0000000180)=""/166, 0x183) ioctl$int_in(r1, 0x80000040045010, &(0x7f0000000100)) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000000)) [ 295.223972] IPVS: ftp: loaded support on port[0] = 21 [ 295.433202] chnl_net:caif_netlink_parms(): no params data found [ 295.516407] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.523807] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.532351] device bridge_slave_0 entered promiscuous mode [ 295.542857] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.549423] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.557970] device bridge_slave_1 entered promiscuous mode [ 295.595790] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 295.609428] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 295.642674] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 295.651406] team0: Port device team_slave_0 added [ 295.659677] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 295.668490] team0: Port device team_slave_1 added [ 295.675516] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 295.684232] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 295.723599] device hsr_slave_0 entered promiscuous mode [ 295.730244] device hsr_slave_1 entered promiscuous mode [ 295.738856] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 295.746675] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 295.777616] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.784234] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.791420] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.798046] bridge0: port 1(bridge_slave_0) entered forwarding state 07:35:22 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000080)=0x34) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) read(r1, &(0x7f0000000180)=""/166, 0x183) ioctl$int_in(r1, 0x80000040045010, &(0x7f0000000100)) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000000)) [ 295.921206] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 295.928144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 295.958155] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 295.986352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 295.997726] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.009467] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.036046] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 296.054343] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 296.060466] 8021q: adding VLAN 0 to HW filter on device team0 [ 296.079728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 296.088245] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.094823] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.117882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 296.126548] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.133139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.179445] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 296.189143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 296.218606] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 296.228446] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 296.240285] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 296.249423] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 296.258268] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 296.267189] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 296.291404] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 296.300071] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 296.320021] 8021q: adding VLAN 0 to HW filter on device batadv0 07:35:23 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, 0x0, 0x19d) [ 296.632952] ================================================================== [ 296.640463] BUG: KMSAN: uninit-value in mld_send_initial_cr+0x1e4/0x4d0 [ 296.647269] CPU: 0 PID: 10694 Comm: syz-fuzzer Not tainted 5.0.0-rc1+ #7 [ 296.654121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.663487] Call Trace: [ 296.666077] [ 296.668310] dump_stack+0x173/0x1d0 [ 296.671988] kmsan_report+0x12e/0x2a0 [ 296.675831] __msan_warning+0x82/0xf0 [ 296.679670] mld_send_initial_cr+0x1e4/0x4d0 [ 296.684139] mld_dad_timer_expire+0x4d/0x550 [ 296.688576] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.693788] call_timer_fn+0x285/0x600 [ 296.697688] ? mld_ifc_timer_expire+0x1680/0x1680 [ 296.702553] __run_timers+0xdb4/0x11d0 [ 296.706457] ? mld_ifc_timer_expire+0x1680/0x1680 [ 296.711329] ? timers_dead_cpu+0xa50/0xa50 [ 296.715583] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.720783] ? timers_dead_cpu+0xa50/0xa50 [ 296.725030] run_timer_softirq+0x2e/0x50 [ 296.729198] __do_softirq+0x53f/0x93a [ 296.733046] irq_exit+0x214/0x250 [ 296.736519] exiting_irq+0xe/0x10 [ 296.739992] smp_apic_timer_interrupt+0x48/0x70 [ 296.744679] apic_timer_interrupt+0x2e/0x40 [ 296.749005] [ 296.751256] RIP: 0010:kmsan_get_shadow_origin_ptr+0x75/0x440 [ 296.757067] Code: 85 c0 0f 85 78 03 00 00 4c 89 f7 4c 89 fe 31 d2 e8 a0 c4 ff ff 84 c0 0f 84 cd 03 00 00 48 b8 00 00 00 00 80 77 00 00 4d 89 f5 <49> 81 ed 00 00 00 80 4c 89 6d d0 0f 83 5a 03 00 00 49 8d 04 06 4c [ 296.775982] RSP: 0018:ffff88809d21e638 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 [ 296.783703] RAX: 0000778000000000 RBX: ffffffff8c625000 RCX: 000000000000003c [ 296.790982] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8881097f095c [ 296.798261] RBP: ffff88809d21e668 R08: 0000000000000002 R09: ffff88809d21e638 [ 296.805542] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881097f0988 [ 296.812823] R13: ffff8881097f095c R14: ffff8881097f095c R15: 0000000000000004 [ 296.820162] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.825377] __msan_metadata_ptr_for_load_4+0x10/0x20 07:35:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), &(0x7f0000000240)}}], 0xfffffffffffffd9b}) 07:35:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f023c123f3188a070") r1 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x200, 0x0) read(r1, 0x0, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000040)={0x0, 0x6a, "a3cc0efe447193fccf9f426302e4fbeb13d36bbb21dae282d3fd67babf80dabdd6bd519b6c7e6f6f8a95b2a0bf98feeb6aef20dcd2989ba2723996c21dd3f0463a301534d2f94b6e5cad1edc74a46807900665068fa0f868d6d7449f3d1c7ce99f1b2d578b33fefed987"}, &(0x7f0000000100)=0x72) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000140)={r3, 0x9}, 0x8) dup2(r1, r2) 07:35:23 executing program 1: perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(0xffffffffffffffff, 0x40405515, &(0x7f0000001000)) [ 296.830580] should_fail+0x133/0xb20 [ 296.834332] should_fail_alloc_page+0x212/0x290 [ 296.839031] __alloc_pages_nodemask+0x4a2/0x5e30 [ 296.843813] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.849023] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 296.854403] ? __update_load_avg_cfs_rq+0x105/0x10b0 [ 296.859540] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.864755] ? update_cfs_rq_load_avg+0x5e1/0xa10 [ 296.869642] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.874862] alloc_pages_current+0x69d/0x9b0 [ 296.879314] __page_cache_alloc+0x95/0x320 [ 296.883582] __do_page_cache_readahead+0x46e/0x990 [ 296.888587] ondemand_readahead+0xe2f/0x1420 [ 296.893055] page_cache_async_readahead+0x4f4/0x510 [ 296.898147] generic_file_read_iter+0xc94/0x4620 [ 296.903459] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.908766] ext4_file_read_iter+0x30a/0x520 [ 296.913203] ? ext4_llseek+0x460/0x460 [ 296.917131] __vfs_read+0x94e/0xbf0 [ 296.920860] integrity_kernel_read+0x1e3/0x280 [ 296.925490] ima_calc_file_hash+0x252a/0x2ca0 [ 296.930008] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 296.935416] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 296.940845] ? strncmp+0xc4/0x200 [ 296.944353] ima_collect_measurement+0x48d/0x980 [ 296.949185] process_measurement+0x1b37/0x2740 [ 296.953837] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 296.959220] ? refcount_dec_and_test_checked+0x1e8/0x2c0 [ 296.964700] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.969914] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.975141] ima_file_check+0x131/0x170 [ 296.979159] path_openat+0x4af5/0x6b90 07:35:24 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x890b, &(0x7f0000000140)={'ifb0\x02\x00\x00\x00\x02\x00\x00\x00\x02\x00', @ifru_map}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) getsockname$inet6(r1, &(0x7f0000000040), &(0x7f0000000080)=0x1c) [ 296.982740] binder_alloc: binder_alloc_mmap_handler: 10802 20001000-20004000 already mapped failed -16 [ 296.983125] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 296.983173] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.003028] do_filp_open+0x2b8/0x710 [ 297.006913] do_sys_open+0x642/0xa30 [ 297.010617] binder: 10802:10810 got transaction to context manager from process owning it [ 297.010671] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.019190] binder: 10802:10810 transaction failed 29201/-22, size 0-0 line 2887 [ 297.024198] __se_sys_openat+0xcb/0xe0 [ 297.024234] __x64_sys_openat+0x56/0x70 [ 297.024258] do_syscall_64+0xbc/0xf0 [ 297.024295] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 297.048559] RIP: 0033:0x47fd2a [ 297.051794] Code: e8 bb 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 297.070723] RSP: 002b:000000c4201a77e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101 [ 297.078445] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd2a [ 297.085728] RDX: 0000000000080002 RSI: 000000c42bd7ea00 RDI: ffffffffffffff9c [ 297.093006] RBP: 000000c4201a7868 R08: 0000000000000000 R09: 0000000000000000 [ 297.100283] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000 [ 297.107562] R13: 00000000000000f5 R14: 0000000000000075 R15: 0000000000000004 [ 297.114859] [ 297.116486] Uninit was created at: [ 297.120023] No stack [ 297.122349] ================================================================== [ 297.129715] Disabling lock debugging due to kernel taint [ 297.135167] Kernel panic - not syncing: panic_on_warn set ... [ 297.141062] CPU: 0 PID: 10694 Comm: syz-fuzzer Tainted: G B 5.0.0-rc1+ #7 [ 297.149291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.158647] Call Trace: [ 297.161239] [ 297.163422] dump_stack+0x173/0x1d0 [ 297.167083] panic+0x3d1/0xb01 [ 297.170364] kmsan_report+0x293/0x2a0 [ 297.174199] __msan_warning+0x82/0xf0 [ 297.178032] mld_send_initial_cr+0x1e4/0x4d0 [ 297.182475] mld_dad_timer_expire+0x4d/0x550 [ 297.186906] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.192130] call_timer_fn+0x285/0x600 [ 297.196044] ? mld_ifc_timer_expire+0x1680/0x1680 [ 297.200915] __run_timers+0xdb4/0x11d0 [ 297.204825] ? mld_ifc_timer_expire+0x1680/0x1680 [ 297.209708] ? timers_dead_cpu+0xa50/0xa50 [ 297.213965] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.219174] ? timers_dead_cpu+0xa50/0xa50 [ 297.223430] run_timer_softirq+0x2e/0x50 [ 297.227511] __do_softirq+0x53f/0x93a [ 297.231364] irq_exit+0x214/0x250 [ 297.234890] exiting_irq+0xe/0x10 [ 297.238362] smp_apic_timer_interrupt+0x48/0x70 [ 297.243047] apic_timer_interrupt+0x2e/0x40 [ 297.247372] [ 297.249627] RIP: 0010:kmsan_get_shadow_origin_ptr+0x75/0x440 [ 297.255437] Code: 85 c0 0f 85 78 03 00 00 4c 89 f7 4c 89 fe 31 d2 e8 a0 c4 ff ff 84 c0 0f 84 cd 03 00 00 48 b8 00 00 00 00 80 77 00 00 4d 89 f5 <49> 81 ed 00 00 00 80 4c 89 6d d0 0f 83 5a 03 00 00 49 8d 04 06 4c [ 297.274350] RSP: 0018:ffff88809d21e638 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 [ 297.282068] RAX: 0000778000000000 RBX: ffffffff8c625000 RCX: 000000000000003c [ 297.285591] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 297.289340] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8881097f095c [ 297.289370] RBP: ffff88809d21e668 R08: 0000000000000002 R09: ffff88809d21e638 [ 297.318462] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881097f0988 [ 297.325731] R13: ffff8881097f095c R14: ffff8881097f095c R15: 0000000000000004 [ 297.333047] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.338254] __msan_metadata_ptr_for_load_4+0x10/0x20 [ 297.343454] should_fail+0x133/0xb20 [ 297.347215] should_fail_alloc_page+0x212/0x290 [ 297.351907] __alloc_pages_nodemask+0x4a2/0x5e30 [ 297.356681] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.361884] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 297.367254] ? __update_load_avg_cfs_rq+0x105/0x10b0 [ 297.372389] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.377595] ? update_cfs_rq_load_avg+0x5e1/0xa10 [ 297.382490] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.387692] alloc_pages_current+0x69d/0x9b0 [ 297.392142] __page_cache_alloc+0x95/0x320 [ 297.396400] __do_page_cache_readahead+0x46e/0x990 [ 297.401382] ondemand_readahead+0xe2f/0x1420 [ 297.405843] page_cache_async_readahead+0x4f4/0x510 [ 297.410891] generic_file_read_iter+0xc94/0x4620 [ 297.415750] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.420985] ext4_file_read_iter+0x30a/0x520 [ 297.425415] ? ext4_llseek+0x460/0x460 [ 297.429310] __vfs_read+0x94e/0xbf0 [ 297.433000] integrity_kernel_read+0x1e3/0x280 [ 297.437664] ima_calc_file_hash+0x252a/0x2ca0 [ 297.442182] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 297.447590] ? kmsan_internal_unpoison_shadow+0x2f/0x40 [ 297.453023] ? strncmp+0xc4/0x200 [ 297.456519] ima_collect_measurement+0x48d/0x980 [ 297.461350] process_measurement+0x1b37/0x2740 [ 297.465987] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 297.471357] ? refcount_dec_and_test_checked+0x1e8/0x2c0 [ 297.476829] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.482041] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.487245] ima_file_check+0x131/0x170 [ 297.491242] path_openat+0x4af5/0x6b90 [ 297.495199] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.500418] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.505623] do_filp_open+0x2b8/0x710 [ 297.509477] do_sys_open+0x642/0xa30 [ 297.513201] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 297.518422] __se_sys_openat+0xcb/0xe0 [ 297.522332] __x64_sys_openat+0x56/0x70 [ 297.526320] do_syscall_64+0xbc/0xf0 [ 297.530057] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 297.535250] RIP: 0033:0x47fd2a [ 297.538450] Code: e8 bb 40 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48 [ 297.557354] RSP: 002b:000000c4201a77e8 EFLAGS: 00000212 ORIG_RAX: 0000000000000101 [ 297.565064] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000047fd2a [ 297.572337] RDX: 0000000000080002 RSI: 000000c42bd7ea00 RDI: ffffffffffffff9c [ 297.579623] RBP: 000000c4201a7868 R08: 0000000000000000 R09: 0000000000000000 [ 297.586889] R10: 00000000000001a4 R11: 0000000000000212 R12: 0000000000000000 [ 297.594167] R13: 00000000000000f5 R14: 0000000000000075 R15: 0000000000000004 [ 297.602453] Kernel Offset: disabled [ 297.606081] Rebooting in 86400 seconds..