[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 100.442141] audit: type=1800 audit(1551485023.497:25): pid=10513 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 100.461378] audit: type=1800 audit(1551485023.507:26): pid=10513 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 100.480894] audit: type=1800 audit(1551485023.517:27): pid=10513 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts. 2019/03/02 00:04:00 fuzzer started 2019/03/02 00:04:05 dialing manager at 10.128.0.26:33059 2019/03/02 00:04:05 syscalls: 1 2019/03/02 00:04:05 code coverage: enabled 2019/03/02 00:04:05 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/02 00:04:05 extra coverage: extra coverage is not supported by the kernel 2019/03/02 00:04:05 setuid sandbox: enabled 2019/03/02 00:04:05 namespace sandbox: enabled 2019/03/02 00:04:05 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/02 00:04:05 fault injection: enabled 2019/03/02 00:04:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/02 00:04:05 net packet injection: enabled 2019/03/02 00:04:05 net device setup: enabled 00:06:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={0x0}}, 0x0) syzkaller login: [ 292.808938] IPVS: ftp: loaded support on port[0] = 21 [ 292.973063] chnl_net:caif_netlink_parms(): no params data found [ 293.045851] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.052497] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.061063] device bridge_slave_0 entered promiscuous mode [ 293.070735] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.077395] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.086137] device bridge_slave_1 entered promiscuous mode [ 293.122839] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 293.134617] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 293.167309] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 293.176156] team0: Port device team_slave_0 added [ 293.184114] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 293.193789] team0: Port device team_slave_1 added [ 293.200455] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 293.210841] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 293.337144] device hsr_slave_0 entered promiscuous mode [ 293.592409] device hsr_slave_1 entered promiscuous mode [ 293.853262] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 293.860923] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 293.891409] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.898053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 293.905350] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.911948] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.943490] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.954371] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.036837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.052821] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 294.066753] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 294.073915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 294.081971] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 294.098656] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 294.105031] 8021q: adding VLAN 0 to HW filter on device team0 [ 294.121404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 294.128884] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 294.137924] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 294.146496] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.153073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.173927] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 294.181235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 294.191075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 294.200900] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.207518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 294.225439] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 294.239665] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 294.247830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 294.257619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 294.276897] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 294.290036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 294.298228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 294.307777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 294.317401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 294.326790] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 294.342416] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 294.349256] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 294.358431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 294.367456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 294.381439] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 294.389541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 294.398167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 294.412652] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 294.418732] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 294.449425] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 294.471446] 8021q: adding VLAN 0 to HW filter on device batadv0 00:06:57 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x6, 0x100000000000032, 0xffffffffffffffff, 0x0) tkill(r0, 0x1000000000016) 00:06:57 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x6, 0x100000000000032, 0xffffffffffffffff, 0x0) tkill(r0, 0x1000000000016) 00:06:58 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') sendfile(r0, r1, 0x0, 0x800000080008002) 00:06:58 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0xfe69) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x200000000bf}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0x200, @tick=0x4, 0x8, {0x2, 0xffff}, 0x5}) r1 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 00:06:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0) unshare(0x0) wait4(0x0, 0x0, 0x0, 0x0) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x0) ioctl$TCXONC(r0, 0x40045436, 0x200000000000002) 00:06:59 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0xfe69) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x200000000bf}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0x200, @tick=0x4, 0x8, {0x2, 0xffff}, 0x5}) r1 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) [ 296.428998] IPVS: ftp: loaded support on port[0] = 21 [ 296.598818] chnl_net:caif_netlink_parms(): no params data found [ 296.677366] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.684081] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.692715] device bridge_slave_0 entered promiscuous mode [ 296.703302] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.709843] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.718572] device bridge_slave_1 entered promiscuous mode [ 296.755362] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 296.767425] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 296.804281] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 296.813336] team0: Port device team_slave_0 added [ 296.820355] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 296.830421] team0: Port device team_slave_1 added [ 296.840024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 296.849034] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 296.928429] device hsr_slave_0 entered promiscuous mode 00:07:00 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) clone(0x2102041ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setresuid(0x0, r2, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000080)={0x0, 0x0}) process_vm_readv(r4, &(0x7f0000000000)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1, &(0x7f0000003600)=[{&(0x7f0000003580)=""/121, 0x7ffff000}], 0x12, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 297.083772] device hsr_slave_1 entered promiscuous mode [ 297.163835] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 297.171800] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 297.220788] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.227447] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.234758] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.241357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.251537] ptrace attach of "/root/syz-executor.0"[10677] was attempted by "/root/syz-executor.0"[10714] 00:07:00 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) clone(0x2102041ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setresuid(0x0, r2, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000080)={0x0, 0x0}) process_vm_readv(r4, &(0x7f0000000000)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1, &(0x7f0000003600)=[{&(0x7f0000003580)=""/121, 0x7ffff000}], 0x12, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 297.287130] ptrace attach of "/root/syz-executor.0"[10677] was attempted by "/root/syz-executor.0"[10714] [ 297.360148] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 297.366552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.410478] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 297.427112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 297.436546] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.447636] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.458633] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 297.481797] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 297.487949] 8021q: adding VLAN 0 to HW filter on device team0 [ 297.507676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 297.516488] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.523166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.543049] ptrace attach of "/root/syz-executor.0"[10677] was attempted by "/root/syz-executor.0"[10720] [ 297.551801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 297.561261] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.567869] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.619192] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 297.629260] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 297.641158] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 297.658652] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 297.668766] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 297.677714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 297.686622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 297.698831] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 297.707777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 297.745489] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 297.772542] 8021q: adding VLAN 0 to HW filter on device batadv0 00:07:01 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x8100, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000080)={0x0, r1}) prctl$PR_GET_NAME(0x10, 0xfffffffffffffffe) 00:07:01 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x801, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c4608ff0103ffff000000dfff0a02003e00b9000000a40300003800000081020000033a38"], 0x27) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) write$sndseq(r0, &(0x7f0000000040)=[{0x0, 0x0, 0x2, 0x0, @time={r1, r2+10000000}, {0x1000000000}, {}, @quote}], 0x30) 00:07:01 executing program 1: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/qat_adf_ctl\x00', 0x80002, 0x0) setsockopt$inet_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000001900)='tls\x00', 0x4) getsockopt$inet6_buf(r0, 0x29, 0x4, 0x0, &(0x7f0000000000)) syz_open_dev$sg(&(0x7f0000000280)='/dev/sg#\x00', 0x1, 0x800) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) recvmmsg(r0, &(0x7f0000003ec0)=[{{&(0x7f0000004180)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000001440)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/211, 0xd3}, {&(0x7f0000001400)=""/40, 0x28}]}, 0x1ff}, {{&(0x7f0000001480), 0x80, &(0x7f0000001700)=[{&(0x7f0000001500)=""/132, 0x84}, {&(0x7f00000015c0)=""/177, 0xb1}, {&(0x7f0000001680)=""/123, 0x7b}], 0x3, &(0x7f0000001740)=""/172, 0xac}, 0x3ff}, {{&(0x7f0000001800)=@x25={0x9, @remote}, 0x80, &(0x7f0000004140)=[{&(0x7f0000001880)=""/122, 0x7a}], 0x1}, 0x101}, {{0x0, 0x0, &(0x7f0000001c80)=[{&(0x7f0000001940)=""/72, 0x48}, {&(0x7f00000019c0)=""/158, 0x9e}, {&(0x7f0000001a80)=""/239, 0xef}, {&(0x7f0000001b80)=""/189, 0xbd}, {&(0x7f0000001c40)=""/46, 0x2e}], 0x5}}, {{&(0x7f0000001d00)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000002e80)=[{&(0x7f0000001d80)=""/112, 0x70}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000002e00)=""/103, 0x67}], 0x3, &(0x7f0000004200)=""/4096, 0x1000}, 0x5}], 0x5, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0xc) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000002ec0)={0x9, 0xd0b}) r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000040c0)='/dev/dlm_plock\x00', 0x2000, 0x0) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000004100)=0xcf1) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000004000)='/dev/btrfs-control\x00', 0x141001, 0x0) mq_getsetattr(r6, &(0x7f0000004040)={0x6, 0x858, 0x7fffffff, 0x7, 0x20, 0x57a, 0x1000000, 0x200}, &(0x7f0000004080)) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@local, @in6=@rand_addr="dde8d5d84f72e00f3e1d5f26dfe348d9", 0x4e21, 0x8, 0x4e22, 0x9, 0x2, 0xa0, 0x20, 0x0, r3, r4}, {0x0, 0x2, 0x200, 0x7fffffff, 0x6, 0x100, 0x0, 0x18000000000}, {0x8, 0x4, 0x5, 0x3}, 0x10f, 0x6e6bb2, 0x2, 0x1, 0x3, 0x3}, {{@in=@multicast1, 0x4d6, 0x32}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0x19}, 0x3502, 0x3, 0x3, 0x81, 0x3, 0x76e0, 0x1051fa1c}}, 0xe8) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000200)={{0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, [], 0xb}, 0x6}, {0xa, 0x4e24, 0xdb16, @local, 0x1}, 0x69ed, [0x5, 0x2, 0xd28, 0x5, 0x200, 0x76, 0xa0, 0x9]}, 0x5c) socket$inet6_udplite(0xa, 0x2, 0x88) 00:07:01 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) clone(0x2102041ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setresuid(0x0, r2, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000080)={0x0, 0x0}) process_vm_readv(r4, &(0x7f0000000000)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1, &(0x7f0000003600)=[{&(0x7f0000003580)=""/121, 0x7ffff000}], 0x12, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 298.424754] QAT: Invalid ioctl [ 298.440156] QAT: Invalid ioctl [ 298.457628] ptrace attach of "/root/syz-executor.0"[10677] was attempted by "/root/syz-executor.0"[10740] 00:07:01 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) capset(&(0x7f0000a31000)={0x20080522}, &(0x7f00009b3000)={0x2}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="1501996a00000000030001000000000000000c4100000014001462726f61646361738560fe3757ce8128"], 0x30}}, 0x0) [ 298.617870] ================================================================== [ 298.625332] BUG: KMSAN: uninit-value in strlen+0x3b/0xa0 [ 298.630811] CPU: 0 PID: 10746 Comm: syz-executor.1 Not tainted 5.0.0-rc1+ #9 [ 298.638016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.647396] Call Trace: [ 298.650030] dump_stack+0x173/0x1d0 [ 298.653692] kmsan_report+0x12e/0x2a0 [ 298.657534] __msan_warning+0x82/0xf0 [ 298.661366] strlen+0x3b/0xa0 [ 298.664521] tipc_nl_compat_link_reset_stats+0x1f0/0x360 [ 298.670007] ? tipc_nl_compat_link_set+0x1220/0x1220 [ 298.675132] tipc_nl_compat_doit+0x3aa/0xaf0 [ 298.679566] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 298.684815] tipc_nl_compat_recv+0x14d1/0x2750 [ 298.689458] ? tipc_nl_node_get_link+0x920/0x920 [ 298.694236] ? tipc_nl_compat_link_set+0x1220/0x1220 [ 298.699366] ? tipc_netlink_compat_stop+0x40/0x40 [ 298.704239] genl_rcv_msg+0x185f/0x1a60 [ 298.708311] netlink_rcv_skb+0x431/0x620 [ 298.712399] ? genl_unbind+0x390/0x390 [ 298.716352] genl_rcv+0x63/0x80 [ 298.719664] netlink_unicast+0xf3e/0x1020 [ 298.723864] netlink_sendmsg+0x127f/0x1300 [ 298.728160] ___sys_sendmsg+0xdb9/0x11b0 [ 298.732257] ? netlink_getsockopt+0x1460/0x1460 [ 298.736975] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 298.742194] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 298.747582] ? __fget_light+0x6e1/0x750 [ 298.751594] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 298.756817] __se_sys_sendmsg+0x305/0x460 [ 298.761020] __x64_sys_sendmsg+0x4a/0x70 [ 298.765109] do_syscall_64+0xbc/0xf0 [ 298.768854] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 298.774061] RIP: 0033:0x457e29 [ 298.777273] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 298.796214] RSP: 002b:00007f431fbe9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 298.803950] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 298.811240] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005 [ 298.818534] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 298.825829] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f431fbea6d4 [ 298.833129] R13: 00000000004cb8b0 R14: 00000000004d8fa8 R15: 00000000ffffffff [ 298.840437] [ 298.842069] Uninit was created at: [ 298.845635] kmsan_internal_poison_shadow+0x92/0x150 [ 298.850755] kmsan_kmalloc+0xa6/0x130 [ 298.854572] kmsan_slab_alloc+0xe/0x10 [ 298.858482] __kmalloc_node_track_caller+0xe9e/0xff0 [ 298.863601] __alloc_skb+0x309/0xa20 [ 298.867332] netlink_sendmsg+0xb82/0x1300 [ 298.871503] ___sys_sendmsg+0xdb9/0x11b0 [ 298.875579] __se_sys_sendmsg+0x305/0x460 [ 298.879742] __x64_sys_sendmsg+0x4a/0x70 [ 298.883819] do_syscall_64+0xbc/0xf0 [ 298.887558] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 298.892747] ================================================================== [ 298.900114] Disabling lock debugging due to kernel taint [ 298.905569] Kernel panic - not syncing: panic_on_warn set ... [ 298.911482] CPU: 0 PID: 10746 Comm: syz-executor.1 Tainted: G B 5.0.0-rc1+ #9 [ 298.920069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.929435] Call Trace: [ 298.932062] dump_stack+0x173/0x1d0 [ 298.935723] panic+0x3d1/0xb01 [ 298.938982] kmsan_report+0x293/0x2a0 [ 298.942818] __msan_warning+0x82/0xf0 [ 298.946651] strlen+0x3b/0xa0 [ 298.949789] tipc_nl_compat_link_reset_stats+0x1f0/0x360 [ 298.955276] ? tipc_nl_compat_link_set+0x1220/0x1220 [ 298.960426] tipc_nl_compat_doit+0x3aa/0xaf0 [ 298.964869] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 298.970121] tipc_nl_compat_recv+0x14d1/0x2750 [ 298.974750] ? tipc_nl_node_get_link+0x920/0x920 [ 298.979532] ? tipc_nl_compat_link_set+0x1220/0x1220 [ 298.984662] ? tipc_netlink_compat_stop+0x40/0x40 [ 298.989521] genl_rcv_msg+0x185f/0x1a60 [ 298.993582] netlink_rcv_skb+0x431/0x620 [ 298.997664] ? genl_unbind+0x390/0x390 [ 299.001590] genl_rcv+0x63/0x80 [ 299.004899] netlink_unicast+0xf3e/0x1020 [ 299.009096] netlink_sendmsg+0x127f/0x1300 [ 299.013393] ___sys_sendmsg+0xdb9/0x11b0 [ 299.017492] ? netlink_getsockopt+0x1460/0x1460 [ 299.022197] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 299.027425] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 299.032810] ? __fget_light+0x6e1/0x750 [ 299.036824] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 299.042049] __se_sys_sendmsg+0x305/0x460 [ 299.046250] __x64_sys_sendmsg+0x4a/0x70 [ 299.050350] do_syscall_64+0xbc/0xf0 [ 299.054094] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 299.059668] RIP: 0033:0x457e29 [ 299.062874] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 299.081803] RSP: 002b:00007f431fbe9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 299.089536] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 299.096843] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005 [ 299.104127] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 299.111436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f431fbea6d4 [ 299.118733] R13: 00000000004cb8b0 R14: 00000000004d8fa8 R15: 00000000ffffffff [ 299.127119] Kernel Offset: disabled [ 299.130754] Rebooting in 86400 seconds..