[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 80.754447] audit: type=1800 audit(1556860409.800:25): pid=9768 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 80.778495] audit: type=1800 audit(1556860409.830:26): pid=9768 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 80.814345] audit: type=1800 audit(1556860409.850:27): pid=9768 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.48' (ECDSA) to the list of known hosts. 2019/05/03 05:13:44 fuzzer started 2019/05/03 05:13:50 dialing manager at 10.128.0.26:33871 2019/05/03 05:13:50 syscalls: 2284 2019/05/03 05:13:50 code coverage: enabled 2019/05/03 05:13:50 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/05/03 05:13:50 extra coverage: enabled 2019/05/03 05:13:50 setuid sandbox: enabled 2019/05/03 05:13:50 namespace sandbox: enabled 2019/05/03 05:13:50 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/03 05:13:50 fault injection: enabled 2019/05/03 05:13:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/03 05:13:50 net packet injection: enabled 2019/05/03 05:13:50 net device setup: enabled 05:17:47 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) tkill(0x0, 0x0) mmap$xdp(&(0x7f0000952000/0x4000)=nil, 0x4000, 0x4, 0x2012, r0, 0x0) syzkaller login: [ 339.712726] IPVS: ftp: loaded support on port[0] = 21 [ 339.865197] chnl_net:caif_netlink_parms(): no params data found [ 339.939015] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.945996] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.954836] device bridge_slave_0 entered promiscuous mode [ 339.964571] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.971515] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.980182] device bridge_slave_1 entered promiscuous mode [ 340.013831] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 340.026276] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 340.059257] team0: Port device team_slave_0 added [ 340.068636] team0: Port device team_slave_1 added [ 340.247610] device hsr_slave_0 entered promiscuous mode [ 340.403203] device hsr_slave_1 entered promiscuous mode [ 340.683325] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.690671] bridge0: port 2(bridge_slave_1) entered forwarding state [ 340.698296] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.705554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 340.786718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 340.808384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 340.821648] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.832930] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.845541] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 340.865564] 8021q: adding VLAN 0 to HW filter on device team0 [ 340.883627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 340.893108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 340.901563] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.908858] bridge0: port 1(bridge_slave_0) entered forwarding state [ 340.964668] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 340.974747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 340.989173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 340.998228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 341.007898] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.014778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.023252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 341.032746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 341.042416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 341.052399] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 341.061339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 341.070884] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 341.080079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 341.088808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 341.097915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 341.106543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 341.122388] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 341.131273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 341.161360] 8021q: adding VLAN 0 to HW filter on device batadv0 05:17:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123d319bd070") clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000000c0), 0x0, 0x0, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000080)) ptrace(0x10, r1) waitid(0x1, r1, 0x0, 0x2, 0x0) 05:17:51 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123d319bd070") clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000000c0), 0x0, 0x0, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000080)) ptrace(0x10, r1) waitid(0x1, r1, 0x0, 0x2, 0x0) 05:17:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x4c, 0x0, &(0x7f0000000640)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x8, 0xfffffffffffffffe, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 05:17:52 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123d319bd070") clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000000c0), 0x0, 0x0, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000080)) ptrace(0x10, r1) waitid(0x1, r1, 0x0, 0x2, 0x0) [ 343.379536] IPVS: ftp: loaded support on port[0] = 21 [ 343.532738] chnl_net:caif_netlink_parms(): no params data found [ 343.608904] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.617144] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.626059] device bridge_slave_0 entered promiscuous mode [ 343.636808] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.643586] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.652777] device bridge_slave_1 entered promiscuous mode [ 343.688078] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 343.701217] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 343.747877] team0: Port device team_slave_0 added [ 343.757138] team0: Port device team_slave_1 added 05:17:52 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123d319bd070") clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f00000000c0), 0x0, 0x0, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000080)) ptrace(0x10, r1) waitid(0x1, r1, 0x0, 0x2, 0x0) [ 343.946871] device hsr_slave_0 entered promiscuous mode [ 343.983635] device hsr_slave_1 entered promiscuous mode [ 344.186535] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.193334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 344.200451] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.207398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.303865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.327340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 344.338423] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.348446] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.362970] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 344.386143] 8021q: adding VLAN 0 to HW filter on device team0 [ 344.404374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 344.414118] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.420910] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.485877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 344.494757] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.501431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 344.512784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 344.524045] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 344.533729] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 344.542310] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 344.553733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 344.573734] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 344.603885] 8021q: adding VLAN 0 to HW filter on device batadv0 05:17:53 executing program 0: r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffffffb4, &(0x7f0000000140)="e22e98bf") [ 344.711708] binder: 9972:9974 transaction failed 29189/-22, size 8--2 line 2995 [ 344.721871] binder: undelivered TRANSACTION_ERROR: 29189 05:17:53 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000280)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, 0x0) 05:17:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x7, 0x0) timerfd_settime(r0, 0x0, 0x0, 0x0) 05:17:54 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x2005edf, 0x2) unshare(0x40000000) socket$pptp(0x18, 0x1, 0x2) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045515, &(0x7f0000000780)={0x81, 0x0, 0x0, 0x0, 0x0, 0x500}) 05:17:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f00000002c0)="f2acb817018ee0ba2000ec0f71d22666b8980000000f23c00f21f86635020000000f23f86635a9c700000f350f22e70f352e65de57d9", 0x36}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000040)=0x1c) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 345.036848] IPVS: ftp: loaded support on port[0] = 21 [ 345.088596] usb usb9: usbfs: process 9992 (syz-executor.1) did not claim interface 0 before use [ 345.106017] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 345.183797] kvm: pic: non byte read [ 345.326422] IPVS: ftp: loaded support on port[0] = 21 05:17:54 executing program 1: r0 = socket$inet6(0xa, 0x80803, 0x100000000000001) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000000)={'filter\x00'}, 0x28) [ 345.553301] kvm: pic: non byte read 05:17:54 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x2) sendto$inet6(r0, 0x0, 0xffffffffffffff8d, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, &(0x7f0000000080)=0x10) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x101000, 0x0) ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f00000000c0)=0x6) 05:17:54 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl(r0, 0x2, &(0x7f0000000000)="7409fb0e3a98b4c7e58cb7f7d2b304f9979fafe17f1c40113bd660cb6e61110610e4cdf3a4803cd2df2a0a91e86d9bc96e48d552dd4015e434b3e4805dab8ced420739123e4031c64f9baf3438100999674ec1c4238b4f7888bcbf3b7414bbd50ee39856096fb0dde22a2af3d778045e90a501f84603868d7292d9d078e64ee27e405d08b311a8e6b546c574ff7dff845d7ec0f5ebd69aca6547fbcef559050cc5466a530f9fe691b7602d8482cd96698206d6dde868e85cfe028144435e24e94e978498") fcntl$notify(r0, 0x402, 0x80000001) syz_execute_func(&(0x7f0000000140)="1c1e98cd801b69e4f56962f569ad6200d9c4e5c441395bf98fe9589b26c7e4c753fbc4e101f2652e67430f4be2fec4427d82dbadf4ffffff00c4f21643e355c4c3dd6d68074851b651c402e90633e9509b9b9bc20000c1ea01efc4e301207401f20cc3c4c17e121245363ef80f996603c4e37d04c100392c24245e5bf447000026400f0d18c401fe5ff6e3df646736676670664336660fd2938c0000000f01c3c403de5e1bfb04114414ad") 05:17:54 executing program 1: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0x6, 0x7f, 0x10000}) ftruncate(r0, 0x81ff) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x12, r1, 0x0) pread64(r0, &(0x7f0000000000)=""/20, 0x14, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4004010}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x1d8, 0xf, 0x6, 0x308, 0x70bd2a, 0x25dfdbff, {0x7, 0x0, 0x4}, [@nested={0x4, 0x70}, @generic="528c13a25e9a844d05b6d68e9628d88672542a5285117758955cd912200de8d4335a0aa44b17e42b275bca46dd659af7c1ff084c19467c2b720d43836c8d5881544722554646bb166c750adb9ce632045da8330688c7003d5b567ca4deca67", @nested={0x160, 0x79, [@typed={0x8, 0x0, @u32=0x4b38ef6e}, @generic="8cfdc507b5ecb834f056f0a32f33fc34bd558d0a92ab4842b2ec1790c8dd33e2a9e0f4e6faa8980eeaf553b67582180cf9b9622526168cc819a0cc3e3c597315f67378", @generic="1951d0c9b9d71bd428a1a2bd5d68c362df42b2be21bda00d649b445fc59ae5aaed5fa9d93c86c23f", @generic="1cca13f41c681a0b63d84c9142b20567624d9d2096847af533d1d21238449f93e71d36dcc4d516aa589c1a6f468122356b6d0977b40e8d45ed0d8fb8e533b3cb58529e836f0985afdd3e2b1e76d8736f57e27a94d1d51d0e1e32ea6fc3f45ed6f6618deb512d46319f1ea44cfa769b947b31ba5bb759ee942e360097e2dc96fc69b87396e08dfc313d987def066cd2739c6d16861aa1c2c12609be25936e767ce68ab555422e1cf07183956535b98d106849bbbbbaf049054e4650fb275f4920013c8a809b35f7e90cbaf9e1df78813b125b0633e028f46e8811c2bc35ac736a0ae71060a29c"]}]}, 0x1d8}}, 0x4004040) mlock(&(0x7f0000006000/0x2000)=nil, 0x2000) fallocate(r0, 0x3, 0x0, 0x80000000) 05:17:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, 0x0) ioctl$KVM_NMI(r2, 0xae9a) 05:17:55 executing program 1: r0 = socket$inet(0x10, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="24000000140007841dfffd946f6105000a0081001f03f60505000800080016000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) close(r0) 05:17:55 executing program 0: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000aac000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00000ee000/0x4000)=nil) madvise(&(0x7f00000b5000/0x2000)=nil, 0x2000, 0xf) mbind(&(0x7f0000024000/0xc00000)=nil, 0xc00000, 0x3, &(0x7f0000c28000)=0x800003f, 0xf0, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x3, 0x2) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000040)="a0552a817e2332f7d5423d53987bce50101124ae5d73815d6acc089141ec837e73beba6d899e605b721478fdabf90802f89e2b114dbcf642fb409dc47661ca110707c5e1fedc39e0cf77c75be35697b6870740bff976ee46c14ebb64461973d0602801bfef528c9b67d0d9a60775a4be72033f73e9d29d841a7cda28eefc627d39b0955cfa14e323a3b902f0c32eb60a1def39844a1866144146bcd12152c7bb12cb47a4") [ 346.224062] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 05:17:55 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = eventfd2(0x0, 0x0) r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000d4a000)={0xffffffff80000005}) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r1, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000fe0ff4)) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x400, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0xffffff80, 0x7c}}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x14000, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f0000000100)={0xffffffffffffffff}, 0x0, {0xa, 0x4e20, 0x4, @rand_addr="143513531ab525cbc7da1dd4ab4208f2", 0x4ba2}}}, 0x38) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r4, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f00000000c0), r5}}, 0x18) 05:17:55 executing program 0: unshare(0x20600) r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2, 0x0) ioctl(r0, 0xc0884123, &(0x7f0000000000)) pwritev(r1, &(0x7f0000000100)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)="54e30fc66d90d97acfa9565996b41320bd26bb2abe09bb553c0b2507ab947bb9e5a64acfd090", 0x26}], 0x2, 0x0) 05:17:55 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0xe6) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000500)='/dev/full\x00', 0x20000, 0x0) write$P9_RSYMLINK(r1, &(0x7f0000000540)={0x14, 0x11, 0x1, {0x0, 0x3, 0x5}}, 0x14) r2 = dup(r0) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000580)={0x3004, 0x4000, 0x7a, 0x9, 0x80000000}) read$eventfd(r2, 0xffffffffffffffff, 0x30) preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000100)=""/115, 0x73}, {&(0x7f0000000000)=""/8, 0x8}, {&(0x7f0000000080)=""/48, 0x30}, {&(0x7f0000000180)=""/170, 0xaa}, {&(0x7f0000000240)=""/22, 0x16}, {&(0x7f0000000280)=""/184, 0xb8}, {&(0x7f0000000340)=""/49, 0x31}, {&(0x7f0000000380)=""/219, 0xdb}], 0x8, 0x7) sendto$rxrpc(r2, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @initdev}}, 0x6) ioctl$FICLONE(r0, 0x40049409, r2) [ 346.756355] ================================================================== [ 346.763859] BUG: KMSAN: kernel-infoleak in copyout+0x16b/0x1f0 [ 346.770155] CPU: 0 PID: 10035 Comm: blkid Not tainted 5.1.0-rc7+ #5 [ 346.777488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 346.787292] Call Trace: [ 346.790205] dump_stack+0x191/0x1f0 [ 346.793998] kmsan_report+0x130/0x2a0 [ 346.798747] kmsan_internal_check_memory+0x974/0xa80 [ 346.804180] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 346.809977] kmsan_copy_to_user+0xa9/0xb0 [ 346.814184] copyout+0x16b/0x1f0 [ 346.817610] copy_page_to_iter+0x654/0x1910 [ 346.822114] generic_file_read_iter+0x2979/0x3e70 [ 346.827174] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 346.833401] blkdev_read_iter+0x20d/0x270 [ 346.838316] ? blkdev_write_iter+0x650/0x650 [ 346.842929] __vfs_read+0x9af/0xbe0 [ 346.847181] vfs_read+0x359/0x6f0 [ 346.857105] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 346.867124] ksys_read+0x1c5/0x440 [ 346.870759] __se_sys_read+0x92/0xb0 [ 346.874588] __x64_sys_read+0x4a/0x70 [ 346.878453] do_syscall_64+0xbc/0xf0 [ 346.882547] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 346.888142] RIP: 0033:0x7ff0493c8310 [ 346.892025] Code: 73 01 c3 48 8b 0d 28 4b 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 83 3d e5 a2 2b 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e 8a 01 00 48 89 04 24 [ 346.911780] RSP: 002b:00007ffc9d0b59c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 346.919616] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff0493c8310 [ 346.927033] RDX: 0000000000000100 RSI: 00000000019ffdf8 RDI: 0000000000000003 [ 346.934721] RBP: 00000000019ffdd0 R08: 0000000000000028 R09: 0000000001680000 [ 346.942296] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000019ff030 [ 346.949631] R13: 0000000000000100 R14: 00000000019ff080 R15: 00000000019ffde8 [ 346.957205] [ 346.958952] Uninit was created at: [ 346.962851] kmsan_save_stack_with_flags+0x7a/0x130 [ 346.968593] kmsan_internal_alloc_meta_for_pages+0x10f/0x500 [ 346.975044] kmsan_alloc_page+0x7a/0xf0 [ 346.979392] __alloc_pages_nodemask+0x143d/0x5e90 [ 346.984380] alloc_pages_current+0x6a0/0x9b0 [ 346.989221] __page_cache_alloc+0x95/0x320 [ 346.994026] pagecache_get_page+0x443/0x11f0 [ 346.998670] grab_cache_page_write_begin+0x100/0x180 [ 347.004262] block_write_begin+0xdd/0x340 [ 347.008669] blkdev_write_begin+0xf5/0x110 [ 347.013117] generic_perform_write+0x424/0x990 [ 347.018106] __generic_file_write_iter+0x421/0xa30 [ 347.023540] blkdev_write_iter+0x3ef/0x650 [ 347.028315] do_iter_readv_writev+0x9b3/0xbe0 [ 347.033073] do_iter_write+0x304/0xdc0 [ 347.037184] do_pwritev+0x482/0x7d0 [ 347.040853] __se_sys_pwritev+0xc6/0xe0 [ 347.044962] __x64_sys_pwritev+0x62/0x80 [ 347.049435] do_syscall_64+0xbc/0xf0 [ 347.053336] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 347.058952] [ 347.060619] Bytes 40-255 of 256 are uninitialized [ 347.065754] Memory access of size 256 starts at ffff88805d6a8000 [ 347.072356] Data copied to user address 00000000019ffdf8 [ 347.077947] ================================================================== [ 347.085373] Disabling lock debugging due to kernel taint [ 347.090946] Kernel panic - not syncing: panic_on_warn set ... [ 347.096972] CPU: 0 PID: 10035 Comm: blkid Tainted: G B 5.1.0-rc7+ #5 [ 347.104918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 347.114426] Call Trace: [ 347.117166] dump_stack+0x191/0x1f0 [ 347.120864] panic+0x3ca/0xafe [ 347.124157] kmsan_report+0x298/0x2a0 [ 347.128039] kmsan_internal_check_memory+0x974/0xa80 [ 347.133302] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 347.138828] kmsan_copy_to_user+0xa9/0xb0 [ 347.143083] copyout+0x16b/0x1f0 [ 347.146552] copy_page_to_iter+0x654/0x1910 [ 347.151162] generic_file_read_iter+0x2979/0x3e70 [ 347.156899] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 347.162542] blkdev_read_iter+0x20d/0x270 [ 347.166762] ? blkdev_write_iter+0x650/0x650 [ 347.171236] __vfs_read+0x9af/0xbe0 [ 347.174960] vfs_read+0x359/0x6f0 [ 347.178592] ? kmsan_get_shadow_origin_ptr+0x71/0x470 [ 347.183841] ksys_read+0x1c5/0x440 [ 347.187570] __se_sys_read+0x92/0xb0 [ 347.191368] __x64_sys_read+0x4a/0x70 [ 347.195220] do_syscall_64+0xbc/0xf0 [ 347.199164] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 347.204402] RIP: 0033:0x7ff0493c8310 [ 347.208349] Code: 73 01 c3 48 8b 0d 28 4b 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 83 3d e5 a2 2b 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 6e 8a 01 00 48 89 04 24 [ 347.227585] RSP: 002b:00007ffc9d0b59c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 347.235534] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff0493c8310 [ 347.242851] RDX: 0000000000000100 RSI: 00000000019ffdf8 RDI: 0000000000000003 [ 347.250424] RBP: 00000000019ffdd0 R08: 0000000000000028 R09: 0000000001680000 [ 347.258229] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000019ff030 [ 347.265634] R13: 0000000000000100 R14: 00000000019ff080 R15: 00000000019ffde8 [ 347.274339] Kernel Offset: disabled [ 347.278636] Rebooting in 86400 seconds..