[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.343162] audit: type=1800 audit(1541949374.396:25): pid=6310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.362265] audit: type=1800 audit(1541949374.406:26): pid=6310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.381723] audit: type=1800 audit(1541949374.416:27): pid=6310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts. 2018/11/11 15:16:26 fuzzer started 2018/11/11 15:16:30 dialing manager at 10.128.0.26:36043 2018/11/11 15:16:30 syscalls: 1 2018/11/11 15:16:30 code coverage: enabled 2018/11/11 15:16:30 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/11 15:16:30 setuid sandbox: enabled 2018/11/11 15:16:30 namespace sandbox: enabled 2018/11/11 15:16:30 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/11 15:16:30 fault injection: enabled 2018/11/11 15:16:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/11 15:16:30 net packed injection: enabled 2018/11/11 15:16:30 net device setup: enabled 15:18:49 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) syzkaller login: [ 213.457196] IPVS: ftp: loaded support on port[0] = 21 [ 215.676210] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.682822] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.692149] device bridge_slave_0 entered promiscuous mode [ 215.819199] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.825812] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.834380] device bridge_slave_1 entered promiscuous mode [ 215.958891] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 216.083956] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.472893] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.603159] bond0: Enslaving bond_slave_1 as an active interface with an up link 15:18:53 executing program 1: semop(0x0, &(0x7f000002efe2)=[{0x0, 0x6}], 0x1) semop(0x0, &(0x7f000001a000)=[{}, {}], 0x2) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000080)) [ 217.376459] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 217.384474] team0: Port device team_slave_0 added [ 217.569332] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 217.577343] team0: Port device team_slave_1 added [ 217.659402] IPVS: ftp: loaded support on port[0] = 21 [ 217.801888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 217.819417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.828564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.958474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.100484] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 218.108257] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.117445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.373692] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 218.381273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.391263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.617290] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.623839] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.632424] device bridge_slave_0 entered promiscuous mode [ 220.803062] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.809566] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.816619] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.823139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.831918] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.863702] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.870166] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.878660] device bridge_slave_1 entered promiscuous mode [ 221.138726] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 221.323229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 221.612405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.915134] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.120356] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.246446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.254932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 15:18:59 executing program 2: r0 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000000)={0x9}) [ 223.155542] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.163574] team0: Port device team_slave_0 added [ 223.277375] IPVS: ftp: loaded support on port[0] = 21 [ 223.445493] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.453740] team0: Port device team_slave_1 added [ 223.735371] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 223.742742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 223.751361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.022173] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.029227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.037932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.227125] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 224.234931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.244012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 224.515447] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 224.523186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 224.532020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.355612] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.362385] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.370809] device bridge_slave_0 entered promiscuous mode [ 227.644267] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.650749] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.659348] device bridge_slave_1 entered promiscuous mode [ 227.693649] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.700128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.707141] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.713692] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.722268] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.997578] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 228.137051] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 228.252404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.035181] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 229.261964] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 229.470027] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 229.477317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.703050] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 229.710147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.441067] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 230.449373] team0: Port device team_slave_0 added 15:19:07 executing program 3: r0 = syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_QUERYSTD(r0, 0x8008563f, &(0x7f0000000040)) [ 230.645790] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 230.653939] team0: Port device team_slave_1 added [ 230.985360] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 230.993344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.002133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.129909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.299739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 231.306962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.315711] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.653722] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.661325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.670321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 231.807456] IPVS: ftp: loaded support on port[0] = 21 [ 231.972030] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 231.979595] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.988867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 232.417849] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.544235] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 233.550711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 233.558769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.728944] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.699358] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.705929] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.712945] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.719398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.728166] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 236.733376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.144015] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.150491] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.159100] device bridge_slave_0 entered promiscuous mode [ 237.513263] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.519736] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.528266] device bridge_slave_1 entered promiscuous mode [ 237.756166] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 238.081780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 239.081225] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 239.434007] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 239.687311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 239.696995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 240.028558] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 240.037373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 15:19:17 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000000c0), 0x23) write$cgroup_pid(r2, &(0x7f0000000000), 0x12) [ 240.691399] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.945995] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 240.954043] team0: Port device team_slave_0 added [ 241.330749] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 241.338849] team0: Port device team_slave_1 added [ 241.730402] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 241.737642] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.746540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 241.887524] IPVS: ftp: loaded support on port[0] = 21 [ 242.073263] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 242.080362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.089945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.144710] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.507667] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 242.515525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 242.524419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 15:19:19 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000400)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2deeaebf75bb41f35af8564fe0eef064cd3dbd3d206abcabffce", 0x1a}], 0x1, &(0x7f00000002c0)}, 0x0) recvmmsg(r1, &(0x7f0000000040)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x7e0}], 0x1, &(0x7f0000001680)=""/72, 0x3e}}], 0x1, 0x0, &(0x7f0000002240)) [ 242.932196] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 242.939796] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 242.948906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 15:19:20 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x9, 0x24000) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x1f) r1 = syz_open_dev$sndtimer(&(0x7f0000014000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000000)={{0x3, 0x0, 0x0, 0x100}, 0x0, 0x0, 'id0\x00', 'timer0\x00'}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x200400, 0x0) ioctl$GIO_SCRNMAP(r2, 0x4b40, &(0x7f0000000140)=""/66) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000200)={0x0, 0xfffffffffffffff9}, &(0x7f0000000240)=0x8) ioctl$KVM_ASSIGN_PCI_DEVICE(r0, 0x8040ae69, &(0x7f0000000300)={0x0, 0xfffffffffffff800, 0x7, 0x3, 0xa11}) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000280)={r3, 0xc27}, &(0x7f00000002c0)=0x8) [ 243.714711] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.721180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.729093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 15:19:20 executing program 0: r0 = socket(0x10, 0x20000000000003, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000001c0)={0x0, 0x9a, "f6ad4cf827368dddfdc582747ced0ea44eb7be5101e455ba032683b42887c0ebd605dc140ee3e237decf6fe09f633a95365b7a0b70b9947a42e0c3caf1635f78160ccfdfbfadf3eb005d02fcef0299c7a793dc2a0c8a705565f914cc6695af51259eb755ce1e8b04744871e871e9e9b07dd3eaf4e9aa41f86c8c893dc23a73ecb8de1578aad55750b614d6188470a7f5a77480569877a774cbb2"}, &(0x7f0000000000)=0xa2) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500)={0x0}, &(0x7f0000000540)=0xc) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000700)=0x0) stat(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000880)={0x0}, &(0x7f00000008c0)=0xc) r9 = getuid() r10 = getegid() r11 = getpgrp(0xffffffffffffffff) fstat(r0, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, 0x0}) r13 = getgid() sendmmsg$unix(r0, &(0x7f0000000ec0)=[{&(0x7f0000000100)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f00000004c0)=[{&(0x7f0000000280)="f3a477d898a3f288144c7610b64e2bcb5a3b18d6be41b21f5dc720896502ca87d40652b892e8af3f71f60a4f8a544c65e7eb4da875c38ab89e919b3c60a2a458f9eb72a05fc70ae6e2d1d75a05c929ccd945827ac071359ec988d8af3db1dcb90d21062b6bbaf2452302fa8a92bcbc34d609601bcbba8be4688d72dfbe528260bb3c15e8adcfc4df1e36755a7952db3545d02121f6ca86c0095d9be17f39add54b6cf21bffa3fc72d5b24fda18f2139e65cfb72fa1fdfdc59560f02cdb2af38b1b9a5346cffbf17f414ff9248166ba9ea78f644818a1e1a91f11d8b9961e1cb78a917b5a9ae4918dc839fa1ba8418d9aa382", 0xf2}, {&(0x7f0000000380)="0d9d8cebf89c7095cbb3e54d73c56a76dd93336c47883ff2d35bc795386093aeab4b9af02c855677f78d2ba0162181e6bb4417b3bd7b5874b5e1c09f61b4e1caf12e095c7770295b97134b30ea3798b52854cdd13e8f5e535a3371033ee6e8e5cdd3c649a021e82324d683956258c9f21dc997dc1c5f28d2af598277cf6480f3c6531fa1828f05de81", 0x89}, {&(0x7f0000000440)="8f1be32ad01122a8bf58618e69e36b48710ada536ff8c8575b6e25f9d48874ca09120011f2647c6e5555c2170d17aa9bcde06f080e484a29930350bf6dac17c5e983e0b761e8d4cb7174ff10be61d25a8b7bf2aa0a9127dbbb5b6add15e1fc7e", 0x60}], 0x3, &(0x7f0000000900)=[@cred={0x20, 0x1, 0x2, r2, r3, r4}, @rights={0x20, 0x1, 0x1, [r0, r0, r0, r0]}, @rights={0x38, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r5, r6, r7}, @rights={0x18, 0x1, 0x1, [r0]}, @cred={0x20, 0x1, 0x2, r8, r9, r10}], 0xd0, 0x20000004}, {&(0x7f0000000a00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000d80)=[{&(0x7f0000000a80)="9c372e88ca87f668a205c516abd21a592be7a093ad3891a6b588afb443fcb80332c1dc56bb1269a15e55", 0x2a}, {&(0x7f0000000ac0)="b673ee22a061ba4d84d27147902e0446049274f4c624cba2f84b29fb536c4c241e960d7ca1832025044f9b434650", 0x2e}, {&(0x7f0000000b00)="3251921f1c0e707329c26eeaaf5e5116d4bcb84b26cda08d50213138235551d070d1145f558908a88e0f59a681eb70807df8b9b7fcc24be7f132fbfef4231acf2a9482acebc281052c3245dfcf61007b", 0x50}, {&(0x7f0000000b80)="d27257b8668fc4afcbb61552c03c4e4986d2d5bbd1c889831c7a258750bb555db7cd2f41e10b4b5a3fe2772e6018113a350358d2ee0dd36b0b0d8b4a0d37eb3475e25f760ec52bd8734615981728d0c4798f48df2e1fd24fbcf0e3da551a7b0c5dd68f3dab51e896ab623c86d52db16c76178bcb46edb9fb825aee43a24f1336a3c51b3da3f83674249f7bbc17d997c5a635c3121677f03bdf6d4a646fd742cd763ef42f", 0xa4}, {&(0x7f0000000c40)="7d1af5efdc29fc18c62402123b092f20ac65", 0x12}, {&(0x7f0000000c80)="9edf9b35fd678e184ac798bb37420bcc760fa8452d1630dfa09e4286ada678ab14e87de9bffb226977b09d57a4d015efc13feaa5d17de5462c9e521bd0c966971adfe8f65407773d73b037c36dba8bbc6a58d3b9a151deb10f1107dea781a506ea28c558669b5f64272efd36bc3d208a8df6d4ec504b857f76df44aa1d6985c699ef39e16263c2b509416d627d1164c7bbf76bb7fcc901d599dde7c2dcec4dbac844f71808b906768420ae833b4924f6ef2537a5b9d04f127a69", 0xba}, {&(0x7f0000000d40)="3d52c0cc5c7e6751839b22c11ec65a3f4528335c7a", 0x15}], 0x7, &(0x7f0000000e80)=[@cred={0x20, 0x1, 0x2, r11, r12, r13}], 0x20, 0x10}], 0x2, 0x4080) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000040)={0x0, 0x8000, 0x1000, 0x8, r1}, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x2800000000000000}, 0xc, &(0x7f0000000080)={&(0x7f0000003080)={0xd8, 0x1a, 0x205}, 0xfd9f}}, 0x0) 15:19:21 executing program 0: r0 = socket(0x10, 0x803, 0x0) acct(0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000000), 0xc, &(0x7f00000006c0)={&(0x7f0000001fc0)=ANY=[]}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000031c0)=[{{&(0x7f0000000780)=@sco, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000740)=""/29, 0x1d}, {&(0x7f0000000dc0)=""/183, 0xb7}, {&(0x7f0000000e80)=""/30, 0x1e}], 0x3, &(0x7f0000000f00)=""/24, 0x18}}], 0x1, 0x0, &(0x7f0000003380)={0x77359400}) shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000001c0)={0x0, 0x1ff}, &(0x7f0000000700)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000800)={r3, @in6={{0xa, 0x4e22, 0x10001, @mcast1, 0x9}}, 0x5, 0x3}, 0x90) bind(r1, &(0x7f0000000280)=@in={0x2, 0x4e23, @remote}, 0x80) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000140)=@hci, 0x80, &(0x7f0000000d00), 0x115, &(0x7f00000024c0)=""/129, 0x81}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) 15:19:21 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070") rt_sigreturn() perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_settime(0xfffffd, &(0x7f00000001c0)) [ 244.782638] PANIC: double fault, error_code: 0x0 [ 244.787523] CPU: 1 PID: 7209 Comm: syz-executor0 Not tainted 4.19.0+ #82 [ 244.795110] ================================================================== [ 244.802497] BUG: KMSAN: uninit-value in irq_work_claim+0x153/0x390 [ 244.808842] CPU: 1 PID: 7209 Comm: syz-executor0 Not tainted 4.19.0+ #82 [ 244.815695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 244.825072] Call Trace: [ 244.827663] <#DF> [ 244.829837] dump_stack+0x32d/0x480 [ 244.833488] ? irq_work_claim+0x153/0x390 [ 244.837676] kmsan_report+0x19f/0x300 [ 244.841507] kmsan_internal_check_memory+0x35f/0x450 [ 244.846640] ? __msan_poison_alloca+0x1e0/0x2b0 [ 244.851336] kmsan_check_memory+0xd/0x10 [ 244.855416] irq_work_claim+0x153/0x390 [ 244.859423] irq_work_queue+0x44/0x280 [ 244.863335] vprintk_emit+0x693/0x790 [ 244.867167] vprintk_default+0x90/0xa0 [ 244.871073] vprintk_func+0x26b/0x2a0 [ 244.874896] printk+0x1a3/0x1f0 [ 244.878220] dump_stack_print_info+0x2c4/0x3c0 [ 244.882831] show_regs_print_info+0x37/0x40 [ 244.887171] show_regs+0x38/0x170 [ 244.891389] df_debug+0x86/0xb0 [ 244.894687] do_double_fault+0x362/0x480 [ 244.898772] double_fault+0x1e/0x30 [ 244.902420] RIP: 0010:kmsan_get_origin_address+0xa/0x370 [ 244.907889] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78 [ 244.926805] RSP: 0018:fffffe000003d000 EFLAGS: 00010086 [ 244.932184] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001 [ 244.939466] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150 [ 244.946743] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000 [ 244.954020] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088 [ 244.961301] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8 [ 244.968592] [ 244.970831] [ 244.974137] kmsan_memmove_origins+0xbd/0x1d0 [ 244.978650] ? kmsan_memmove_shadow+0xad/0xe0 [ 244.983164] __msan_memmove+0x6c/0x80 [ 244.986978] fixup_bad_iret+0x9b/0x130 [ 244.991653] error_entry+0xad/0xc0 [ 244.995197] RIP: 0000: (null) [ 244.999103] Code: Bad RIP value. [ 245.002475] RSP: a3fb7f:00007f5708f979c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 245.010377] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c [ 245.017658] RDX: 587936174b776c00 RSI: 0000000000000000 RDI: 0000000000000000 [ 245.024945] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 245.032228] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 245.039510] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 245.046811] ? general_protection+0x8/0x30 [ 245.051072] ? general_protection+0x8/0x30 [ 245.055329] [ 245.058697] [ 245.060331] Local variable description: ----__ai_ptr@irq_work_claim [ 245.066738] Variable was created at: [ 245.070464] irq_work_claim+0x4b/0x390 [ 245.074359] irq_work_queue+0x44/0x280 [ 245.078240] [ 245.079875] Byte 7 of 8 is uninitialized [ 245.083939] Memory access of size 8 starts at fffffe0000045a38 [ 245.090682] ================================================================== [ 245.098045] Disabling lock debugging due to kernel taint [ 245.103499] Kernel panic - not syncing: panic_on_warn set ... [ 245.103499] [ 245.110874] CPU: 1 PID: 7209 Comm: syz-executor0 Tainted: G B 4.19.0+ #82 [ 245.119097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.128447] Call Trace: [ 245.131047] <#DF> [ 245.133199] dump_stack+0x32d/0x480 [ 245.136837] panic+0x57e/0xb28 [ 245.140051] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 245.145504] kmsan_report+0x300/0x300 [ 245.149323] kmsan_internal_check_memory+0x35f/0x450 [ 245.154428] ? __msan_poison_alloca+0x1e0/0x2b0 [ 245.159108] kmsan_check_memory+0xd/0x10 [ 245.163166] irq_work_claim+0x153/0x390 [ 245.167145] irq_work_queue+0x44/0x280 [ 245.171046] vprintk_emit+0x693/0x790 [ 245.174859] vprintk_default+0x90/0xa0 [ 245.178745] vprintk_func+0x26b/0x2a0 [ 245.182555] printk+0x1a3/0x1f0 [ 245.185852] dump_stack_print_info+0x2c4/0x3c0 [ 245.191194] show_regs_print_info+0x37/0x40 [ 245.195519] show_regs+0x38/0x170 [ 245.198981] df_debug+0x86/0xb0 [ 245.202268] do_double_fault+0x362/0x480 [ 245.206341] double_fault+0x1e/0x30 [ 245.209969] RIP: 0010:kmsan_get_origin_address+0xa/0x370 [ 245.215417] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78 [ 245.234862] RSP: 0018:fffffe000003d000 EFLAGS: 00010086 [ 245.240241] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001 [ 245.247506] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150 [ 245.254777] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000 [ 245.262041] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088 [ 245.269308] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8 [ 245.276585] [ 245.278815] [ 245.282104] kmsan_memmove_origins+0xbd/0x1d0 [ 245.286601] ? kmsan_memmove_shadow+0xad/0xe0 [ 245.291826] __msan_memmove+0x6c/0x80 [ 245.295628] fixup_bad_iret+0x9b/0x130 [ 245.299516] error_entry+0xad/0xc0 [ 245.303067] RIP: 0000: (null) [ 245.306961] Code: Bad RIP value. [ 245.310317] RSP: a3fb7f:00007f5708f979c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 245.318196] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c [ 245.325460] RDX: 587936174b776c00 RSI: 0000000000000000 RDI: 0000000000000000 [ 245.332728] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08 [ 245.339993] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000 [ 245.347256] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c [ 245.354542] ? general_protection+0x8/0x30 [ 245.358776] ? general_protection+0x8/0x30 [ 245.363009] [ 245.367581] Kernel Offset: disabled [ 245.371212] Rebooting in 86400 seconds..