[ 56.044540] audit: type=1800 audit(1542013600.089:27): pid=6326 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 56.072153] audit: type=1800 audit(1542013600.119:28): pid=6326 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.878395] audit: type=1800 audit(1542013601.929:29): pid=6326 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 57.898734] audit: type=1800 audit(1542013601.929:30): pid=6326 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. 2018/11/12 09:06:55 fuzzer started 2018/11/12 09:06:59 dialing manager at 10.128.0.26:42475 2018/11/12 09:06:59 syscalls: 1 2018/11/12 09:06:59 code coverage: enabled 2018/11/12 09:06:59 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/12 09:06:59 setuid sandbox: enabled 2018/11/12 09:06:59 namespace sandbox: enabled 2018/11/12 09:06:59 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/12 09:06:59 fault injection: enabled 2018/11/12 09:06:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/12 09:06:59 net packed injection: enabled 2018/11/12 09:06:59 net device setup: enabled 09:09:16 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x6) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x8) socket$inet6(0xa, 0x8, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000180)={0x0, @dev, @multicast2}, &(0x7f00000007c0)=0xc) connect$packet(r1, &(0x7f00000006c0)={0x11, 0xf5, 0x0, 0x1, 0x80000001, 0x6, @local}, 0x14) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000140)) write$P9_RXATTRWALK(r0, &(0x7f0000000a00)={0xffffffffffffffc6, 0x1f, 0x3, 0x4}, 0xfffffffffffffd07) ioctl$TCSBRK(r0, 0x5409, 0x63a) ioctl$TIOCEXCL(r0, 0x540c) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) write$nbd(r1, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x1) shutdown(r0, 0x1) ioctl$FITRIM(r1, 0xc0185879, &(0x7f00000001c0)={0x0, 0x7, 0x2}) ioctl$EVIOCGSW(r1, 0x8040451b, &(0x7f0000000880)=""/250) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @ipv4={[], [], @loopback}}, 0x1c) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000800)={@mcast2, @mcast2, @loopback, 0x3, 0x3, 0x2, 0x0, 0x8, 0x400000, r3}) sendfile(0xffffffffffffffff, r0, &(0x7f0000000000), 0x3) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x5) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) syzkaller login: [ 213.376568] IPVS: ftp: loaded support on port[0] = 21 [ 215.497189] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.503924] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.512527] device bridge_slave_0 entered promiscuous mode [ 215.638561] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.645273] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.654207] device bridge_slave_1 entered promiscuous mode [ 215.781256] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.906509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.297431] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.427220] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:09:20 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6(0xa, 0x1000000000002, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000500)={'sit0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={&(0x7f0000000140), 0xc, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_newaddr={0x40, 0x14, 0x109, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_CACHEINFO={0x14, 0x6, {0x0, 0xfffffffffffff1bb}}, @IFA_ADDRESS={0x14, 0x1, @local}]}, 0xff12}}, 0x0) [ 217.164964] IPVS: ftp: loaded support on port[0] = 21 [ 217.302973] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 217.311244] team0: Port device team_slave_0 added [ 217.525848] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 217.533979] team0: Port device team_slave_1 added [ 217.725791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 217.736752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.745727] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.006123] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 218.013391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.022318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.207385] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 218.215142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.224199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.397807] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 218.405652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.415107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.627284] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.633877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.640801] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.647421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.655943] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.688703] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.695392] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.704256] device bridge_slave_0 entered promiscuous mode [ 220.733005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.917272] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.923873] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.932410] device bridge_slave_1 entered promiscuous mode [ 221.192176] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 221.366544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 221.945986] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.132569] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:09:26 executing program 2: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x0, 0x0) read(r0, &(0x7f00000005c0)=""/236, 0xec) [ 222.395754] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.405367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.187115] IPVS: ftp: loaded support on port[0] = 21 [ 223.468139] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.476388] team0: Port device team_slave_0 added [ 223.703921] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.712241] team0: Port device team_slave_1 added [ 223.886947] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 223.894200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.902968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.169174] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.176490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.185255] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.425836] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 224.433839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.443584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.663966] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 224.671560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.680547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.449827] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.456417] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.463475] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.471350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.480166] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.544420] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.550881] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.559524] device bridge_slave_0 entered promiscuous mode [ 227.826152] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.832855] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.841248] device bridge_slave_1 entered promiscuous mode [ 228.166928] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 228.413115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.504695] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 229.373517] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 229.700357] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 229.989054] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 229.996347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.252529] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 230.259642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:09:34 executing program 3: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) splice(r1, 0x0, r0, 0x0, 0x3cceb664, 0x0) [ 230.648661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.119887] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.128243] team0: Port device team_slave_0 added [ 231.496045] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.504272] team0: Port device team_slave_1 added [ 231.747060] IPVS: ftp: loaded support on port[0] = 21 [ 231.841985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 231.849077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.858080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.913117] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 232.196861] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 232.204083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 232.212793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.597070] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.604989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.613824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.923972] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.931572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.941498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.091200] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 233.097735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 233.105797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.086098] ip (6935) used greatest stack depth: 53216 bytes left [ 234.276483] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.473853] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.480804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.487882] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.494491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.503051] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 236.734841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.395730] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.402357] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.410742] device bridge_slave_0 entered promiscuous mode [ 237.729002] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.735665] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.744134] device bridge_slave_1 entered promiscuous mode [ 238.028440] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 238.332800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 239.153522] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 239.418585] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 239.680567] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 239.689938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.903201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 239.910828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:09:44 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80200000000002, &(0x7f0000000680)=0x82, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000000c0), 0x4) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0xffffff84) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0xff9a}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000100), 0x0) ioctl(r0, 0x20000000008912, &(0x7f0000000040)="0a5c2d02402b6285717070") [ 240.030969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.038045] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 241.046200] team0: Port device team_slave_0 added [ 241.327655] IPVS: ftp: loaded support on port[0] = 21 [ 241.436977] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.510239] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 241.518393] team0: Port device team_slave_1 added [ 241.917316] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 241.924703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.934134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.293440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 242.300554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.309314] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.648668] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 242.656624] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 242.665467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 243.047526] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.054835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.063161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.077194] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 243.112558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 243.121486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 09:09:47 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x400, 0x0) ioctl$sock_netdev_private(r0, 0x89f4, &(0x7f0000000140)="8e168bc8f17a29a04367e1f62ae2a2d567805fbae77aaab71a8fae30e1e6dffde42ff1a38f49cfcdfed6a23467f0c5582c1e9add38e79fc2f313bbdf9e668805b8aab89b82d38c10dbe8712a63703f9e8cb1a8991c1f38107fed58bcb6be9e56b3a894f880cfab7246e6b0ba1d0292ab49b19467ab1a4e135556fc984205ef6d9292d317d4c6306b8d6905b91f3d350b605b3007b276fbc966b96dfd4951768267702576b04be76a4cd11f42fea6a4c8ddf10c99") ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f00000000c0)={{0x2, 0x0, @dev}, {0x0, @local}, 0x0, {0x2, 0x0, @local}, "677a762a000080000000327f495d00"}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ifreq(r1, 0x890b, &(0x7f00000000c0)={"6966623002000000006b2700", @ifru_names='vlan0\x00'}) timer_create(0x3, &(0x7f0000000240)={0x0, 0xe, 0x1, @thr={&(0x7f0000000040)="7b87d7db5fe2c0f2e1631a7ad0758216b09afc2430a52dbd0dd4485d7ac0587914632e1a0b31ec2cf7e5a7ce13e609f2278f8a94f8cfe3b2265e40a6aafb94b13f605c0c4acac4d55a93f40cdfc6e9f5122ce8ed00add993ae22b887a23bc5968eeeaea27c9a3bf64e29a78d32", &(0x7f0000000200)="caf588f7e77558b0b5"}}, &(0x7f0000000280)) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f00000002c0)={'bcsh0\x00', {0x2, 0x4e22, @remote}}) 09:09:48 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x101000, 0x0) r1 = epoll_create1(0x0) flock(r1, 0x2) r2 = epoll_create1(0x0) flock(r2, 0x1) close(r2) flock(r1, 0x5) 09:09:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x4000000005, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x200, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r3, 0x0, 0x48a, &(0x7f0000000080)={0x54, 0xe8f3, 0x7}, 0xc) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mprotect(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1) rt_sigreturn() getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000200)=""/4, &(0x7f00000004c0)=0x4) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r1) [ 244.748417] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.886198] PANIC: double fault, error_code: 0x0 [ 244.891073] CPU: 1 PID: 7223 Comm: syz-executor0 Not tainted 4.19.0+ #82 [ 244.897961] ================================================================== [ 244.905348] BUG: KMSAN: uninit-value in irq_work_claim+0x153/0x390 [ 244.911762] CPU: 1 PID: 7223 Comm: syz-executor0 Not tainted 4.19.0+ #82 [ 244.918605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 244.927961] Call Trace: [ 244.930548] <#DF> [ 244.932718] dump_stack+0x32d/0x480 [ 244.936364] ? irq_work_claim+0x153/0x390 [ 244.941476] kmsan_report+0x19f/0x300 [ 244.945300] kmsan_internal_check_memory+0x35f/0x450 [ 244.950429] ? __msan_poison_alloca+0x1e0/0x2b0 [ 244.955137] kmsan_check_memory+0xd/0x10 [ 244.959214] irq_work_claim+0x153/0x390 [ 244.963210] irq_work_queue+0x44/0x280 [ 244.967122] vprintk_emit+0x693/0x790 [ 244.970958] vprintk_default+0x90/0xa0 [ 244.975150] vprintk_func+0x26b/0x2a0 [ 244.978979] printk+0x1a3/0x1f0 [ 244.982310] dump_stack_print_info+0x2c4/0x3c0 [ 244.986929] show_regs_print_info+0x37/0x40 [ 244.991263] show_regs+0x38/0x170 [ 244.994734] df_debug+0x86/0xb0 [ 244.998029] do_double_fault+0x362/0x480 [ 245.002118] double_fault+0x1e/0x30 [ 245.005768] RIP: 0010:kmsan_get_origin_address+0xa/0x370 [ 245.011241] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78 [ 245.030267] RSP: 0018:fffffe000003d000 EFLAGS: 00010086 [ 245.035658] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001 [ 245.043459] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150 [ 245.050743] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000 [ 245.058052] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088 [ 245.065348] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8 [ 245.072644] [ 245.074884] [ 245.078409] kmsan_memmove_origins+0xbd/0x1d0 [ 245.082925] ? kmsan_memmove_shadow+0xad/0xe0 [ 245.087446] __msan_memmove+0x6c/0x80 [ 245.091260] fixup_bad_iret+0x9b/0x130 [ 245.095172] error_entry+0xad/0xc0 [ 245.098715] RIP: 0000: (null) [ 245.102619] Code: Bad RIP value. [ 245.105986] RSP: a3fb7f:00007f0d452b19c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 245.113879] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c [ 245.121160] RDX: c5a89c6fa88f7d00 RSI: 0000000000000000 RDI: 0000000000000000 [ 245.128434] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 245.135710] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 245.143454] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 245.150744] ? general_protection+0x8/0x30 [ 245.154997] ? general_protection+0x8/0x30 [ 245.159247] [ 245.162612] [ 245.164242] Local variable description: ----__ai_ptr@irq_work_claim [ 245.170649] Variable was created at: [ 245.174374] irq_work_claim+0x4b/0x390 [ 245.178562] irq_work_queue+0x44/0x280 [ 245.182449] [ 245.184081] Byte 7 of 8 is uninitialized [ 245.188151] Memory access of size 8 starts at fffffe0000045a38 [ 245.194120] ================================================================== [ 245.201482] Disabling lock debugging due to kernel taint [ 245.206942] Kernel panic - not syncing: panic_on_warn set ... [ 245.206942] [ 245.214330] CPU: 1 PID: 7223 Comm: syz-executor0 Tainted: G B 4.19.0+ #82 [ 245.222581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.231942] Call Trace: [ 245.234537] <#DF> [ 245.236700] dump_stack+0x32d/0x480 [ 245.240872] panic+0x57e/0xb28 [ 245.244121] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 245.249599] kmsan_report+0x300/0x300 [ 245.253428] kmsan_internal_check_memory+0x35f/0x450 [ 245.258552] ? __msan_poison_alloca+0x1e0/0x2b0 [ 245.263246] kmsan_check_memory+0xd/0x10 [ 245.267328] irq_work_claim+0x153/0x390 [ 245.271348] irq_work_queue+0x44/0x280 [ 245.275260] vprintk_emit+0x693/0x790 [ 245.279324] vprintk_default+0x90/0xa0 [ 245.283234] vprintk_func+0x26b/0x2a0 [ 245.287052] printk+0x1a3/0x1f0 [ 245.290380] dump_stack_print_info+0x2c4/0x3c0 [ 245.294990] show_regs_print_info+0x37/0x40 [ 245.299326] show_regs+0x38/0x170 [ 245.302801] df_debug+0x86/0xb0 [ 245.306115] do_double_fault+0x362/0x480 [ 245.310198] double_fault+0x1e/0x30 [ 245.313844] RIP: 0010:kmsan_get_origin_address+0xa/0x370 [ 245.319303] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78 [ 245.338677] RSP: 0018:fffffe000003d000 EFLAGS: 00010086 [ 245.344051] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001 [ 245.351325] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150 [ 245.358609] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000 [ 245.365885] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088 [ 245.373175] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8 [ 245.380727] [ 245.382971] [ 245.386267] kmsan_memmove_origins+0xbd/0x1d0 [ 245.390787] ? kmsan_memmove_shadow+0xad/0xe0 [ 245.395302] __msan_memmove+0x6c/0x80 [ 245.399125] fixup_bad_iret+0x9b/0x130 [ 245.403033] error_entry+0xad/0xc0 [ 245.406580] RIP: 0000: (null) [ 245.410493] Code: Bad RIP value. [ 245.413870] RSP: a3fb7f:00007f0d452b19c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 245.421772] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c [ 245.429051] RDX: c5a89c6fa88f7d00 RSI: 0000000000000000 RDI: 0000000000000000 [ 245.436327] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 245.444143] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 245.451424] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 245.458722] ? general_protection+0x8/0x30 [ 245.462979] ? general_protection+0x8/0x30 [ 245.467367] [ 245.472068] Kernel Offset: disabled [ 245.475716] Rebooting in 86400 seconds..