[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 75.129120] audit: type=1800 audit(1551675556.178:25): pid=9818 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 75.148280] audit: type=1800 audit(1551675556.178:26): pid=9818 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 75.167687] audit: type=1800 audit(1551675556.178:27): pid=9818 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.220' (ECDSA) to the list of known hosts. 2019/03/04 04:59:30 fuzzer started 2019/03/04 04:59:35 dialing manager at 10.128.0.26:33709 2019/03/04 04:59:35 syscalls: 1 2019/03/04 04:59:35 code coverage: enabled 2019/03/04 04:59:35 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/04 04:59:35 extra coverage: extra coverage is not supported by the kernel 2019/03/04 04:59:35 setuid sandbox: enabled 2019/03/04 04:59:35 namespace sandbox: enabled 2019/03/04 04:59:35 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/04 04:59:35 fault injection: enabled 2019/03/04 04:59:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/04 04:59:35 net packet injection: enabled 2019/03/04 04:59:35 net device setup: enabled 05:01:44 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x40) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000100)={0x3, {{0xa, 0x4e23, 0x8fea, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x25}}, 0x10000}}, 0x0, 0x2, [{{0xa, 0x4e22, 0xb40, @rand_addr="a0c06cb9c3d6c5cc6d61762cbd59e1e3", 0x3}}, {{0xa, 0x4e24, 0x8, @loopback, 0x200}}]}, 0x190) r2 = dup2(r0, r1) recvfrom$unix(r2, &(0x7f0000000440)=""/90, 0x5a, 0x20, 0x0, 0x0) ioctl$VT_WAITACTIVE(r1, 0x5607) setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f00000005c0)={0x7f, {{0x2, 0x4e22, @remote}}}, 0x88) sendmsg(0xffffffffffffffff, 0x0, 0x40) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000002340)) getpeername$inet6(0xffffffffffffffff, &(0x7f00000023c0)={0xa, 0x0, 0x0, @remote}, &(0x7f0000002400)=0x1c) syzkaller login: [ 224.505613] IPVS: ftp: loaded support on port[0] = 21 [ 224.641547] chnl_net:caif_netlink_parms(): no params data found [ 224.716979] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.723569] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.731760] device bridge_slave_0 entered promiscuous mode [ 224.741872] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.748454] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.757014] device bridge_slave_1 entered promiscuous mode [ 224.789173] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.801048] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.832436] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.840693] team0: Port device team_slave_0 added [ 224.848275] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.856589] team0: Port device team_slave_1 added [ 224.862762] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 224.871878] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.076956] device hsr_slave_0 entered promiscuous mode [ 225.333159] device hsr_slave_1 entered promiscuous mode [ 225.593715] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 225.601271] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 225.629386] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.635948] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.643161] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.649816] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.695951] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.704904] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.759609] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.773247] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 225.786772] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 225.793538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.801666] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.816677] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 225.823892] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.837381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 225.844642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.855863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.864180] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.870627] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.885710] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 225.898190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 225.906678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.915375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.923825] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.930285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.938970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.955653] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 225.968280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.981002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.988673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.997940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 226.007106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 226.016248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 226.025360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.035322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 226.049202] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 226.056496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 226.065325] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 226.080142] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 226.088707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 226.097317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 226.115712] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 226.121850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 226.153746] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 226.173860] 8021q: adding VLAN 0 to HW filter on device batadv0 05:01:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x483, &(0x7f0000000140)={0x84, @rand_addr=0x8800, 0x0, 0x0, 'sh\x00\x00\x00\xd0\x00'}, 0x2c) 05:01:48 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="43c3"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000006080)=[{{0x0, 0x0, &(0x7f0000002040)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 227.308484] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 227.508471] IPVS: ftp: loaded support on port[0] = 21 [ 227.655328] chnl_net:caif_netlink_parms(): no params data found [ 227.719097] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.725831] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.734000] device bridge_slave_0 entered promiscuous mode [ 227.743892] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.750413] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.758597] device bridge_slave_1 entered promiscuous mode [ 227.791416] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 227.802804] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 227.832743] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 227.841046] team0: Port device team_slave_0 added [ 227.848372] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 227.856782] team0: Port device team_slave_1 added [ 227.863847] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 227.872860] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 227.988561] device hsr_slave_0 entered promiscuous mode [ 228.103612] device hsr_slave_1 entered promiscuous mode 05:01:49 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TCSETA(r1, 0x5406, &(0x7f00000000c0)) [ 228.244640] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 228.264626] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 228.312810] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 228.401949] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 228.408718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.435762] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 05:01:49 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f00000000c0)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={r1, 0x7}, &(0x7f0000000180)=0x8) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r3, 0xff) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) close(r3) [ 228.455561] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.474721] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 228.505916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.513940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 228.526348] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 228.532546] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.565412] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 228.578265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.587046] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 228.595126] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.601544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.616803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 228.652941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.662389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 228.670957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.679241] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.685849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.696709] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 228.737146] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 228.746933] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 228.758285] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 228.776376] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 05:01:49 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x2, 0x88) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) [ 228.784826] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.793528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 228.801879] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 228.811808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 228.827776] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 228.854287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 228.924870] ================================================================== [ 228.932293] BUG: KMSAN: uninit-value in gue_err+0x482/0xb00 [ 228.938080] CPU: 1 PID: 10014 Comm: syz-executor.0 Not tainted 5.0.0-rc1+ #9 [ 228.945399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 228.954786] Call Trace: [ 228.957389] [ 228.959556] dump_stack+0x173/0x1d0 [ 228.963200] kmsan_report+0x12e/0x2a0 [ 228.967012] __msan_warning+0x82/0xf0 [ 228.970837] gue_err+0x482/0xb00 05:01:50 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x802, 0x0) write$sndseq(r0, &(0x7f00000001c0)=[{0x81, 0x2, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@time={0x77359400}}], 0x30) close(r0) [ 228.974228] ? fou_build_header+0x690/0x690 [ 228.978671] __udp4_lib_err+0x12e6/0x1d40 [ 228.982876] udplite_err+0x74/0x90 [ 228.986428] ? udplite_rcv+0x70/0x70 [ 228.990150] icmp_unreach+0xb65/0x1070 [ 228.994152] ? icmp_discard+0x30/0x30 [ 228.997966] icmp_rcv+0x11a1/0x1950 [ 229.001621] ? local_bh_enable+0x40/0x40 [ 229.005695] ip_protocol_deliver_rcu+0x584/0xba0 [ 229.011064] ip_local_deliver+0x624/0x7b0 [ 229.015237] ? ip_local_deliver+0x7b0/0x7b0 [ 229.019579] ? ip_protocol_deliver_rcu+0xba0/0xba0 05:01:50 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x27c4642a33e580e5) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x153, &(0x7f0000000100)=[@op={0x18}], 0x24}], 0x4924924924924b1, 0x0) [ 229.024519] ip_rcv+0x6b6/0x740 [ 229.027825] ? ip_rcv_core+0x11c0/0x11c0 [ 229.031899] process_backlog+0x756/0x10e0 [ 229.036051] ? lapic_next_event+0x6f/0xa0 [ 229.040215] ? ip_local_deliver_finish+0x320/0x320 [ 229.045160] ? rps_trigger_softirq+0x2e0/0x2e0 [ 229.049753] net_rx_action+0x78b/0x1a60 [ 229.053754] ? net_tx_action+0xca0/0xca0 [ 229.057833] __do_softirq+0x53f/0x93a [ 229.061662] do_softirq_own_stack+0x49/0x80 [ 229.065993] [ 229.068246] __local_bh_enable_ip+0x16f/0x1a0 05:01:50 executing program 1: openat$vnet(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000540)=0x0) ptrace$pokeuser(0x6, r0, 0xffff, 0x10000) r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x1ff, 0x10000) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000100)=ANY=[@ANYBLOB="0200000000000800c65d1258d087a8478c4b63ee99f047e8e3e3d2dfb0b27007603843e4e07f840edf85c35445be47264ae297664c1baac5478c3897eca76a6b7db1bcbfd3d8037457e5f4"], 0x8) prctl$PR_CAPBSET_READ(0x17, 0x18) r2 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x20, 0x101002) write$evdev(r2, &(0x7f0000000340)=[{{0x0, 0x7530}, 0x2, 0x400000000000051, 0x2}], 0x18) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r1, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000004c0)={&(0x7f0000000240)={0x34, r3, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x20, 0x5, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x194c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) sendfile(r2, r2, &(0x7f0000000300), 0x3f) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000580)={0x0, 0x100000001}, &(0x7f0000000180)=0x8) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000000080)={0x1, 0x2}) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={r4, 0xffffffffffffff72, &(0x7f0000000400)=[@in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e22, 0x5, @rand_addr="5fc1b3d3e404c2b0dda8ee4c3ef29404", 0x7}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x4e22, 0x8, @loopback, 0x5}, @in={0x2, 0x4e24, @multicast1}, @in6={0xa, 0x4e23, 0xff, @loopback}]}, &(0x7f00000002c0)=0xfffffffffffffdfd) write$evdev(r1, &(0x7f00000003c0)=[{{0x0, 0x2710}, 0x17, 0x3, 0x4}], 0x18) [ 229.072762] local_bh_enable+0x36/0x40 [ 229.076670] ip_finish_output2+0x1627/0x1820 [ 229.081106] ip_finish_output+0xd2b/0xfd0 [ 229.085276] ip_output+0x53f/0x610 [ 229.088840] ? ip_mc_finish_output+0x3b0/0x3b0 [ 229.093429] ? ip_finish_output+0xfd0/0xfd0 [ 229.097757] ip_send_skb+0x179/0x360 [ 229.101483] udp_send_skb+0x13ff/0x18b0 [ 229.105485] udp_sendmsg+0x3aa4/0x40f0 [ 229.109499] ? udp_sendmsg+0x40f0/0x40f0 [ 229.113628] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.118847] udpv6_sendmsg+0x1403/0x45d0 [ 229.122957] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 229.128425] ? aa_sk_perm+0x605/0x950 [ 229.132251] ? aa_sock_msg_perm+0x16e/0x320 [ 229.136595] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.141806] ? __udp6_lib_rcv+0x3e80/0x3e80 [ 229.146232] inet_sendmsg+0x54a/0x720 [ 229.150047] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.155254] ___sys_sendmsg+0xdb9/0x11b0 [ 229.159331] ? inet_getname+0x490/0x490 [ 229.163324] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.168526] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 229.173897] ? __fget_light+0x6e1/0x750 [ 229.177888] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.183099] __sys_sendmmsg+0x580/0xad0 [ 229.187108] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 229.192577] ? prepare_exit_to_usermode+0x114/0x420 [ 229.197604] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.202816] __se_sys_sendmmsg+0xbd/0xe0 [ 229.206894] __x64_sys_sendmmsg+0x56/0x70 [ 229.211052] do_syscall_64+0xbc/0xf0 [ 229.214774] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 229.219974] RIP: 0033:0x457e29 [ 229.223175] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 229.242255] RSP: 002b:00007fecdcfa0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 229.249970] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 229.257244] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000004 [ 229.264516] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 229.271826] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fecdcfa16d4 [ 229.279097] R13: 00000000004c4dd7 R14: 00000000004d8b10 R15: 00000000ffffffff [ 229.286381] [ 229.288008] Uninit was created at: [ 229.291561] kmsan_internal_poison_shadow+0x92/0x150 [ 229.296668] kmsan_kmalloc+0xa6/0x130 [ 229.300468] kmsan_slab_alloc+0xe/0x10 [ 229.304358] __kmalloc_node_track_caller+0xe9e/0xff0 [ 229.309458] __alloc_skb+0x309/0xa20 [ 229.313176] alloc_skb_with_frags+0x1c7/0xac0 [ 229.317678] sock_alloc_send_pskb+0xafd/0x10a0 [ 229.322265] sock_alloc_send_skb+0xca/0xe0 [ 229.326506] __ip_append_data+0x34cd/0x5000 [ 229.330830] ip_append_data+0x324/0x480 [ 229.334817] icmp_push_reply+0x23d/0x7e0 [ 229.338882] icmp_send+0x2e74/0x30c0 [ 229.342598] __udp4_lib_rcv+0x36c9/0x4b70 [ 229.346748] udplite_rcv+0x5c/0x70 [ 229.350298] ip_protocol_deliver_rcu+0x584/0xba0 [ 229.355056] ip_local_deliver+0x624/0x7b0 [ 229.359291] ip_rcv+0x6b6/0x740 [ 229.362573] process_backlog+0x756/0x10e0 [ 229.366727] net_rx_action+0x78b/0x1a60 [ 229.370874] __do_softirq+0x53f/0x93a [ 229.374666] ================================================================== [ 229.382026] Disabling lock debugging due to kernel taint [ 229.387471] Kernel panic - not syncing: panic_on_warn set ... [ 229.393359] CPU: 1 PID: 10014 Comm: syz-executor.0 Tainted: G B 5.0.0-rc1+ #9 [ 229.401936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.412087] Call Trace: [ 229.414850] [ 229.417043] dump_stack+0x173/0x1d0 [ 229.420681] panic+0x3d1/0xb01 [ 229.423907] kmsan_report+0x293/0x2a0 [ 229.427725] __msan_warning+0x82/0xf0 [ 229.431535] gue_err+0x482/0xb00 [ 229.434932] ? fou_build_header+0x690/0x690 [ 229.439257] __udp4_lib_err+0x12e6/0x1d40 [ 229.443439] udplite_err+0x74/0x90 [ 229.446985] ? udplite_rcv+0x70/0x70 [ 229.450700] icmp_unreach+0xb65/0x1070 [ 229.454634] ? icmp_discard+0x30/0x30 [ 229.458436] icmp_rcv+0x11a1/0x1950 [ 229.462082] ? local_bh_enable+0x40/0x40 [ 229.466147] ip_protocol_deliver_rcu+0x584/0xba0 [ 229.470924] ip_local_deliver+0x624/0x7b0 [ 229.475094] ? ip_local_deliver+0x7b0/0x7b0 [ 229.479421] ? ip_protocol_deliver_rcu+0xba0/0xba0 [ 229.484354] ip_rcv+0x6b6/0x740 [ 229.487646] ? ip_rcv_core+0x11c0/0x11c0 [ 229.491710] process_backlog+0x756/0x10e0 [ 229.495866] ? lapic_next_event+0x6f/0xa0 [ 229.500571] ? ip_local_deliver_finish+0x320/0x320 [ 229.505605] ? rps_trigger_softirq+0x2e0/0x2e0 [ 229.510197] net_rx_action+0x78b/0x1a60 [ 229.514285] ? net_tx_action+0xca0/0xca0 [ 229.518350] __do_softirq+0x53f/0x93a [ 229.522173] do_softirq_own_stack+0x49/0x80 [ 229.526487] [ 229.528727] __local_bh_enable_ip+0x16f/0x1a0 [ 229.533268] local_bh_enable+0x36/0x40 [ 229.537162] ip_finish_output2+0x1627/0x1820 [ 229.541858] ip_finish_output+0xd2b/0xfd0 [ 229.546025] ip_output+0x53f/0x610 [ 229.549585] ? ip_mc_finish_output+0x3b0/0x3b0 [ 229.554172] ? ip_finish_output+0xfd0/0xfd0 [ 229.558501] ip_send_skb+0x179/0x360 [ 229.562233] udp_send_skb+0x13ff/0x18b0 [ 229.566235] udp_sendmsg+0x3aa4/0x40f0 [ 229.570577] ? udp_sendmsg+0x40f0/0x40f0 [ 229.574697] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.579901] udpv6_sendmsg+0x1403/0x45d0 [ 229.584008] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 229.589375] ? aa_sk_perm+0x605/0x950 [ 229.593194] ? aa_sock_msg_perm+0x16e/0x320 [ 229.597528] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.602726] ? __udp6_lib_rcv+0x3e80/0x3e80 [ 229.607054] inet_sendmsg+0x54a/0x720 [ 229.610865] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.616063] ___sys_sendmsg+0xdb9/0x11b0 [ 229.620135] ? inet_getname+0x490/0x490 [ 229.624126] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.629325] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 229.634690] ? __fget_light+0x6e1/0x750 [ 229.638682] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.644234] __sys_sendmmsg+0x580/0xad0 [ 229.648248] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 229.653705] ? prepare_exit_to_usermode+0x114/0x420 [ 229.658726] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 229.663933] __se_sys_sendmmsg+0xbd/0xe0 [ 229.668009] __x64_sys_sendmmsg+0x56/0x70 [ 229.672161] do_syscall_64+0xbc/0xf0 [ 229.675895] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 229.681089] RIP: 0033:0x457e29 [ 229.684284] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 229.703190] RSP: 002b:00007fecdcfa0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 229.710903] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 229.718177] RDX: 00000000000004ff RSI: 00000000200092c0 RDI: 0000000000000004 [ 229.725448] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 229.732717] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fecdcfa16d4 [ 229.739988] R13: 00000000004c4dd7 R14: 00000000004d8b10 R15: 00000000ffffffff [ 229.748567] Kernel Offset: disabled [ 229.752195] Rebooting in 86400 seconds..