[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 80.037697][ T31] audit: type=1800 audit(1569436149.087:25): pid=11728 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 80.060543][ T31] audit: type=1800 audit(1569436149.107:26): pid=11728 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 80.087706][ T31] audit: type=1800 audit(1569436149.137:27): pid=11728 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.212' (ECDSA) to the list of known hosts. 2019/09/25 18:29:24 fuzzer started 2019/09/25 18:29:29 dialing manager at 10.128.0.26:33471 2019/09/25 18:29:29 syscalls: 2382 2019/09/25 18:29:29 code coverage: enabled 2019/09/25 18:29:29 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/09/25 18:29:29 extra coverage: enabled 2019/09/25 18:29:29 setuid sandbox: enabled 2019/09/25 18:29:29 namespace sandbox: enabled 2019/09/25 18:29:29 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/25 18:29:29 fault injection: enabled 2019/09/25 18:29:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/25 18:29:29 net packet injection: enabled 2019/09/25 18:29:29 net device setup: enabled 18:32:05 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000300)={0x100000011, @dev, 0x0, 0x0, 'lblc\x00'}, 0x2c) syzkaller login: [ 256.241141][T11893] IPVS: ftp: loaded support on port[0] = 21 [ 256.395641][T11893] chnl_net:caif_netlink_parms(): no params data found [ 256.449210][T11893] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.456528][T11893] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.465394][T11893] device bridge_slave_0 entered promiscuous mode [ 256.475051][T11893] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.482281][T11893] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.491004][T11893] device bridge_slave_1 entered promiscuous mode [ 256.522790][T11893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.535558][T11893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 256.567243][T11893] team0: Port device team_slave_0 added [ 256.576626][T11893] team0: Port device team_slave_1 added [ 256.757483][T11893] device hsr_slave_0 entered promiscuous mode [ 256.992794][T11893] device hsr_slave_1 entered promiscuous mode [ 257.272117][T11893] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.279356][T11893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.287159][T11893] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.294496][T11893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.374825][T11893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.384770][ T2897] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.395015][ T2897] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.408108][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 257.435736][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 257.444370][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 257.459173][T11893] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.479461][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 257.488937][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 257.497968][ T2897] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.505179][ T2897] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.513941][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 257.523506][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 257.532543][ T2897] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.539873][ T2897] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.557076][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 257.594035][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 257.604155][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 257.614309][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 257.623945][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 257.633647][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 257.643225][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 257.652564][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 257.669768][T11893] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 257.682666][T11893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 257.714416][T11893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 257.730627][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 257.741437][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 257.750705][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 18:32:06 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0) 18:32:07 executing program 0: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() tkill(r0, 0x9) move_pages(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 18:32:07 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:07 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:07 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:08 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:08 executing program 1: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0xc801, 0x0) 18:32:08 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:08 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:08 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 259.678960][T11929] IPVS: ftp: loaded support on port[0] = 21 18:32:08 executing program 0: ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:09 executing program 0: ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 259.903375][T11929] chnl_net:caif_netlink_parms(): no params data found 18:32:09 executing program 0: ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 260.019682][T11929] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.027191][T11929] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.036062][T11929] device bridge_slave_0 entered promiscuous mode [ 260.047059][T11929] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.054421][T11929] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.063455][T11929] device bridge_slave_1 entered promiscuous mode 18:32:09 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, 0x0, 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 260.129826][T11929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 260.157862][T11929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 260.210538][T11929] team0: Port device team_slave_0 added [ 260.226311][T11929] team0: Port device team_slave_1 added 18:32:09 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, 0x0, 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:09 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, 0x0, 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 260.342123][T11929] device hsr_slave_0 entered promiscuous mode 18:32:09 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 260.394001][T11929] device hsr_slave_1 entered promiscuous mode [ 260.463436][T11929] debugfs: Directory 'hsr0' with parent '/' already present! [ 260.502811][T11929] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.510015][T11929] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.517768][T11929] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.525347][T11929] bridge0: port 1(bridge_slave_0) entered forwarding state 18:32:09 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 260.627015][T11929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.665418][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 260.693837][ T2897] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.704586][ T2897] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.721736][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 260.741605][T11929] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.760338][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 260.770006][ T2897] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.777272][ T2897] bridge0: port 1(bridge_slave_0) entered forwarding state [ 260.852518][T11929] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 260.863594][T11929] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 260.889680][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 260.899031][ T2897] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.906411][ T2897] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.916705][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 260.926729][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 260.936803][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 260.946407][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 260.981377][T11929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 261.002379][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 261.011272][ T2897] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 18:32:10 executing program 1: syz_open_procfs(0x0, &(0x7f0000000180)='gid_map\x00') prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x1}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 18:32:10 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:10 executing program 1: syz_open_procfs(0x0, &(0x7f0000000180)='gid_map\x00') prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x1}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 18:32:10 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000047c0)="11dca50d5c0bcfe47bf070") write$P9_ROPEN(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x71, 0x2, {{0x0, 0x3, 0x4}, 0xfffffffb}}, 0x18) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x2, 0x28001) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x1c, 0x2}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}}) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x410000, 0x0) ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000140)) write$evdev(r1, &(0x7f0000000040)=[{}, {}], 0x52a) 18:32:10 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:10 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:10 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, 0x0) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:10 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, 0x0) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:10 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, 0x0) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:10 executing program 1: unshare(0x2000400) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffe15}, 0x1) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000140)={{{@in6=@mcast1, @in6=@mcast1}}, {{@in6=@remote}, 0x0, @in6=@dev}}, &(0x7f0000000080)=0xe8) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000380)={{0x0, r4}}) r5 = socket$isdn(0x22, 0x2, 0x21) bind$isdn(r5, &(0x7f0000000280), 0x6) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) fchownat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0xee00, r6, 0x400) r7 = socket$isdn(0x22, 0x2, 0x21) bind$isdn(r7, &(0x7f0000000280), 0x6) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) fchownat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0xee00, r8, 0x400) fchown(r2, 0xee00, r8) fcntl$setsig(r2, 0xa, 0x22) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000100)={0x12, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, r1}}, 0x18) 18:32:10 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 261.933979][T11996] delete_channel: no stack [ 261.938873][T11996] delete_channel: no stack 18:32:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f00000002c0)={0x0, 0x0, 'client1\x00', 0x0, "302a757be77ef013", "a2395feb8a9b65d659a8a352dc2d7b4befce9584f854b7ab9ab8eecc7dc69015"}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$getown(r2, 0x9) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r3, 0xc1105511, &(0x7f00000004c0)={{0x0, 0x4, 0x100, 0x200, 'syz1\x00', 0xf1b}, 0x3, 0x20000000, 0x4, r5, 0x5, 0x80000000, 'syz1\x00', &(0x7f0000000040)=['/dev/kvm\x00', ']\x00', 'client1\x00', '/dev/kvm\x00', 'client1\x00'], 0x4, [], [0x9, 0x7ff, 0x3, 0x9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDGKBLED(r6, 0xc0046d00, &(0x7f0000000040)) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000080)={0x0, 0xfd}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r4, 0x84, 0xf, &(0x7f0000000380)={r7, @in={{0x2, 0x4e20, @remote}}, 0x13, 0x8, 0x1, 0x0, 0x200}, &(0x7f0000000180)=0x98) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 18:32:11 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 261.989125][T11996] delete_channel: no stack [ 262.002720][T11996] delete_channel: no stack 18:32:11 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)) write$binfmt_misc(r0, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 262.126204][T12009] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 18:32:11 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:11 executing program 1: r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f00000000c0)="24fa000019002551075c0165ff0ffc02802000030011000500e1000c0400070080000900", 0xfd75) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x1c}, 0x10) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000300)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r1, 0xc0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=0x40, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x5}, 0x0, 0x0, &(0x7f0000000140)={0x5, 0x0, 0x3ff, 0x9}, &(0x7f0000000180)=0x5, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=0x7}}, 0x10) 18:32:11 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) [ 262.465125][T12020] netlink: 63876 bytes leftover after parsing attributes in process `syz-executor.1'. [ 262.509406][T12020] netlink: 63876 bytes leftover after parsing attributes in process `syz-executor.1'. 18:32:11 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)={'\x00\x04\x00', "88a6be54"}, 0x8) 18:32:11 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x2, 0x21041) r1 = socket$inet6(0xa, 0x5, 0x0) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={r3}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={r3, 0x114}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@sack_info={r4, 0x2, 0x3ff}, &(0x7f0000000180)=0xc) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x5, 0x9, 0x3d, 0x8000000001}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) [ 262.757194][T12032] sctp: [Deprecated]: syz-executor.1 (pid 12032) Use of struct sctp_assoc_value in delayed_ack socket option. [ 262.757194][T12032] Use struct sctp_sack_info instead 18:32:11 executing program 0: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x100000000014b03e, 0x0) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000140)={0x0, 0x0, 0x79cc}) write$binfmt_misc(r0, 0x0, 0x0) [ 262.974592][T12035] ================================================================== [ 262.982955][T12035] BUG: KMSAN: uninit-value in capi_write+0x791/0xa90 [ 262.989913][T12035] CPU: 1 PID: 12035 Comm: syz-executor.0 Not tainted 5.3.0-rc7+ #0 [ 262.997938][T12035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.008093][T12035] Call Trace: [ 263.011499][T12035] dump_stack+0x191/0x1f0 [ 263.015937][T12035] kmsan_report+0x162/0x2d0 [ 263.020475][T12035] __msan_warning+0x75/0xe0 [ 263.025011][T12035] capi_write+0x791/0xa90 [ 263.029424][T12035] ? capi_read+0x720/0x720 [ 263.033910][T12035] __vfs_write+0x1a9/0xcb0 [ 263.038376][T12035] ? rw_verify_area+0x3a5/0x5e0 [ 263.043245][T12035] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 263.049244][T12035] vfs_write+0x481/0x920 [ 263.053611][T12035] ksys_write+0x265/0x430 [ 263.057973][T12035] __se_sys_write+0x92/0xb0 [ 263.062517][T12035] __x64_sys_write+0x4a/0x70 [ 263.067341][T12035] do_syscall_64+0xbc/0xf0 [ 263.071813][T12035] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.077989][T12035] RIP: 0033:0x459a29 [ 263.082007][T12035] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 263.101949][T12035] RSP: 002b:00007ff12cc74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 263.110497][T12035] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 263.118489][T12035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 263.126478][T12035] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 263.134986][T12035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff12cc756d4 [ 263.142977][T12035] R13: 00000000004c9b65 R14: 00000000004e1398 R15: 00000000ffffffff [ 263.150980][T12035] [ 263.153324][T12035] Uninit was created at: [ 263.157585][T12035] kmsan_internal_poison_shadow+0x58/0xb0 [ 263.163322][T12035] kmsan_slab_alloc+0xaa/0x120 [ 263.168178][T12035] __kmalloc_node_track_caller+0xb55/0x1320 [ 263.174166][T12035] __alloc_skb+0x306/0xa10 [ 263.178596][T12035] capi_write+0x12f/0xa90 [ 263.182945][T12035] __vfs_write+0x1a9/0xcb0 [ 263.187382][T12035] vfs_write+0x481/0x920 [ 263.191645][T12035] ksys_write+0x265/0x430 [ 263.196251][T12035] __se_sys_write+0x92/0xb0 [ 263.200786][T12035] __x64_sys_write+0x4a/0x70 [ 263.205481][T12035] do_syscall_64+0xbc/0xf0 [ 263.209917][T12035] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.215964][T12035] ================================================================== [ 263.224184][T12035] Disabling lock debugging due to kernel taint [ 263.230351][T12035] Kernel panic - not syncing: panic_on_warn set ... [ 263.237138][T12035] CPU: 1 PID: 12035 Comm: syz-executor.0 Tainted: G B 5.3.0-rc7+ #0 [ 263.246432][T12035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.256501][T12035] Call Trace: [ 263.259890][T12035] dump_stack+0x191/0x1f0 [ 263.264578][T12035] panic+0x3c9/0xc1e [ 263.268530][T12035] kmsan_report+0x2ca/0x2d0 [ 263.274013][T12035] __msan_warning+0x75/0xe0 [ 263.278673][T12035] capi_write+0x791/0xa90 [ 263.283275][T12035] ? capi_read+0x720/0x720 [ 263.287758][T12035] __vfs_write+0x1a9/0xcb0 [ 263.292309][T12035] ? rw_verify_area+0x3a5/0x5e0 [ 263.297335][T12035] ? kmsan_get_shadow_origin_ptr+0x71/0x4c0 [ 263.303261][T12035] vfs_write+0x481/0x920 [ 263.307546][T12035] ksys_write+0x265/0x430 [ 263.311907][T12035] __se_sys_write+0x92/0xb0 [ 263.316522][T12035] __x64_sys_write+0x4a/0x70 [ 263.321138][T12035] do_syscall_64+0xbc/0xf0 [ 263.325578][T12035] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.331491][T12035] RIP: 0033:0x459a29 [ 263.335498][T12035] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 263.355130][T12035] RSP: 002b:00007ff12cc74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 263.363569][T12035] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 263.371837][T12035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 263.379918][T12035] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 263.387915][T12035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff12cc756d4 [ 263.395906][T12035] R13: 00000000004c9b65 R14: 00000000004e1398 R15: 00000000ffffffff [ 263.404810][T12035] Kernel Offset: disabled [ 263.409292][T12035] Rebooting in 86400 seconds..