[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 83.695211] audit: type=1800 audit(1547265378.756:25): pid=11319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 83.714378] audit: type=1800 audit(1547265378.756:26): pid=11319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 83.733840] audit: type=1800 audit(1547265378.756:27): pid=11319 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. 2019/01/12 03:56:34 fuzzer started 2019/01/12 03:56:38 dialing manager at 10.128.0.26:40403 syzkaller login: [ 103.762614] ld (11477) used greatest stack depth: 53632 bytes left 2019/01/12 03:56:38 syscalls: 1 2019/01/12 03:56:38 code coverage: enabled 2019/01/12 03:56:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/12 03:56:38 setuid sandbox: enabled 2019/01/12 03:56:38 namespace sandbox: enabled 2019/01/12 03:56:38 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/12 03:56:38 fault injection: enabled 2019/01/12 03:56:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/12 03:56:38 net packet injection: enabled 2019/01/12 03:56:38 net device setup: enabled 03:58:46 executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0xffffffffffffbfff, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0) ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, 0x0) getegid() write$P9_RRENAMEAT(0xffffffffffffffff, 0x0, 0x0) write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) futimesat(0xffffffffffffffff, 0x0, 0x0) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0xfd2a) r1 = gettid() getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2f, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0xffffffffffffff41) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x800) write$P9_ROPEN(0xffffffffffffffff, 0x0, 0xffffffffffffffe1) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) write$P9_RCLUNK(r0, &(0x7f0000000100)={0x7}, 0x7) write$P9_RSYMLINK(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@mcast2, @in=@remote}}, {{@in6=@initdev}, 0x0, @in=@multicast2}}, &(0x7f00000003c0)=0xe8) tkill(r1, 0x1000000000016) [ 231.962394] IPVS: ftp: loaded support on port[0] = 21 [ 232.119865] chnl_net:caif_netlink_parms(): no params data found [ 232.184671] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.191167] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.199371] device bridge_slave_0 entered promiscuous mode [ 232.208902] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.215459] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.223585] device bridge_slave_1 entered promiscuous mode [ 232.253450] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 232.265552] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.294076] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.302469] team0: Port device team_slave_0 added [ 232.309331] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.317586] team0: Port device team_slave_1 added [ 232.324728] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.333089] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.430033] device hsr_slave_0 entered promiscuous mode [ 232.492293] device hsr_slave_1 entered promiscuous mode [ 232.753339] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 232.760775] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 232.787044] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.793679] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.800717] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.807275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.885295] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 232.891450] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.904719] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 232.917338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 232.927411] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.936564] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.947299] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 232.964823] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 232.971046] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.986627] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.994947] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.001404] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.056299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.064793] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.071252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.080204] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.089699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.098384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 233.106752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 233.118919] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 233.125050] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 233.133514] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 233.167206] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 233.190477] 8021q: adding VLAN 0 to HW filter on device batadv0 03:58:48 executing program 0: r0 = open(&(0x7f0000000180)='./file0\x00', 0x301001, 0x10e) write$FUSE_NOTIFY_POLL(r0, &(0x7f00000001c0)={0x18, 0x1, 0x0, {0x8}}, 0x18) r1 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x82) r2 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r2, &(0x7f0000000280)=[{&(0x7f0000000140)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r1, 0x0, 0x2000005) dup3(r2, r1, 0x0) 03:58:48 executing program 0: open(0x0, 0x0, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0) ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, 0x0) getegid() ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0xfd2a) r0 = gettid() getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) write$P9_RMKDIR(0xffffffffffffffff, 0x0, 0xffffffffffffff41) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0x0) ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x0) clone(0xffffffffffe, 0x0, 0x0, 0x0, 0x0) write$P9_ROPEN(0xffffffffffffffff, 0x0, 0xffffffffffffffe1) write$P9_RCLUNK(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000016) 03:58:49 executing program 0: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f00000001c0)=0x8, 0x2) mmap$xdp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x100000000) 03:58:49 executing program 0: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x840, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000040)={0x0, 0x10, "a9bdf7eeee81ba08b128ff6ef33ef04f"}, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000280)={r2, @in={{0x2, 0x4e22, @multicast1}}, 0x5, 0x8}, &(0x7f00000000c0)=0x90) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$pppoe(r0, &(0x7f0000000240)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, 'batadv0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) [ 234.542246] hrtimer: interrupt took 40400 ns 03:58:49 executing program 0: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd) gettid() ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) 03:58:50 executing program 1: r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0xa1, 0x80000) r1 = fcntl$getown(0xffffffffffffff9c, 0x9) fcntl$setown(r0, 0x8, r1) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$KVM_REINJECT_CONTROL(r2, 0xae71, &(0x7f0000000100)={0x2}) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000140)={0x0, 0x0, 0x4, 0x0, [], [{0xffffffffee8acde2, 0x9, 0x6, 0x8, 0x7, 0x3c3}, {0x2, 0x6, 0x7, 0x614, 0x5, 0x6}], [[], [], [], []]}) ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000300)=""/130) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'ip6gre0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'veth0_to_bridge\x00', r3}) ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x85b5fb42b13b3a3c, {0x3859, 0x7fffffff, 0x10001, 0x9}}) ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000580)={0x1, &(0x7f0000000540)=[{}]}) write$binfmt_elf32(r2, &(0x7f00000005c0)={{0x7f, 0x45, 0x4c, 0x46, 0x101, 0x133998bd, 0x8000, 0xfff, 0x31, 0x2, 0x3e, 0xa7, 0x15f, 0x38, 0x205, 0x1, 0x9, 0x20, 0x2, 0x76, 0x0, 0x7ff}, [{0x60000000, 0x6, 0xffffffffffffffe1, 0x0, 0x3, 0x6, 0x3f, 0x1f}, {0x7, 0x1000, 0x5, 0x5, 0x955b, 0x9, 0xffc0000000000000, 0x7}], "6b20aa5b24725574a9a50e62b0d7bf75a47008a84f6897", [[], [], [], [], [], [], [], [], []]}, 0x98f) ioctl$FICLONE(r2, 0x40049409, r0) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000f80)='/dev/cachefiles\x00', 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000fc0)="8b338a1feea2e6297a2ab0b93f348752", 0x10) ioctl$sock_SIOCOUTQ(r4, 0x5411, &(0x7f0000001000)) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r2) read$FUSE(r0, &(0x7f0000001040), 0x1000) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000002040)='ppp1md5sumwlan0selinux]-posix_acl_access-\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000002100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000020c0)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f0000002140)={0x10, 0x30, 0xfa00, {&(0x7f0000002080), 0x2, {0xa, 0x4e20, 0x2, @remote, 0x1}, r5}}, 0x38) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000021c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000002180), 0x117, 0x5}}, 0x20) r6 = creat(&(0x7f0000002200)='./file0\x00', 0x80) bind$vsock_dgram(r6, &(0x7f0000002240)={0x28, 0x0, 0x2711, @reserved}, 0x10) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000002280)=0x4) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f00000022c0)={0x400, 0x8, 0x7, 0x4, 0x0}, &(0x7f0000002300)=0x10) setsockopt$inet_sctp_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f0000002340)={r7, 0xf6b4, 0x7c7f7da0, 0xffffffff80000000, 0x1, 0xffff}, 0x14) ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x0) ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000002380)={0x2, 0x7fffffff, 0x0, 0x8, 0x1, [{0x9, 0x5, 0x5, 0x0, 0x0, 0x1004}]}) 03:58:50 executing program 0: r0 = gettid() r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000280)=[{0x4, 0x4}, {0x4}], 0x2) r2 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x2, 0x1a9003) setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000040)=0xb1, 0x4) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)=0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r3, 0x0, &(0x7f000006b000)={{r4, r5+10000000}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000016) 03:58:50 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net\x00\x00\x00\x00\x00\x00\x00\a/expire_nodest_conn\x00', 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f00000000c0)={r0}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) [ 235.506094] IPVS: ftp: loaded support on port[0] = 21 03:58:50 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000380)='net/ip6_tables_targets\x00') mmap(&(0x7f00004ae000/0x2000)=nil, 0x2000, 0x4, 0x1d, r1, 0xfffffffffffffffc) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000401000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x400000000000000, 0x0, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) recvfrom$packet(0xffffffffffffffff, &(0x7f00000000c0)=""/152, 0xf15a67a5f6b5a4f6, 0x40, &(0x7f0000003800)={0x11, 0x0, 0x0, 0x1, 0x600, 0x6, @random="fa62faec7cea"}, 0x14) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000000)=0x4) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x7}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x2, 0x7, 0x201, 0x9, 0x9, 0xffffffff, 0x80000001, 0x8, r5}, &(0x7f00000001c0)=0x20) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, 0x0) [ 235.673019] chnl_net:caif_netlink_parms(): no params data found [ 235.750187] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.756816] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.765419] device bridge_slave_0 entered promiscuous mode [ 235.786172] mmap: syz-executor0 (11526) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 235.799221] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.805845] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.814095] device bridge_slave_1 entered promiscuous mode [ 235.845615] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 235.853952] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 235.884940] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.912846] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.921143] team0: Port device team_slave_0 added [ 235.928105] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 235.936483] team0: Port device team_slave_1 added [ 235.944340] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 235.954546] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 03:58:51 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0xffffffff, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x66, 0x0, 0x2, "132772c75b50e72a3559ef11bd4c467471f170cccc43173648de646bbacf0698", 0x59565955}) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f00000002c0)={0x1be}) syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x5, 0x16000) [ 236.056242] device hsr_slave_0 entered promiscuous mode [ 236.093437] device hsr_slave_1 entered promiscuous mode 03:58:51 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x0, 0x0) socket$bt_rfcomm(0x1f, 0x3, 0x3) mknod(&(0x7f0000000000)='./file0\x00', 0xc040, 0x1) ioctl$VIDIOC_S_PRIORITY(r0, 0xc0189436, 0x1fffffff) [ 236.123958] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 236.131402] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 236.192307] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.198831] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.205948] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.212466] bridge0: port 1(bridge_slave_0) entered forwarding state 03:58:51 executing program 0: r0 = socket$unix(0x1, 0x3, 0x0) bind$unix(r0, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e21}, 0x6e) socket$unix(0x1, 0x8000000000000005, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x2000, 0x0) ioctl$VIDIOC_S_MODULATOR(r1, 0x40445637, &(0x7f0000000040)={0x1, "c38be1a11336786a9a74696c0884bd2f675a9642ce9d426cf14f47061633885d", 0x200, 0x10000, 0xc0000, 0x1, 0x3}) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x8, 0x800) bind$unix(r1, &(0x7f0000000480)=@file={0x1, './file0\x00'}, 0x6e) sendmsg$unix(r0, &(0x7f0000000380)={&(0x7f0000000100)=@abs={0x1, 0x0, 0x4e21}, 0x45, 0x0}, 0x0) [ 236.286987] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 236.293315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.322067] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 236.340114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 236.354237] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.367049] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.382352] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 03:58:51 executing program 0: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000100), &(0x7f0000000140)=0x4) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f00000000c0)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)) ioctl$VIDIOC_CROPCAP(r2, 0xc02c563a, &(0x7f0000000180)={0xb, {0x7fff, 0x6, 0x8bb}, {0xa08, 0x100000000, 0x9, 0x5}, {0xffffffff, 0x3}}) [ 236.401044] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 236.407383] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.424305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.432533] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.438990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.485902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.494182] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.500633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.509869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.544516] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 236.554587] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 236.565872] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 236.576610] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 236.585024] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 03:58:51 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x100000000000088) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0xc2, &(0x7f0000004680)=[{0x0}], 0x1}}], 0x400000000000039, 0x2, 0x0) bind$inet6(r0, &(0x7f0000d85fe4)={0xa, 0x4e23}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r2, 0x11, 0x100000000a, &(0x7f0000000480)=0x9, 0x4) sendto$inet6(r2, 0x0, 0x0, 0x8800, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) r3 = syz_open_dev$radio(&(0x7f00000002c0)='/dev/radio#\x00', 0x1, 0x2) ioctl$ASHMEM_GET_NAME(r3, 0x81007702, &(0x7f0000000300)=""/192) r4 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x7, 0x2800) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r4, &(0x7f00000000c0)="dcf3f3f1c4c1fec67585793bcf543eb7d6d8462e97bdeba2790322762c41b5fc6500ad41cee5d9563227c4e22a255f7f56379e502e90a0e409ec5da094fdadbbb6cceaa68fde4eb6be12c1df6783ce4c6b9bb4d4d7380c0daea14eeddc5cd7a5702a56e59f655e0186fed18cd6e6f60d81d9c65586840ae0f0651c00a49029ace0b83a38ff8d6f37f42965ea8a18e2829c42046d1f9b2d9ea835740c7037236c66635b8164c552c7604105e5b9ce3b89b0dbc41364f2f746279591068527f786ebea73a1dd420af438ff4f", &(0x7f0000000240)=""/85}, 0x18) sendto$inet6(r2, &(0x7f0000000d40)="ddd9", 0x2, 0x0, 0x0, 0x0) [ 236.593736] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 236.602349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 236.634314] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 236.649967] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.659299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 03:58:51 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x806, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0xd) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x800, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @rand_addr=0x80000000}, @in6={0xa, 0x4e20, 0x6, @local, 0x5}, @in6={0xa, 0x4e21, 0x4, @local, 0x6}], 0x48) readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/42, 0x2a}], 0x1) 03:58:51 executing program 0: r0 = socket$inet6(0xa, 0x802, 0x2) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@loopback={0x1f000000}, 0x0, 0x0, 0x3, 0x3}, 0x20) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x40000, 0x0) write$input_event(r1, &(0x7f0000000040)={{}, 0x0, 0x1}, 0x18) 03:58:52 executing program 0: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2080) r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x0) r1 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r1, 0x2000000) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)={0x0, 0x3, 0x4, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8522bebe"}, 0x0, 0x0, @offset, 0x4}) 03:58:52 executing program 1: r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0xa1, 0x80000) r1 = fcntl$getown(0xffffffffffffff9c, 0x9) fcntl$setown(r0, 0x8, r1) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$KVM_REINJECT_CONTROL(r2, 0xae71, &(0x7f0000000100)={0x2}) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000140)={0x0, 0x0, 0x4, 0x0, [], [{0xffffffffee8acde2, 0x9, 0x6, 0x8, 0x7, 0x3c3}, {0x2, 0x6, 0x7, 0x614, 0x5, 0x6}], [[], [], [], []]}) ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000300)=""/130) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'ip6gre0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'veth0_to_bridge\x00', r3}) ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x85b5fb42b13b3a3c, {0x3859, 0x7fffffff, 0x10001, 0x9}}) ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000580)={0x1, &(0x7f0000000540)=[{}]}) write$binfmt_elf32(r2, &(0x7f00000005c0)={{0x7f, 0x45, 0x4c, 0x46, 0x101, 0x133998bd, 0x8000, 0xfff, 0x31, 0x2, 0x3e, 0xa7, 0x15f, 0x38, 0x205, 0x1, 0x9, 0x20, 0x2, 0x76, 0x0, 0x7ff}, [{0x60000000, 0x6, 0xffffffffffffffe1, 0x0, 0x3, 0x6, 0x3f, 0x1f}, {0x7, 0x1000, 0x5, 0x5, 0x955b, 0x9, 0xffc0000000000000, 0x7}], "6b20aa5b24725574a9a50e62b0d7bf75a47008a84f6897", [[], [], [], [], [], [], [], [], []]}, 0x98f) ioctl$FICLONE(r2, 0x40049409, r0) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000f80)='/dev/cachefiles\x00', 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000fc0)="8b338a1feea2e6297a2ab0b93f348752", 0x10) ioctl$sock_SIOCOUTQ(r4, 0x5411, &(0x7f0000001000)) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r2) read$FUSE(r0, &(0x7f0000001040), 0x1000) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000002040)='ppp1md5sumwlan0selinux]-posix_acl_access-\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000002100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000020c0)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f0000002140)={0x10, 0x30, 0xfa00, {&(0x7f0000002080), 0x2, {0xa, 0x4e20, 0x2, @remote, 0x1}, r5}}, 0x38) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000021c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000002180), 0x117, 0x5}}, 0x20) r6 = creat(&(0x7f0000002200)='./file0\x00', 0x80) bind$vsock_dgram(r6, &(0x7f0000002240)={0x28, 0x0, 0x2711, @reserved}, 0x10) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000002280)=0x4) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f00000022c0)={0x400, 0x8, 0x7, 0x4, 0x0}, &(0x7f0000002300)=0x10) setsockopt$inet_sctp_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f0000002340)={r7, 0xf6b4, 0x7c7f7da0, 0xffffffff80000000, 0x1, 0xffff}, 0x14) ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x0) ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000002380)={0x2, 0x7fffffff, 0x0, 0x8, 0x1, [{0x9, 0x5, 0x5, 0x0, 0x0, 0x1004}]}) 03:58:52 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000300)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000005040)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000001980)="b0ed896cb3ab91dbe5c7ac0b3caef5635f27e9ee5d77ca5c7432cea681833eed766bd5e88fed083c816983a988454f3a18ec8457e8fd09dc51cc61ab6215182fe7c71e7230f3808c7b815610df4ced646bb73e94dce2ff2f6430588ddab577666baaa3983b2d019529df948716f70dc98c69e8394f8a4f8a034fa463792f6e132f0d738063242a787768cc2b60f1e6a635135feda99afd99038e2ab1f62bddbd83880ad21cd8bcab33d4a20629350a9a08e2078a9d923de7fa3469d13285649930b122790766150d4fa6148fdc9e5dbc6c7ccb959248df46f5d9427ed29180abcce13662a777ec281717435b00c613c40e9821e702e099f083639b643be82f8d276b9e56d34575669d1ad36b492c68e0bc3ebf36d064458a574d40c5e3eaf306ca5f6faf99ab609eb803c6ce75b483754e66259e9c5db1647299dde20026d871eb273ea3453fe7a0cd5a4fa595ff2603b26685a43b8e20ed82e7d5d505409ad0de1b2ed05b799c763d39bdf89a9efe9f05cc276aa82eff9fbd1dcdf71384d8a7c5de6da1a1e6033e661e1ecc7b21f3cfa4166ebfca2ae07907389e8005c67518a7836ae4cee87e9d7971ff377f5871ae9f94856ca464ef64506a84bd9ab4f7d5498ef9dc3965799531ab864484370b0ebcb706afa86ad93ac423416fdb6a6bf40b10347db2abf6eefe8169054c2e1a9cb5f8767d6998d2f2c5f9eb821909a280a0385731084f069a7d265f94c3278144195f0addf4ed07b0a8b6d55a3d4e2a695a7a1f9ab106fdc4e37c08879227aba385385fe8d0c00ba213beacf9aea28eb5fa8bd82c39eecdce65387c27db1ea8e1a3707639fb82d099a160c090fa80a2d6f03bd33950cd6906b42ef21183fba3faf7c80a8b4726d611a80bdf3e7bd88c740adbb5b657b06b810840c6563c62bff0944936559eabc3550ac8c981e29350db96c2889eb24bb65bfa5e487dccf22ae1cfe51846c7ce18e3ced1ffd9ecf7bfdd58432cc09aa5f91843e4f19bb4a87e833f31c8496689f07ce4d60e0073f24a3b1c30386ad4d3e251a2904fa160c210a1076afddd18b044f97c29335f3129eb9d24c0ca9255254305c767ff15b723a3ab62a8c3f4c3453700cee6f7911a28c1b2f53cd812440afa5656bc45b2f89b0a97e6260fb2e2914df29e25fbda1813d37785bc9b075fbde823b9561aadbfc2669d4d1b73da0dd2df5132009db8100babcf4d41c74a7f70e96db374cc0abd62615e15af72a39d9657c153f5f4d6fb77016e596777a436a8c48f146fd955f3ff4edbdb307951130815dd1ae623c67c15d4ab18d2ed7c94864c90af5a6e5e80089602421b67c42dd3383942cf334ebd67c209fcfdb573c06444551d8bc99978ea96c4aa7fadd5ef9944b73511dc051f8d4f4462acd36a2f6ac7569a03a2892167c2ee518aef0394b44ce98940105467d5dab825714fccc6964dbe6a7c60b3b8a2d78b31a92c6ef7448993704b259acaaff9ec3a5c84fc5a3cda69ab552b7bc925377e69fbec817d1d44be79982b211c649015a71aa3c25dd87f4c74072b470932af8870fb3904a031afae1da5d934b6614207d5a54c7b2a136c5c77919561e0914fc52e571ebb378621912389cf0958e8ccbcd9354a24aa9b5b3a3e5b7c86fda71a87a6b94f4864424bd84dc16888f781b44867b35db340e1d77a16970effe424f6771b8e0ce9fe651fedf170ea68df23df863e1555b89197d9ed6735e1b6496161bad10688fd9a9775ed61fcca4572055fa19f603504855a1a4cf8fc681868df7ee38e98017215f3bfd21f6484841d714358b1da29a24e4b0f4747d2bedd4692b6a99d3db8169adf7a1c8f69554dab778030ce5e6ac714f15ccd7861e7da424832381e02a5eb864ab9bf3fba569e6e136053aea265c054606fe64fc9398ce32d06977fa5f7bb72a2d2fc75a8675c71f4cfd4483a8e8f2ae33777161dbb91585a0da4af989a10c161133b436f23af89a1434501076a62c531dc784e693bc7a4637fb2e2e8e72db5f78ef9603936949ad01f9f4342c1af054d65052e686f284a5e1e0263da8e6a851f32097ab44f1e0a90f443b8", 0x5c1}], 0x1}}], 0x1, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x101000, 0x0) accept4$vsock_stream(r1, &(0x7f00000000c0)={0x28, 0x0, 0xffffffff, @host}, 0x10, 0x80000) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000000)=0x2, 0x4) sendmmsg(r0, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001f80), 0x0, &(0x7f0000001fc0)}}], 0x400000000000047, 0x0) 03:58:52 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r1 = socket$inet(0x2, 0x3, 0x2) getsockopt(r1, 0x0, 0xcf, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="e500000022b1b3e1daceb9fd3a74a57dcd82861be491336b6417f610c2f546c309904b2c9fcfc20000000000000009d57d6840cc3b65201a973156664545ef309e897a6e30f1a48f32153e9118af9c8321a8abc3e6c742dc35bcee8798ea6dcd80b4406a7bf02fb4119d3b54e7a6b1cf887d7c1e42cb1183315b6487f0dfe6e57456bff67a4fed26a5993a4ed8f4a669d5c1fcc15115b3e59c9492af0177bee7ba9b018c48d1ccc96dd302f554811730a8f8b9bb86064dd0df4262901d9ba86498489b884c2b7ffca23bd7336f2a637f1b01198640edfacbdfa90fe662190a8178285b4fff20e5f763"], &(0x7f0000000080)=0xed) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f00000000c0)={r2, 0x9}, &(0x7f0000000100)=0x8) socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_GET_THP_DISABLE(0x2a) 03:58:52 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000040)="2f0000001c0003fd6d0000360000000002dd0700060000001f5f32c908000100000073730beeffff005867855e7fa5", 0x2f}], 0x1}, 0x0) r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x20, &(0x7f0000000000)="0a5c2d023c126285718070") finit_module(r0, &(0x7f0000000080)='$eth0keyringvboxnet1GPL\fmd5sum/[', 0x3) r1 = socket(0x10, 0x800000000080002, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x40, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0x492492492492805, 0x0) flock(r0, 0x0) [ 237.745623] netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. 03:58:52 executing program 0: mkdir(&(0x7f0000001b40)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') clone(0x2a4500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x141000, 0x0) 03:58:53 executing program 0: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)}, 0x20) socketpair(0x2, 0x2, 0x9, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='/\x02roup.stap\x00', 0x2761, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f0, &(0x7f0000000300)='gre0\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f3, &(0x7f0000000300)='gre0\x00') 03:58:53 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(&(0x7f0000000280)=ANY=[@ANYBLOB="2a80429f64517c7cd148d2913c822bff631507b1f6a5599aa29413d0aef2095fe3bbc856e0b4be437366a643147d2a045663adce68b6fbcb4e4caf895608548304c746cf5e9667066ad5337f9bc8aa65a1f1e69eb49b2595911c3e5265e7a329115722ded5ae282a5306e06b9d2d6d1df148611267cddc2754bb52287ab67c9e9922e3193a121e82bed59b012713913c41bd2898f46acf1b3a25d873bf29fe758c84030da96779e9bfb3fc4eb21fb8917fbd70f16569765022594859b667d19d9bbd5daad14dec7dcfb1917e0f3d351e290824b93c8919"], &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000240)='\x00') [ 238.142587] ================================================================== [ 238.150013] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 [ 238.156515] CPU: 0 PID: 11576 Comm: syz-executor1 Not tainted 5.0.0-rc1+ #7 [ 238.163616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.172967] Call Trace: [ 238.175569] dump_stack+0x173/0x1d0 [ 238.179224] kmsan_report+0x12e/0x2a0 [ 238.183040] kmsan_internal_check_memory+0x465/0xb10 [ 238.188169] kmsan_copy_to_user+0xab/0xc0 [ 238.192336] _copy_to_user+0x16b/0x1f0 [ 238.196249] snd_pcm_oss_read+0xd4a/0x1960 [ 238.200518] ? snd_pcm_oss_unregister_minor+0x4b0/0x4b0 [ 238.205888] __vfs_read+0x1e5/0xbf0 [ 238.209520] ? security_file_permission+0x521/0x660 [ 238.214553] ? rw_verify_area+0x35e/0x580 [ 238.218717] vfs_read+0x359/0x6f0 [ 238.222215] __se_sys_read+0x17a/0x370 [ 238.226123] __x64_sys_read+0x4a/0x70 [ 238.229931] do_syscall_64+0xbc/0xf0 [ 238.233654] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 238.238841] RIP: 0033:0x457ec9 [ 238.242036] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 238.260940] RSP: 002b:00007f9d2714bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 238.268648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9 [ 238.275923] RDX: 0000000000001000 RSI: 0000000020001040 RDI: 0000000000000003 [ 238.283208] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 238.290483] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d2714c6d4 [ 238.297755] R13: 00000000004c497c R14: 00000000004d7f78 R15: 00000000ffffffff [ 238.305132] [ 238.306763] Uninit was created at: [ 238.310302] No stack [ 238.312615] [ 238.314247] Bytes 2056-2057 of 4096 are uninitialized [ 238.319435] Memory access of size 4096 starts at ffff888054d3e000 [ 238.325662] Data copied to user address 0000000020001040 [ 238.331115] ================================================================== [ 238.338471] Disabling lock debugging due to kernel taint [ 238.343932] Kernel panic - not syncing: panic_on_warn set ... [ 238.349907] CPU: 0 PID: 11576 Comm: syz-executor1 Tainted: G B 5.0.0-rc1+ #7 [ 238.358389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.367824] Call Trace: [ 238.370422] dump_stack+0x173/0x1d0 [ 238.374062] panic+0x3d1/0xb01 [ 238.377294] kmsan_report+0x293/0x2a0 [ 238.381213] kmsan_internal_check_memory+0x465/0xb10 [ 238.386357] kmsan_copy_to_user+0xab/0xc0 [ 238.390526] _copy_to_user+0x16b/0x1f0 [ 238.394430] snd_pcm_oss_read+0xd4a/0x1960 [ 238.398694] ? snd_pcm_oss_unregister_minor+0x4b0/0x4b0 [ 238.404064] __vfs_read+0x1e5/0xbf0 [ 238.407699] ? security_file_permission+0x521/0x660 [ 238.412733] ? rw_verify_area+0x35e/0x580 [ 238.416894] vfs_read+0x359/0x6f0 [ 238.420365] __se_sys_read+0x17a/0x370 [ 238.424300] __x64_sys_read+0x4a/0x70 [ 238.428124] do_syscall_64+0xbc/0xf0 [ 238.431854] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 238.437044] RIP: 0033:0x457ec9 [ 238.440243] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 238.459145] RSP: 002b:00007f9d2714bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 238.466854] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9 [ 238.474127] RDX: 0000000000001000 RSI: 0000000020001040 RDI: 0000000000000003 [ 238.481398] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 238.488667] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d2714c6d4 [ 238.495936] R13: 00000000004c497c R14: 00000000004d7f78 R15: 00000000ffffffff [ 238.504434] Kernel Offset: disabled [ 238.508063] Rebooting in 86400 seconds..