[ 69.831070] audit: type=1800 audit(1547903768.874:25): pid=9863 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 69.850201] audit: type=1800 audit(1547903768.884:26): pid=9863 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 69.869507] audit: type=1800 audit(1547903768.894:27): pid=9863 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 70.836671] sshd (9930) used greatest stack depth: 54176 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts. 2019/01/19 13:16:22 fuzzer started 2019/01/19 13:16:27 dialing manager at 10.128.0.26:42919 syzkaller login: [ 88.302202] ld (10022) used greatest stack depth: 53632 bytes left 2019/01/19 13:16:27 syscalls: 1 2019/01/19 13:16:27 code coverage: enabled 2019/01/19 13:16:27 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/19 13:16:27 extra coverage: extra coverage is not supported by the kernel 2019/01/19 13:16:27 setuid sandbox: enabled 2019/01/19 13:16:27 namespace sandbox: enabled 2019/01/19 13:16:27 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/19 13:16:27 fault injection: enabled 2019/01/19 13:16:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/19 13:16:27 net packet injection: enabled 2019/01/19 13:16:27 net device setup: enabled 13:18:14 executing program 0: recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x2000, &(0x7f0000000100)={0x2, 0x0, @broadcast}, 0x10) r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setitimer(0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4800000000000000, 0x0, 0x0, 0x234, 0x0, 0x0}) execveat(r1, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300)=[0x0, &(0x7f0000000200)='/dev/binder#\x00', &(0x7f0000000240)='}cpusetsystem/vmnet0\x00', &(0x7f0000000280)='/dev/binder#\x00', &(0x7f00000002c0)='/dev/binder#\x00'], 0x0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 195.523004] IPVS: ftp: loaded support on port[0] = 21 [ 195.639801] chnl_net:caif_netlink_parms(): no params data found [ 195.700463] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.707263] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.715041] device bridge_slave_0 entered promiscuous mode [ 195.723527] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.729949] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.737746] device bridge_slave_1 entered promiscuous mode [ 195.764218] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.774594] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.800508] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 195.808819] team0: Port device team_slave_0 added [ 195.814853] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 195.822905] team0: Port device team_slave_1 added [ 195.829131] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 195.837264] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 195.985494] device hsr_slave_0 entered promiscuous mode [ 196.112214] device hsr_slave_1 entered promiscuous mode [ 196.242556] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 196.249895] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 196.273533] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.280000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.287057] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.293557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.358822] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 196.365093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.376315] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 196.387619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.410550] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.448236] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.485416] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 196.531336] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 196.537554] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.551424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.560586] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.567080] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.607125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.615327] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.621834] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.630993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.640029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.652683] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.660654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.672208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 196.679256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.687531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.698806] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 196.705315] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.725398] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 196.740617] 8021q: adding VLAN 0 to HW filter on device batadv0 13:18:15 executing program 0: clone(0xa0004500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='oom_score\x00') ppoll(0x0, 0x0, 0x0, 0x0, 0x0) sendfile(r0, r0, &(0x7f00000000c0)=0x5, 0x3) [ 196.840667] syz-executor0 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 196.855122] binder: 10035:10036 ioctl c0306201 20000180 returned -14 13:18:16 executing program 0: clone(0xa0004500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='oom_score\x00') ppoll(0x0, 0x0, 0x0, 0x0, 0x0) sendfile(r0, r0, &(0x7f00000000c0)=0x5, 0x3) 13:18:16 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000f85ff1)='/dev/snd/timer\x00', 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000000)={0x1, 0x200}) clone(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0xc0145401, &(0x7f0000000000)) [ 198.237604] IPVS: ftp: loaded support on port[0] = 21 [ 198.358066] chnl_net:caif_netlink_parms(): no params data found [ 198.417088] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.423673] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.431432] device bridge_slave_0 entered promiscuous mode [ 198.442851] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.449372] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.457244] device bridge_slave_1 entered promiscuous mode [ 198.486018] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.496724] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.525764] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready 13:18:17 executing program 0: clone(0xa0004500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='oom_score\x00') ppoll(0x0, 0x0, 0x0, 0x0, 0x0) sendfile(r0, r0, &(0x7f00000000c0)=0x5, 0x3) [ 198.533863] team0: Port device team_slave_0 added [ 198.539833] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 198.547933] team0: Port device team_slave_1 added [ 198.555308] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 198.563607] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 198.659014] device hsr_slave_0 entered promiscuous mode [ 198.762374] device hsr_slave_1 entered promiscuous mode [ 198.843548] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 198.851472] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 198.887449] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 198.954054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.965806] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.976543] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.983406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.990985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.004697] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 199.010794] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.023049] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 199.030160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.038546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.046547] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.053041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.065749] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 199.078594] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 199.089144] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.096765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.104557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.112891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.120835] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.127319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.135702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.144459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.158167] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 199.169013] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 199.180423] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 199.191220] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 199.200233] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 199.209967] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 199.221275] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 199.228981] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.237785] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.246381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.255085] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.264782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.272985] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.281492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.289696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.310412] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 199.324705] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.344003] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.351951] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 13:18:18 executing program 0: clone(0xa0004500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='oom_score\x00') ppoll(0x0, 0x0, 0x0, 0x0, 0x0) sendfile(r0, r0, &(0x7f00000000c0)=0x5, 0x3) 13:18:18 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000f85ff1)='/dev/snd/timer\x00', 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000000)={0x1, 0x200}) clone(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0xc0145401, &(0x7f0000000000)) 13:18:18 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000f85ff1)='/dev/snd/timer\x00', 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000000)={0x1, 0x200}) clone(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0xc0145401, &(0x7f0000000000)) 13:18:18 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000f85ff1)='/dev/snd/timer\x00', 0x0, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000000)={0x1, 0x200}) clone(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0xc0145401, &(0x7f0000000000)) 13:18:18 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 'syz1\x00', &(0x7f0000000040)=['vboxnet0\x00', '\x00'], 0xa}) 13:18:19 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 'syz1\x00', &(0x7f0000000040)=['vboxnet0\x00', '\x00'], 0xa}) 13:18:19 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 'syz1\x00', &(0x7f0000000040)=['vboxnet0\x00', '\x00'], 0xa}) 13:18:19 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 'syz1\x00', &(0x7f0000000040)=['vboxnet0\x00', '\x00'], 0xa}) 13:18:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000180)={{0x0, @multicast2, 0x0, 0x0, 'lc\x00'}, {@broadcast}}, 0x44) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 13:18:19 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'eql\x00', 0x45ef6e60c400570e}) preadv(r1, &(0x7f0000000100)=[{&(0x7f00000012c0)=""/217, 0x2}], 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8914, &(0x7f00000000c0)={'eql\x00\x00\x00\xa9[\x00', @ifru_mtu=0x1}) 13:18:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000180)={{0x0, @multicast2, 0x0, 0x0, 'lc\x00'}, {@broadcast}}, 0x44) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 13:18:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000180)={{0x0, @multicast2, 0x0, 0x0, 'lc\x00'}, {@broadcast}}, 0x44) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 13:18:19 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'eql\x00', 0x45ef6e60c400570e}) preadv(r1, &(0x7f0000000100)=[{&(0x7f00000012c0)=""/217, 0x2}], 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8914, &(0x7f00000000c0)={'eql\x00\x00\x00\xa9[\x00', @ifru_mtu=0x1}) 13:18:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000180)={{0x0, @multicast2, 0x0, 0x0, 'lc\x00'}, {@broadcast}}, 0x44) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) 13:18:20 executing program 0: ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2693}) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x2ef, &(0x7f0000d1b000), 0x0, &(0x7f000012e000)}, 0x0) recvmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)=""/202, 0xca}], 0x1, &(0x7f0000000540)=""/153, 0x99}, 0x0) write$binfmt_script(r0, &(0x7f0000000200)={'#! ', './file0'}, 0xb) 13:18:20 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'eql\x00', 0x45ef6e60c400570e}) preadv(r1, &(0x7f0000000100)=[{&(0x7f00000012c0)=""/217, 0x2}], 0x1, 0x0) ioctl$sock_ifreq(r0, 0x8914, &(0x7f00000000c0)={'eql\x00\x00\x00\xa9[\x00', @ifru_mtu=0x1}) [ 201.271598] ================================================================== [ 201.279100] BUG: KMSAN: uninit-value in tipc_conn_rcv_sub+0x187/0x9d0 [ 201.285671] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.0.0-rc1+ #7 [ 201.292321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.301667] Workqueue: tipc_rcv tipc_conn_recv_work [ 201.306669] Call Trace: [ 201.309253] dump_stack+0x173/0x1d0 [ 201.312882] kmsan_report+0x12e/0x2a0 [ 201.316684] __msan_warning+0x82/0xf0 [ 201.320492] tipc_conn_rcv_sub+0x187/0x9d0 [ 201.324740] tipc_conn_recv_work+0x3dc/0x5e0 [ 201.329158] ? gfn_to_memslot+0x2a5/0x4f0 [ 201.333298] ? tipc_conn_send_work+0x11a0/0x11a0 [ 201.338047] ? tipc_conn_send_work+0x11a0/0x11a0 [ 201.342807] process_one_work+0x1607/0x1f80 [ 201.347164] worker_thread+0x111c/0x2460 [ 201.351244] kthread+0x4a1/0x4e0 [ 201.354609] ? process_one_work+0x1f80/0x1f80 [ 201.359102] ? schedule_tail+0x1b2/0x410 [ 201.363172] ? kthread_blkcg+0xf0/0xf0 [ 201.367067] ret_from_fork+0x35/0x40 [ 201.370790] [ 201.372412] Local variable description: ----s.i@tipc_conn_recv_work [ 201.378803] Variable was created at: [ 201.382515] tipc_conn_recv_work+0x68/0x5e0 [ 201.386835] process_one_work+0x1607/0x1f80 [ 201.391144] ================================================================== [ 201.398494] Disabling lock debugging due to kernel taint [ 201.403937] Kernel panic - not syncing: panic_on_warn set ... [ 201.409817] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.0.0-rc1+ #7 [ 201.417868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.427224] Workqueue: tipc_rcv tipc_conn_recv_work [ 201.432233] Call Trace: [ 201.434820] dump_stack+0x173/0x1d0 [ 201.438443] panic+0x3d1/0xb01 [ 201.441652] kmsan_report+0x293/0x2a0 [ 201.445454] __msan_warning+0x82/0xf0 [ 201.449254] tipc_conn_rcv_sub+0x187/0x9d0 [ 201.453498] tipc_conn_recv_work+0x3dc/0x5e0 [ 201.457921] ? gfn_to_memslot+0x2a5/0x4f0 [ 201.462072] ? tipc_conn_send_work+0x11a0/0x11a0 [ 201.466838] ? tipc_conn_send_work+0x11a0/0x11a0 [ 201.471588] process_one_work+0x1607/0x1f80 [ 201.475935] worker_thread+0x111c/0x2460 [ 201.480018] kthread+0x4a1/0x4e0 [ 201.483384] ? process_one_work+0x1f80/0x1f80 [ 201.487872] ? schedule_tail+0x1b2/0x410 [ 201.491940] ? kthread_blkcg+0xf0/0xf0 [ 201.495831] ret_from_fork+0x35/0x40 [ 201.500788] Kernel Offset: disabled [ 201.504406] Rebooting in 86400 seconds..