[ 50.994818] audit: type=1800 audit(1545322480.034:26): pid=6348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 52.499552] kauditd_printk_skb: 2 callbacks suppressed [ 52.499581] audit: type=1800 audit(1545322481.544:29): pid=6348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 52.524386] audit: type=1800 audit(1545322481.554:30): pid=6348 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. 2018/12/20 16:14:55 fuzzer started 2018/12/20 16:15:00 dialing manager at 10.128.0.26:46613 2018/12/20 16:15:00 syscalls: 1 2018/12/20 16:15:00 code coverage: enabled 2018/12/20 16:15:00 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/20 16:15:00 setuid sandbox: enabled 2018/12/20 16:15:00 namespace sandbox: enabled 2018/12/20 16:15:00 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/20 16:15:00 fault injection: enabled 2018/12/20 16:15:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/20 16:15:00 net packet injection: enabled 2018/12/20 16:15:00 net device setup: enabled 16:16:02 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0x8, 0x4, 0x4, 0x165, 0x0, 0xffffffffffffffff, 0x0, [0x305f, 0xa]}, 0x2c) syzkaller login: [ 134.097515] IPVS: ftp: loaded support on port[0] = 21 [ 135.485747] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.492387] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.500795] device bridge_slave_0 entered promiscuous mode [ 135.584633] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.591217] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.599603] device bridge_slave_1 entered promiscuous mode [ 135.682002] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 135.763209] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 136.014545] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 136.100949] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 136.186112] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 136.193172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 136.278483] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 136.285544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 136.541274] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 136.549941] team0: Port device team_slave_0 added [ 136.631446] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 136.640079] team0: Port device team_slave_1 added [ 136.724972] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 136.814206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 136.899377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 136.907071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 136.916733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 137.003846] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 137.011491] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 137.020974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 16:16:06 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) r2 = dup(r1) setsockopt$inet6_tcp_int(r1, 0x6, 0x12, &(0x7f00000001c0)=0x1, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000007c0)=0x2c0, 0x4) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f0000000700)) ftruncate(r3, 0x2007fff) sendfile(r2, r3, &(0x7f0000d83ff8), 0x8000ffeffffe) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 137.967451] IPVS: ftp: loaded support on port[0] = 21 [ 138.001329] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.007997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.015230] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.021811] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.031341] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 138.132188] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 140.220138] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.226844] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.235139] device bridge_slave_0 entered promiscuous mode [ 140.384887] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.391452] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.399939] device bridge_slave_1 entered promiscuous mode [ 140.481022] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 140.570311] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 140.917268] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 141.084424] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 141.801659] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 141.810235] team0: Port device team_slave_0 added [ 141.890551] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 141.899360] team0: Port device team_slave_1 added [ 141.980977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 141.989148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.998221] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 142.084601] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 142.169602] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 142.177349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 142.186871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 142.335617] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 142.344428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 142.353819] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 16:16:12 executing program 2: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000002c0)={0x0, 0x0, 0x4, {0x1, @vbi={0x0, 0x0, 0x0, 0x0, [], [0x0, 0xfeedcafe]}}}) [ 143.635992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.675447] IPVS: ftp: loaded support on port[0] = 21 [ 144.117303] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.123961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.131066] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.137665] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.147098] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 144.153691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 144.331269] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 145.061413] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 145.067826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 145.076134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 145.783411] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.479989] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.486719] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.495027] device bridge_slave_0 entered promiscuous mode [ 146.620071] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.626906] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.635189] device bridge_slave_1 entered promiscuous mode [ 146.831258] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 147.041908] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 147.523843] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 147.702845] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 147.909225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 147.916304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 148.080112] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 148.087191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 148.620159] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 148.628798] team0: Port device team_slave_0 added [ 148.821238] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 148.829921] team0: Port device team_slave_1 added [ 148.918425] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 148.925434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 148.934575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 149.019635] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 149.026652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 149.035811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 149.121967] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 149.129586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 149.138653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 149.325488] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 149.333174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 149.342490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 16:16:18 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = dup2(r2, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x0, 0x0, 0x0, 0x0, 0x0) 16:16:18 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$set_timeout(0xf, 0x0, 0x0) request_key(&(0x7f0000000200)='cifs.idmap\x00', &(0x7f0000000240)={'syz'}, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) 16:16:19 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$set_timeout(0xf, 0x0, 0x0) request_key(&(0x7f0000000200)='cifs.idmap\x00', &(0x7f0000000240)={'syz'}, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) 16:16:19 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$set_timeout(0xf, 0x0, 0x0) request_key(&(0x7f0000000200)='cifs.idmap\x00', &(0x7f0000000240)={'syz'}, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) 16:16:19 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$set_timeout(0xf, 0x0, 0x0) request_key(&(0x7f0000000200)='cifs.idmap\x00', &(0x7f0000000240)={'syz'}, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) 16:16:19 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$set_timeout(0xf, 0x0, 0x0) request_key(&(0x7f0000000200)='cifs.idmap\x00', &(0x7f0000000240)={'syz'}, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) 16:16:20 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$set_timeout(0xf, 0x0, 0x0) request_key(&(0x7f0000000200)='cifs.idmap\x00', &(0x7f0000000240)={'syz'}, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) [ 151.112945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.225730] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.232358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.239533] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.246161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.255174] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 151.261790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 16:16:20 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$set_timeout(0xf, 0x0, 0x0) request_key(&(0x7f0000000200)='cifs.idmap\x00', &(0x7f0000000240)={'syz'}, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) 16:16:20 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$set_timeout(0xf, 0x0, 0x0) request_key(&(0x7f0000000200)='cifs.idmap\x00', &(0x7f0000000240)={'syz'}, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) 16:16:20 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) readv(r0, &(0x7f0000000040)=[{&(0x7f0000000440)=""/186, 0xba}], 0x1) [ 151.910212] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 151.996705] IPVS: ftp: loaded support on port[0] = 21 [ 152.507620] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 152.515213] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.523220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 153.203247] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.848138] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.854846] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.863202] device bridge_slave_0 entered promiscuous mode [ 154.992674] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.999200] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.007492] device bridge_slave_1 entered promiscuous mode [ 155.163022] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 155.334684] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 155.734206] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 155.974522] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 156.178211] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 156.185378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 156.364298] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 156.371274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 156.824550] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 156.833490] team0: Port device team_slave_0 added [ 157.020513] ================================================================== [ 157.027955] BUG: KMSAN: uninit-value in __siphash_aligned+0x512/0xae0 [ 157.034569] CPU: 1 PID: 7301 Comm: syz-executor1 Not tainted 4.20.0-rc7+ #8 [ 157.041691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.051067] Call Trace: [ 157.053680] dump_stack+0x173/0x1d0 [ 157.057347] kmsan_report+0x120/0x290 [ 157.061248] kmsan_internal_check_memory+0x9a7/0xa20 [ 157.066395] ? __local_bh_enable_ip+0xb3/0x1a0 [ 157.071034] __msan_instrument_asm_load+0x8a/0x90 [ 157.075909] __siphash_aligned+0x512/0xae0 [ 157.080218] secure_tcpv6_seq+0x143/0x2b0 [ 157.084402] ? inet6_hash_connect+0x176/0x1a0 [ 157.088940] tcp_v6_connect+0x242b/0x2890 [ 157.093158] ? __msan_poison_alloca+0x1e0/0x270 [ 157.097917] ? tcp_v6_pre_connect+0x130/0x130 [ 157.102510] __inet_stream_connect+0x2f9/0x1340 [ 157.107209] ? kmem_cache_alloc_trace+0x55a/0xb90 [ 157.112095] ? tcp_sendmsg_locked+0x6394/0x6be0 [ 157.116812] tcp_sendmsg_locked+0x65d5/0x6be0 [ 157.121351] ? aa_label_sk_perm+0xda/0x940 [ 157.125643] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 157.131042] ? aa_label_sk_perm+0x6d6/0x940 [ 157.135424] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 157.140952] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 157.146373] tcp_sendmsg+0xb2/0x100 [ 157.150040] ? tcp_sendmsg_locked+0x6be0/0x6be0 [ 157.154749] inet_sendmsg+0x54a/0x720 [ 157.158614] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 157.164012] ? security_socket_sendmsg+0x1bd/0x200 [ 157.168999] ? inet_getname+0x490/0x490 [ 157.173085] __sys_sendto+0x8c4/0xac0 [ 157.176973] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 157.182449] ? prepare_exit_to_usermode+0x114/0x420 [ 157.187488] ? syscall_return_slowpath+0x50/0x650 [ 157.192366] __se_sys_sendto+0x107/0x130 [ 157.196481] __x64_sys_sendto+0x6e/0x90 [ 157.200483] do_syscall_64+0xbc/0xf0 [ 157.204223] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 157.209463] RIP: 0033:0x457669 [ 157.212677] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 157.231598] RSP: 002b:00007f3ef662dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 157.239328] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457669 [ 157.246612] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 157.253914] RBP: 000000000072bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 157.261199] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f3ef662e6d4 [ 157.268499] R13: 00000000004c4539 R14: 00000000004d75a8 R15: 00000000ffffffff [ 157.275801] [ 157.277920] Local variable description: ----combined@secure_tcpv6_seq [ 157.284507] Variable was created at: [ 157.288255] secure_tcpv6_seq+0x7d/0x2b0 [ 157.292345] tcp_v6_connect+0x242b/0x2890 [ 157.296537] [ 157.298170] Bytes 4-7 of 8 are uninitialized [ 157.302586] Memory access of size 8 starts at ffff8881632ff658 [ 157.308563] ================================================================== [ 157.315929] Disabling lock debugging due to kernel taint [ 157.321401] Kernel panic - not syncing: panic_on_warn set ... [ 157.327306] CPU: 1 PID: 7301 Comm: syz-executor1 Tainted: G B 4.20.0-rc7+ #8 [ 157.335806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.345165] Call Trace: [ 157.347773] dump_stack+0x173/0x1d0 [ 157.351439] panic+0x3ce/0x961 [ 157.354699] kmsan_report+0x285/0x290 [ 157.358538] kmsan_internal_check_memory+0x9a7/0xa20 [ 157.363670] ? __local_bh_enable_ip+0xb3/0x1a0 [ 157.368328] __msan_instrument_asm_load+0x8a/0x90 [ 157.373197] __siphash_aligned+0x512/0xae0 [ 157.377501] secure_tcpv6_seq+0x143/0x2b0 [ 157.381676] ? inet6_hash_connect+0x176/0x1a0 [ 157.386201] tcp_v6_connect+0x242b/0x2890 [ 157.390422] ? __msan_poison_alloca+0x1e0/0x270 [ 157.395139] ? tcp_v6_pre_connect+0x130/0x130 [ 157.399654] __inet_stream_connect+0x2f9/0x1340 [ 157.404346] ? kmem_cache_alloc_trace+0x55a/0xb90 [ 157.409222] ? tcp_sendmsg_locked+0x6394/0x6be0 [ 157.413946] tcp_sendmsg_locked+0x65d5/0x6be0 [ 157.418471] ? aa_label_sk_perm+0xda/0x940 [ 157.422747] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 157.428124] ? aa_label_sk_perm+0x6d6/0x940 [ 157.432476] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 157.437997] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 157.443420] tcp_sendmsg+0xb2/0x100 [ 157.447081] ? tcp_sendmsg_locked+0x6be0/0x6be0 [ 157.451769] inet_sendmsg+0x54a/0x720 [ 157.455598] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 157.460980] ? security_socket_sendmsg+0x1bd/0x200 [ 157.465951] ? inet_getname+0x490/0x490 [ 157.469949] __sys_sendto+0x8c4/0xac0 [ 157.473831] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 157.479300] ? prepare_exit_to_usermode+0x114/0x420 [ 157.484340] ? syscall_return_slowpath+0x50/0x650 [ 157.489223] __se_sys_sendto+0x107/0x130 [ 157.493336] __x64_sys_sendto+0x6e/0x90 [ 157.497334] do_syscall_64+0xbc/0xf0 [ 157.501075] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 157.506276] RIP: 0033:0x457669 [ 157.509487] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 157.528406] RSP: 002b:00007f3ef662dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 157.536148] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457669 [ 157.543455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 157.550735] RBP: 000000000072bf00 R08: 00000000208d4fe4 R09: 000000000000001c [ 157.558013] R10: 0000000020000008 R11: 0000000000000246 R12: 00007f3ef662e6d4 [ 157.565298] R13: 00000000004c4539 R14: 00000000004d75a8 R15: 00000000ffffffff [ 157.573539] Kernel Offset: disabled [ 157.577167] Rebooting in 86400 seconds..