[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 104.522241] audit: type=1800 audit(1547173645.572:25): pid=11244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 104.541426] audit: type=1800 audit(1547173645.582:26): pid=11244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 104.560861] audit: type=1800 audit(1547173645.592:27): pid=11244 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. 2019/01/11 02:27:39 fuzzer started syzkaller login: [ 122.481501] as (11400) used greatest stack depth: 53632 bytes left 2019/01/11 02:27:45 dialing manager at 10.128.0.26:37813 2019/01/11 02:27:45 syscalls: 1 2019/01/11 02:27:45 code coverage: enabled 2019/01/11 02:27:45 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/01/11 02:27:45 setuid sandbox: enabled 2019/01/11 02:27:45 namespace sandbox: enabled 2019/01/11 02:27:45 Android sandbox: /sys/fs/selinux/policy does not exist 2019/01/11 02:27:45 fault injection: enabled 2019/01/11 02:27:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/01/11 02:27:45 net packet injection: enabled 2019/01/11 02:27:45 net device setup: enabled 02:28:42 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={0x0, 0x0, &(0x7f00008b7ff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000002010100000000020000000000000000100002000c00014044e30f4f168a42da"], 0x24}}, 0x0) [ 181.695294] IPVS: ftp: loaded support on port[0] = 21 [ 181.873154] chnl_net:caif_netlink_parms(): no params data found [ 181.950622] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.957326] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.965799] device bridge_slave_0 entered promiscuous mode [ 181.975763] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.982360] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.990676] device bridge_slave_1 entered promiscuous mode [ 182.026543] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 182.038128] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.070184] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.079062] team0: Port device team_slave_0 added [ 182.086202] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.095019] team0: Port device team_slave_1 added [ 182.101244] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.110459] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.217164] device hsr_slave_0 entered promiscuous mode [ 182.472535] device hsr_slave_1 entered promiscuous mode [ 182.733524] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 182.741067] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 182.773539] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.780185] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.787520] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.794139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.891916] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 182.898052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.908355] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.918365] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.931021] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 182.950140] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 182.963075] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 182.969873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.978114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.995219] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 183.001339] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.016691] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 183.024450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.034562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.043151] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.049671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.066926] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.080633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.089088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.098126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.106849] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.113381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.122783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.142804] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 183.156268] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.169389] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.177567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.187046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.196276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.205762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.215107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.225778] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.244724] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 183.256573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.269406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.284741] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 183.295148] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 183.307541] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 183.313737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.323296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.332103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.363745] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 183.385955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.553530] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. 02:28:44 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={0x0, 0x0, &(0x7f00008b7ff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000002010100000000020000000000000000100002000c00014044e30f4f168a42da"], 0x24}}, 0x0) 02:28:44 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={0x0, 0x0, &(0x7f00008b7ff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000002010100000000020000000000000000100002000c00014044e30f4f168a42da"], 0x24}}, 0x0) [ 183.659335] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. 02:28:44 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000498000)={0x0, 0x0, &(0x7f00008b7ff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000002010100000000020000000000000000100002000c00014044e30f4f168a42da"], 0x24}}, 0x0) [ 183.777357] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. [ 183.882124] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. 02:28:45 executing program 0: r0 = socket(0x20000000000000a, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) getsockopt$inet6_int(r0, 0x29, 0x46, 0x0, &(0x7f0000329000)) 02:28:45 executing program 0: r0 = socket(0x20000000000000a, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) getsockopt$inet6_int(r0, 0x29, 0x46, 0x0, &(0x7f0000329000)) 02:28:45 executing program 0: r0 = socket(0x20000000000000a, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) getsockopt$inet6_int(r0, 0x29, 0x46, 0x0, &(0x7f0000329000)) 02:28:45 executing program 0: r0 = socket(0x20000000000000a, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) getsockopt$inet6_int(r0, 0x29, 0x46, 0x0, &(0x7f0000329000)) 02:28:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x14, 0x18, 0x800001, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) 02:28:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x14, 0x18, 0x800001, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) 02:28:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x14, 0x18, 0x800001, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) 02:28:45 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x14, 0x18, 0x800001, 0x0, 0x0, {0x5}}, 0x14}}, 0x0) 02:28:45 executing program 0: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f00000001c0)={0x18, 0x0, {0x4, @dev={[], 0xa}, 'lo\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000005b40), 0x40000000000014d, 0x0) recvmmsg(r0, &(0x7f0000004440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 02:28:46 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@local}, {}, {}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {{@in6=@loopback}, 0x0, @in=@multicast2}}, 0xe8) 02:28:46 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@local}, {}, {}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {{@in6=@loopback}, 0x0, @in=@multicast2}}, 0xe8) 02:28:46 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@local}, {}, {}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {{@in6=@loopback}, 0x0, @in=@multicast2}}, 0xe8) 02:28:46 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@local}, {}, {}, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {{@in6=@loopback}, 0x0, @in=@multicast2}}, 0xe8) 02:28:46 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1=0xe0000306, @dev={0xac, 0x14, 0x14, 0xc}, @multicast1}, 0xc) 02:28:46 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1=0xe0000306, @dev={0xac, 0x14, 0x14, 0xc}, @multicast1}, 0xc) 02:28:46 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1=0xe0000306, @dev={0xac, 0x14, 0x14, 0xc}, @multicast1}, 0xc) 02:28:46 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1=0xe0000306, @dev={0xac, 0x14, 0x14, 0xc}, @multicast1}, 0xc) 02:28:46 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000440)='ip6tnl0\x00', 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e23, 0xfffffffffffff25d, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x800}}, 0x401, 0x545ff901, 0x3, 0x8, 0x8}, &(0x7f00000000c0)=0x98) r2 = dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000300)={r1, 0x9a, "b74a5fb16f215384bd074f6c4486f6368c1e3a3afe99aed3ad22d50a2ab672f270004444cb5ef58301be0df614d13665f254facde40bdb09472e947d0aa8a64f3ed6bb2271f148d7e960914ff9f28e166182dddf573a5505e92270ceae638811a7ac14e6b12041ddf73ef20e7a50cd36c71ead0c00b5d5c8271e47824ad479b95f0c5ab31b4bddf36201dbbff4040d82d45b99c13da2d7cd55e2"}, &(0x7f00000003c0)=0xa2) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000001c0)={{{@in6=@loopback, @in=@remote}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f00000002c0)=0xe8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000100)={r1, @in={{0x2, 0x0, @broadcast}}, 0x9, 0x20}, 0x90) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000400)=r1, 0x4) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0) 02:28:46 executing program 0: mmap(&(0x7f0000000000/0x19000)=nil, 0x19000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x3, 0x4800) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000040)={0x0, 0x6, 0x3}) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000e53fe8)) unshare(0x400) [ 185.812073] ================================================================== [ 185.819507] BUG: KMSAN: uninit-value in br_mdb_ip_get+0x52b/0x740 [ 185.825771] CPU: 0 PID: 11379 Comm: udevd Not tainted 5.0.0-rc1+ #7 [ 185.832179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.841675] Call Trace: [ 185.844285] [ 185.846473] dump_stack+0x173/0x1d0 [ 185.850128] kmsan_report+0x12e/0x2a0 [ 185.853975] __msan_warning+0x82/0xf0 [ 185.857822] br_mdb_ip_get+0x52b/0x740 [ 185.861743] ? br_multicast_new_group+0x5e/0x1640 [ 185.866612] br_multicast_new_group+0xa7/0x1640 [ 185.871335] ? csum_partial+0x423/0x4c0 [ 185.875359] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 185.880574] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 185.885800] br_multicast_add_group+0x242/0xf00 [ 185.890494] ? ip_mc_check_igmp+0xe3b/0x1680 [ 185.894935] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 185.900147] br_multicast_rcv+0x3a88/0x6560 [ 185.904496] ? smp_apic_timer_interrupt+0x48/0x70 [ 185.909412] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 185.914620] br_dev_xmit+0xbc5/0x16a0 [ 185.918475] ? br_net_exit+0x230/0x230 [ 185.922382] dev_hard_start_xmit+0x604/0xc40 [ 185.926865] __dev_queue_xmit+0x2e48/0x3b80 [ 185.931211] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 185.936456] dev_queue_xmit+0x4b/0x60 [ 185.940292] ip_finish_output2+0x156d/0x1820 [ 185.944759] ip_finish_output+0xd2b/0xfd0 [ 185.948981] ip_output+0x53f/0x610 [ 185.952573] ? ip_mc_finish_output+0x3b0/0x3b0 [ 185.957175] ? ip_finish_output+0xfd0/0xfd0 [ 185.961538] ip_local_out+0x164/0x1d0 [ 185.965390] igmp_ifc_timer_expire+0x12cb/0x1aa0 [ 185.970200] call_timer_fn+0x285/0x600 [ 185.974196] ? igmp_gq_timer_expire+0xe0/0xe0 [ 185.978751] __run_timers+0xdb4/0x11d0 [ 185.982688] ? igmp_gq_timer_expire+0xe0/0xe0 [ 185.987217] ? timers_dead_cpu+0xa50/0xa50 [ 185.991467] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 185.996670] ? timers_dead_cpu+0xa50/0xa50 [ 186.000923] run_timer_softirq+0x2e/0x50 [ 186.005013] __do_softirq+0x53f/0x93a [ 186.008865] irq_exit+0x214/0x250 02:28:47 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xffffffffffffffe0, 0x2000) ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f0000000040)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$VT_RELDISP(r0, 0x5605) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000080)={{{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000180)=0xe8) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r0, r1, r2) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000280), 0x4) getgroups(0x3, &(0x7f00000002c0)=[r2, r2, r2]) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000300)=""/4096) ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x10000) ioctl$VHOST_GET_VRING_BASE(r0, 0xc008af12, &(0x7f0000001300)) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000001340)) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f00000014c0)=""/10) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000001500)) ioctl$sock_bt_bnep_BNEPCONNDEL(r0, 0x400442c9, &(0x7f0000001540)={0x800, @dev={[], 0x1b}}) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f0000001580)) ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f00000016c0)) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000001700)={0x10204, 0x1, 0x100000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000001740)=r0) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000001780)) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000017c0)='tls\x00', 0x4) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001840)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000001900)={&(0x7f0000001800)={0x10, 0x0, 0x0, 0x80800084}, 0xc, &(0x7f00000018c0)={&(0x7f0000001880)={0x1c, r3, 0x104, 0x70bd2d, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4005) sendmsg$nl_generic(r0, &(0x7f0000001e00)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001dc0)={&(0x7f0000001980)={0x40c, 0x41, 0x600, 0x70bd27, 0x25dfdbfd, {0x1c}, [@typed={0x14, 0x2, @ipv6=@dev={0xfe, 0x80, [], 0x1e}}, @nested={0x3e4, 0x82, [@generic="d835fb862cc2116ee12c859e2c1420474a1c519eeb158dc9ca2bfe25941f85ec56b9792035a459aabf811a0c1f802418fd9fbc2ba733b21d0cdf4af4c3155b077c80157a3bbe80c2f5976ad7eebf9f53839fc345bb11db9a10d0e328f5901678767959ba5f4f8797d8bdc7b1159308b4d24a1fad4e7c5a13824f24dc373fd753433f819fcdb22dfbd7e7c29c9e2ade1bb5b4651f7a566606398d86abc93c03afb3c896", @typed={0xc, 0x19, @u64=0x80000001}, @generic="b12285c7058216c6ac29dc1e9d35173473b8fcec252002b8c477a3c3fd8c0f2668d7bf90e884054fdef5e0a45711d9bc6179aede4d3a648fd470f4f72d083cc7cd5075f73889177768fd781a08c905e2605a6b5f804fcca04e82cc4d3770ac8e2bd3fa6552698080c3ef624639670b2f2256de30a2f91b6025e13702f569e620ee3fea8f55b94180236ad8e1540cc93bdc6f774d34a552fc6bc1047e9de85afa98569f70f631471d95a141c3e11d83bb682b1734fa0b32cb5ddb48dbbb6e6a451ad7cddd70d0", @generic="b1d88371ea2a6cde0b0b415c6bd12556f1dcf6a2f814a7e20f53e5dafa46bd13a280a70497cbbb504b8621167dfec1a49bbf21a7aeee2d3df3fc9c869d8fddb6ec73c1d37ccc296a67684587019f0ab34df4e79b0fd3d09f33e09f6fff131f649bfe71971034bcae03fdc79efc2e", @generic="7733ead2431478e2b1a0eaf35314413f8550a3a69890ada5dd912d8930b44e82ea36fef182c57d61ba0537356e7fbb0f0fe58e69c3eee3f84d538fca0a0b5ce202961f0d6e6e13a7fd2d13359dfa7492d79882f8c307573282fcc21c786e587b4cbea5f0793636044b844edc482a3267483140ae563c271df5cb8417799239e7402cd96fe64ee66750ab5380f88885d6fb7d80141929c734e3ed5e94e961ea2bdc80b72308364b2900cf56b7724da56b6b17b422bb0a3e4ce641a4794ec95dd6e83bb9e031db8c34747cb12df5743afe551e702f45", @typed={0x8, 0x7a, @fd=r0}, @generic="8f44a0855e55e24935edc199c90aaab862d07eca4d1bc9d4c9ba78c8fe176d4935aec704a2ace210c90e932977f49a4383ec09cc8aba8ee6cd68a44ede6c4ab2336de314444fdcde2aa0876b1625f57d7a4edf2539ee32f65fd30c729d902cc6a38836d7941ae8013d875aa8f9c9d0e8c1864a6777c4726a", @typed={0x8, 0x0, @uid=r1}, @generic="5488aad2da91a264cbd41b7c96adfeb480a1ec3c810f2182473505983d819c2d7994e59f09a4c497f2a56fe01d69bdd9f0e767350768b1c339a69f150dccc30c318c805fe5a6c3763574a9b3de0faaea08000f1d5360ddbddd73ec97e46a9e9ac9583c9b9a06a3686e87e3f9524f83da108cda755f9eb8e215e294dac01300590aac699a6f5b84d0a00b5683acd3262b8fbaae70edb9", @typed={0x8, 0x54, @fd=r0}]}]}, 0x40c}, 0x1, 0x0, 0x0, 0x4000}, 0x800) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001e40), &(0x7f0000001e80)=0xc) ioctl$NBD_DISCONNECT(r0, 0xab08) getsockopt$packet_int(r0, 0x107, 0x1f, &(0x7f0000001ec0), &(0x7f0000001f00)=0x4) [ 186.012343] exiting_irq+0xe/0x10 [ 186.015818] smp_apic_timer_interrupt+0x48/0x70 [ 186.020501] apic_timer_interrupt+0x2e/0x40 [ 186.024837] [ 186.027087] RIP: 0010:__msan_chain_origin+0x93/0xe0 [ 186.032113] Code: 89 f7 e8 f0 e0 ff ff 89 c3 65 ff 0c 25 04 90 03 00 65 8b 04 25 04 90 03 00 85 c0 75 30 e8 f5 a2 3f ff 4c 89 7d d0 ff 75 d0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 e0 75 0d 89 d8 48 83 c4 18 5b [ 186.051034] RSP: 0018:ffff8880a53cf6f0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 186.058758] RAX: 0000000000000000 RBX: 00000000a06000af RCX: c7641d3373f0d000 [ 186.066045] RDX: 0000000000000003 RSI: 0000000000480020 RDI: 0000000085c0000c [ 186.073354] RBP: ffff8880a53cf720 R08: 0000000000000003 R09: ffff8880a53cf4ac [ 186.080637] R10: ffffffff8ae01788 R11: 0000000000000000 R12: ffff8880a53cfcd0 [ 186.087914] R13: ffff8880a53cfcc8 R14: 0000000085c0000c R15: 0000000000000246 [ 186.095209] ? __entry_text_end+0x7/0x7 [ 186.099230] step_into+0x70c/0x1b90 [ 186.102931] ? nf_tables_getobj+0xbec/0x12d0 [ 186.107389] walk_component+0x1d0/0xba0 [ 186.111406] link_path_walk+0xa9e/0x2160 [ 186.115532] path_openat+0x30e/0x6b90 [ 186.119413] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.124652] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.129867] do_filp_open+0x2b8/0x710 [ 186.133740] do_sys_open+0x642/0xa30 [ 186.137503] __se_sys_open+0xad/0xc0 [ 186.141242] __x64_sys_open+0x4a/0x70 [ 186.145069] do_syscall_64+0xbc/0xf0 [ 186.148802] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 186.153999] RIP: 0033:0x7f4526cc5120 [ 186.157748] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 186.176656] RSP: 002b:00007ffdb010be48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 186.184382] RAX: ffffffffffffffda RBX: 0000000000ee2fd0 RCX: 00007f4526cc5120 [ 186.191691] RDX: 00000000000001b6 RSI: 0000000000080000 RDI: 00007ffdb010bf20 [ 186.198968] RBP: 00007ffdb010bec0 R08: 0000000000000008 R09: 0000000000000001 [ 186.206251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 02:28:47 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xe8, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20012, r1, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x210440, 0x0) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x9) [ 186.213538] R13: 000000000041f57a R14: 0000000000ed3250 R15: 000000000000000b [ 186.220857] [ 186.222499] Local variable description: ----br_group.i.i@br_multicast_rcv [ 186.229431] Variable was created at: [ 186.233155] br_multicast_rcv+0x1e7/0x6560 [ 186.237411] br_dev_xmit+0xbc5/0x16a0 [ 186.241239] ================================================================== [ 186.248600] Disabling lock debugging due to kernel taint [ 186.254067] Kernel panic - not syncing: panic_on_warn set ... [ 186.259977] CPU: 0 PID: 11379 Comm: udevd Tainted: G B 5.0.0-rc1+ #7 [ 186.267790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.277147] Call Trace: [ 186.279734] [ 186.281905] dump_stack+0x173/0x1d0 [ 186.285561] panic+0x3d1/0xb01 [ 186.288831] kmsan_report+0x293/0x2a0 [ 186.292665] __msan_warning+0x82/0xf0 [ 186.296495] br_mdb_ip_get+0x52b/0x740 [ 186.300424] ? br_multicast_new_group+0x5e/0x1640 [ 186.305296] br_multicast_new_group+0xa7/0x1640 [ 186.309983] ? csum_partial+0x423/0x4c0 [ 186.314032] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.319250] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.324476] br_multicast_add_group+0x242/0xf00 [ 186.329184] ? ip_mc_check_igmp+0xe3b/0x1680 [ 186.333635] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.338855] br_multicast_rcv+0x3a88/0x6560 [ 186.343192] ? smp_apic_timer_interrupt+0x48/0x70 [ 186.348145] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.353372] br_dev_xmit+0xbc5/0x16a0 [ 186.357220] ? br_net_exit+0x230/0x230 [ 186.361132] dev_hard_start_xmit+0x604/0xc40 [ 186.365602] __dev_queue_xmit+0x2e48/0x3b80 [ 186.369945] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.375194] dev_queue_xmit+0x4b/0x60 [ 186.379041] ip_finish_output2+0x156d/0x1820 [ 186.383502] ip_finish_output+0xd2b/0xfd0 [ 186.387691] ip_output+0x53f/0x610 [ 186.391278] ? ip_mc_finish_output+0x3b0/0x3b0 [ 186.395875] ? ip_finish_output+0xfd0/0xfd0 [ 186.400213] ip_local_out+0x164/0x1d0 [ 186.404070] igmp_ifc_timer_expire+0x12cb/0x1aa0 [ 186.408883] call_timer_fn+0x285/0x600 [ 186.412804] ? igmp_gq_timer_expire+0xe0/0xe0 [ 186.417357] __run_timers+0xdb4/0x11d0 [ 186.421265] ? igmp_gq_timer_expire+0xe0/0xe0 [ 186.425797] ? timers_dead_cpu+0xa50/0xa50 [ 186.430080] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.435284] ? timers_dead_cpu+0xa50/0xa50 [ 186.439532] run_timer_softirq+0x2e/0x50 [ 186.443624] __do_softirq+0x53f/0x93a [ 186.447466] irq_exit+0x214/0x250 [ 186.450940] exiting_irq+0xe/0x10 [ 186.454409] smp_apic_timer_interrupt+0x48/0x70 [ 186.459096] apic_timer_interrupt+0x2e/0x40 [ 186.463420] [ 186.465671] RIP: 0010:__msan_chain_origin+0x93/0xe0 [ 186.470695] Code: 89 f7 e8 f0 e0 ff ff 89 c3 65 ff 0c 25 04 90 03 00 65 8b 04 25 04 90 03 00 85 c0 75 30 e8 f5 a2 3f ff 4c 89 7d d0 ff 75 d0 9d <65> 48 8b 04 25 28 00 00 00 48 3b 45 e0 75 0d 89 d8 48 83 c4 18 5b [ 186.489604] RSP: 0018:ffff8880a53cf6f0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 186.497339] RAX: 0000000000000000 RBX: 00000000a06000af RCX: c7641d3373f0d000 [ 186.504640] RDX: 0000000000000003 RSI: 0000000000480020 RDI: 0000000085c0000c [ 186.511922] RBP: ffff8880a53cf720 R08: 0000000000000003 R09: ffff8880a53cf4ac [ 186.519201] R10: ffffffff8ae01788 R11: 0000000000000000 R12: ffff8880a53cfcd0 [ 186.526479] R13: ffff8880a53cfcc8 R14: 0000000085c0000c R15: 0000000000000246 [ 186.533782] ? __entry_text_end+0x7/0x7 [ 186.537797] step_into+0x70c/0x1b90 [ 186.541470] ? nf_tables_getobj+0xbec/0x12d0 [ 186.545902] walk_component+0x1d0/0xba0 [ 186.549919] link_path_walk+0xa9e/0x2160 [ 186.554052] path_openat+0x30e/0x6b90 [ 186.557923] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.563182] ? kmsan_get_shadow_origin_ptr+0x60/0x440 [ 186.568400] do_filp_open+0x2b8/0x710 [ 186.572267] do_sys_open+0x642/0xa30 [ 186.576048] __se_sys_open+0xad/0xc0 [ 186.579817] __x64_sys_open+0x4a/0x70 [ 186.583632] do_syscall_64+0xbc/0xf0 [ 186.587389] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 186.592626] RIP: 0033:0x7f4526cc5120 [ 186.596360] Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24 [ 186.615284] RSP: 002b:00007ffdb010be48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 186.623002] RAX: ffffffffffffffda RBX: 0000000000ee2fd0 RCX: 00007f4526cc5120 [ 186.630312] RDX: 00000000000001b6 RSI: 0000000000080000 RDI: 00007ffdb010bf20 [ 186.638115] RBP: 00007ffdb010bec0 R08: 0000000000000008 R09: 0000000000000001 [ 186.645398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 186.652673] R13: 000000000041f57a R14: 0000000000ed3250 R15: 000000000000000b [ 186.660940] Kernel Offset: disabled [ 186.664570] Rebooting in 86400 seconds..