[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 64.788305] audit: type=1800 audit(1543464797.832:25): pid=6716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 64.807469] audit: type=1800 audit(1543464797.832:26): pid=6716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 64.827072] audit: type=1800 audit(1543464797.862:27): pid=6716 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. 2018/11/29 04:13:33 fuzzer started 2018/11/29 04:13:38 dialing manager at 10.128.0.26:39003 2018/11/29 04:13:38 syscalls: 1 2018/11/29 04:13:38 code coverage: enabled 2018/11/29 04:13:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/29 04:13:38 setuid sandbox: enabled 2018/11/29 04:13:38 namespace sandbox: enabled 2018/11/29 04:13:38 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/29 04:13:38 fault injection: enabled 2018/11/29 04:13:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/29 04:13:38 net packet injection: enabled 2018/11/29 04:13:38 net device setup: enabled 04:16:50 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="e3", 0x1) syzkaller login: [ 277.923550] IPVS: ftp: loaded support on port[0] = 21 [ 280.293888] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.300406] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.310062] device bridge_slave_0 entered promiscuous mode [ 280.467281] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.473916] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.482954] device bridge_slave_1 entered promiscuous mode [ 280.621907] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 280.760142] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 281.193833] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 281.337877] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:16:54 executing program 1: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000180)=@filename='./file0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x1000, 0x0) getegid() gettid() getuid() creat(&(0x7f0000000240)='./file0\x00', 0x0) [ 281.769467] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 281.776727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 282.330735] IPVS: ftp: loaded support on port[0] = 21 [ 282.378121] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 282.386387] team0: Port device team_slave_0 added [ 282.542701] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 282.550871] team0: Port device team_slave_1 added [ 282.824842] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 282.831973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 282.841354] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 283.116215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 283.123562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 283.132730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 283.410361] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 283.418405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 283.427929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 283.671913] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 283.679706] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 283.689137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 286.096483] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.103194] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.111791] device bridge_slave_0 entered promiscuous mode [ 286.295467] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.301976] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.311379] device bridge_slave_1 entered promiscuous mode [ 286.408504] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.415112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.422347] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.428828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.437891] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 286.574049] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 286.790056] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:16:59 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}}, 0x108) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r1, &(0x7f0000000800)=[{&(0x7f0000000200)=""/142, 0x8e}, {&(0x7f0000000340)=""/216, 0xd8}], 0x2, 0x0) [ 287.133248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 287.616379] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 287.781588] IPVS: ftp: loaded support on port[0] = 21 [ 287.997416] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 288.368440] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 288.375643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 288.675420] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 288.682699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 289.611597] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 289.619887] team0: Port device team_slave_0 added [ 289.900934] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 289.909163] team0: Port device team_slave_1 added [ 290.098367] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 290.107739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 290.116720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 290.528073] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 290.535338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 290.544448] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 290.799100] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 290.806965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 290.816059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 291.035108] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 291.043130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 291.052721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 292.256801] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.263439] bridge0: port 1(bridge_slave_0) entered disabled state [ 292.272470] device bridge_slave_0 entered promiscuous mode [ 292.567802] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.574564] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.583301] device bridge_slave_1 entered promiscuous mode [ 292.905540] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 293.178337] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 294.059693] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 294.207079] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.213685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 294.220639] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.227279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.236377] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 294.333797] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 294.376954] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 294.716374] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 294.723696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 295.045433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 295.052676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:17:08 executing program 3: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKTRACESTART(r0, 0x1274, 0x0) [ 296.057273] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 296.065753] team0: Port device team_slave_0 added [ 296.309177] IPVS: ftp: loaded support on port[0] = 21 [ 296.369823] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 296.378241] team0: Port device team_slave_1 added [ 296.794111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 296.801200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 296.810317] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 297.135329] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 297.142653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 297.151569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 297.483962] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 297.491612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 297.500726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 297.802345] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 297.809998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 297.819254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 298.937539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.313103] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 301.575159] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 301.581584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 301.589822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 301.635344] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.641841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.648929] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.655466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.664813] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 301.925216] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.931704] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.940580] device bridge_slave_0 entered promiscuous mode [ 302.162534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 302.311193] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.317966] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.326627] device bridge_slave_1 entered promiscuous mode [ 302.754843] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 302.822988] 8021q: adding VLAN 0 to HW filter on device team0 [ 303.113208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 304.074988] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 304.393737] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 304.732631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 304.739999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 304.990795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 304.998298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 306.128359] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 306.136735] team0: Port device team_slave_0 added [ 306.461196] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 306.469668] team0: Port device team_slave_1 added 04:17:19 executing program 4: [ 306.844838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 306.852019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 306.861231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 307.274491] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 307.281630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 307.290696] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 307.709582] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 307.717438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 307.726669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 308.040054] IPVS: ftp: loaded support on port[0] = 21 [ 308.091110] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 308.098921] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 308.108171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 308.364697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 309.945269] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 311.592496] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 311.598894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 311.607213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:17:24 executing program 0: 04:17:25 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$VIDIOC_G_PRIORITY(r1, 0x80045643, 0x2) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) sendto$inet(r0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000000)={0x2, 0x8004e20}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000400)=0x10, 0x4) ioctl$RTC_AIE_ON(r1, 0x7001) socket$xdp(0x2c, 0x3, 0x0) memfd_create(&(0x7f0000000040)='ppp0\x00', 0x3) setsockopt(r0, 0x2c, 0x80, &(0x7f0000000100)="f01bdfaae12e4f43748577aace22ff9bf0923aa27c738c0560a65ee6777662365acb3408c296799e51120b059a812c7d919b1c51b092aad14f9650fda7e1ab945dfbcd4572e63bc14098b50e2db8878b141f1b2888e9fe7b406b8464ce1b3a491c63f69e1d0c23253cd1cf9d120ff97b7bb5bb832babffb285c661ae249800153eee822fec80f1f2b7b1b77d830e2534", 0x90) recvmmsg(r0, &(0x7f00000004c0), 0x3543c8, 0x22, 0x0) [ 312.542024] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 312.901867] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.908445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.915509] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.922038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.930688] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 313.023055] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.774766] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 314.818115] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.824797] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.833556] device bridge_slave_0 entered promiscuous mode [ 315.279286] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.286009] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.295239] device bridge_slave_1 entered promiscuous mode [ 315.798944] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 316.243265] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 317.389298] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 317.723505] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 318.139531] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 318.146797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 318.365371] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.508023] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 318.515350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 319.706534] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 319.715015] team0: Port device team_slave_0 added [ 320.008942] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 320.126619] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 320.134962] team0: Port device team_slave_1 added 04:17:33 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x401, 0x80000) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x28021000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)=@deltaction={0x138, 0x31, 0x800, 0x70bd2a, 0x25dfdbfc, {0x0, 0x10000, 0x6f94}, [@TCA_ACT_TAB={0x3c, 0x1, [{0x10, 0x1b, @TCA_ACT_INDEX={0x8, 0x3, 0xbf8}}, {0x18, 0x20, @TCA_ACT_KIND={0x10, 0x1, 'tunnel_key\x00'}}, {0x10, 0xa, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}]}, @TCA_ACT_TAB={0x14, 0x1, [{0x10, 0xb, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}, @TCA_ACT_TAB={0x88, 0x1, [{0x10, 0x7, @TCA_ACT_INDEX={0x8, 0x3, 0x400}}, {0x10, 0x13, @TCA_ACT_KIND={0x8, 0x1, 'xt\x00'}}, {0x10, 0x1a, @TCA_ACT_INDEX={0x8, 0x3, 0x80000000}}, {0x18, 0x4, @TCA_ACT_KIND={0x10, 0x1, 'tunnel_key\x00'}}, {0x14, 0x4, @TCA_ACT_KIND={0xc, 0x1, 'vlan\x00'}}, {0x14, 0xa, @TCA_ACT_KIND={0xc, 0x1, 'gact\x00'}}, {0x14, 0x4, @TCA_ACT_KIND={0xc, 0x1, 'mirred\x00'}}]}, @TCA_ACT_TAB={0x24, 0x1, [{0x10, 0x20, @TCA_ACT_INDEX={0x8, 0x3, 0x100000001}}, {0x10, 0x3, @TCA_ACT_INDEX={0x8, 0x3, 0x8000}}]}, @TCA_ACT_TAB={0x28, 0x1, [{0x10, 0x7, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0x14, 0x20, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x4001}, 0x8000) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x400000, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000280)=0xfffffffffffffffc) getsockopt$sock_int(r0, 0x1, 0x27, &(0x7f00000002c0), &(0x7f0000000300)=0x4) ioctl$VIDIOC_S_FBUF(r0, 0x4030560b, &(0x7f0000000400)={0x8, 0x1, &(0x7f0000000340)="4ad128cb3554dffd20453329ae0bab74169bc1f94fc05bb6ac247e0f5fb6782e99bf43e61928d59e1230e7cb83f748a1d315b6e5b9fbe86c3dbc8fc17674eb6f00027b24e6ca6c5301598ca786b04d9a2b39464989c94246074b41790413e69be9349d919f34f34cf899e2fec2b9753112611d0aee87c7f236cca3049c3a055daf70f6fd8c1af49b1f49580aee", {0x2000000000, 0x9, 0x3031334d, 0x2, 0x3, 0x6a, 0xd, 0x7fffffff}}) read(r0, &(0x7f0000000440)=""/158, 0x9e) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r2, 0x630, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4800) getsockopt$netlink(r0, 0x10e, 0x9, &(0x7f0000000640)=""/161, &(0x7f0000000700)=0xa1) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000780)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)=@getlink={0x30, 0x12, 0x2, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, 0x802, 0x10}, [@IFLA_CARRIER={0x8, 0x21, 0x9f8b}, @IFLA_LINK_NETNSID={0x8, 0x25, 0x200}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) ioctl$VIDIOC_S_AUDOUT(r0, 0x40345632, &(0x7f0000000880)={0x7, "5b7e6b90eb8b6f3370fc2d3be43c6378a0a4c5e486ded3ec4bc2f115a210dc56", 0x2, 0x1}) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000900)='nbd\x00') sendmsg$NBD_CMD_STATUS(r1, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x2c, r4, 0x300, 0x70bd28, 0x25dfdbff, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4000) socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$TIOCEXCL(r1, 0x540c) ioctl$VIDIOC_S_AUDOUT(r0, 0x40345632, &(0x7f0000000a00)={0x93, "68d17cb4ff8844405524e92f215186c343a1a541bf74133800cb65e799c686ff", 0x3, 0x1}) r5 = syz_open_dev$swradio(&(0x7f0000000a40)='/dev/swradio#\x00', 0x0, 0x2) ioctl$KVM_GET_NR_MMU_PAGES(r0, 0xae45, 0x101) bind$vsock_stream(r5, &(0x7f0000000a80)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10) openat$rtc(0xffffffffffffff9c, &(0x7f0000000ac0)='/dev/rtc0\x00', 0x20000, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000b00)={'filter\x00', 0x4}, 0x68) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000b80)) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000c80)={&(0x7f0000000bc0), 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x20, r4, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x40011) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000cc0)={r3, 0x1, 0x6, @broadcast}, 0x10) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r0) ioctl$UI_DEV_DESTROY(r5, 0x5502) prctl$PR_GET_CHILD_SUBREAPER(0x25) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000d00), 0x4) [ 320.559386] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 320.566594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 320.575798] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 321.016588] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 321.023814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 321.032906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 321.415880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 321.423637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 321.432705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 321.611257] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 321.617847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 321.626226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 321.868094] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 321.876263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 321.885316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 321.970601] IPVS: ftp: loaded support on port[0] = 21 04:17:36 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/route\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0xe5c54a7437fdd4a6}, 0x0) preadv(r0, &(0x7f00000017c0), 0x324, 0x400000000000) [ 323.360363] 8021q: adding VLAN 0 to HW filter on device team0 04:17:36 executing program 1: r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) read(r0, &(0x7f0000000100)=""/143, 0x8f) 04:17:37 executing program 1: r0 = socket$inet(0x2, 0x3, 0x19) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@multicast2, @local, 0x0, 0x1, [@rand_addr=0x7]}, 0x14) setsockopt$inet_mreqn(r0, 0x0, 0x100000000000026, &(0x7f0000000200)={@multicast2, @local}, 0xc) 04:17:37 executing program 1: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0xffffffffffffffff, 0x0, &(0x7f0000000980)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000000)="98", 0x0}, 0x18) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89f6, &(0x7f0000000180)={'sit0\x00', @ifru_flags}) 04:17:38 executing program 1: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f00000001c0), 0xfffffef3) vmsplice(r0, &(0x7f0000000040)=[{&(0x7f00000002c0), 0xffffff65}], 0x1, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) 04:17:39 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$inet6(0xa, 0x80002, 0x88) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) setsockopt$inet6_udp_int(r1, 0x11, 0xa, &(0x7f0000000000), 0x4) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) [ 326.650979] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.657718] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.664836] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.671324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.680518] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 326.687368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 328.616265] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.622956] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.631542] device bridge_slave_0 entered promiscuous mode [ 329.026324] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.033099] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.041780] device bridge_slave_1 entered promiscuous mode [ 329.427427] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 329.490226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 329.781461] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 330.825257] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 330.862854] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 331.186996] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 331.567788] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 331.575012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 04:17:44 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x8) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a5c2d023c126285718070") syz_emit_ethernet(0x66, &(0x7f0000000080)={@broadcast, @random="1b207f5c5eeb", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x29, 0x0, @local={0xac, 0x18}, @local}, @gre={{0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x8100}}}}}}, 0x0) [ 331.997244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 332.004608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 332.228188] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 332.234748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 332.242863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 332.902449] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 332.910635] team0: Port device team_slave_0 added [ 333.214889] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 333.223256] team0: Port device team_slave_1 added [ 333.263803] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.429630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 333.436870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 333.445871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 333.658970] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 333.666320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 333.675269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 333.819937] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 333.827949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 333.837089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 333.995193] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 334.003038] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 334.011947] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 336.439270] bridge0: port 2(bridge_slave_1) entered blocking state [ 336.445873] bridge0: port 2(bridge_slave_1) entered forwarding state [ 336.452996] bridge0: port 1(bridge_slave_0) entered blocking state [ 336.459472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 336.468127] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 336.475163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 337.813496] 8021q: adding VLAN 0 to HW filter on device bond0 04:17:51 executing program 3: openat(0xffffffffffffffff, &(0x7f0000000480)='./bus\x00', 0x109000, 0x0) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) dup2(0xffffffffffffffff, r0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) r1 = syz_open_pts(0xffffffffffffffff, 0x101000) dup3(r1, r1, 0x80000) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = dup3(r2, 0xffffffffffffffff, 0x80000) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) r4 = socket$inet6(0xa, 0x400000000001, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x3}) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$vsock_stream(r3, &(0x7f0000000180)={0x28, 0x0, 0x2711}, 0x10) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r5, &(0x7f0000000440)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x40000000000002f, 0x0) open(0x0, 0x141042, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000240)) init_module(&(0x7f0000000300)=':\x00', 0x2, &(0x7f0000000400)='\x00') gettid() [ 338.600009] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 339.121521] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 339.128046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 339.136062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 339.650170] 8021q: adding VLAN 0 to HW filter on device team0 [ 342.707128] 8021q: adding VLAN 0 to HW filter on device bond0 04:17:55 executing program 4: r0 = socket(0x40000000015, 0x805, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x48, 0x0, 0x0) mremap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000014000/0x3000)=nil) ioctl$KVM_RUN(r3, 0xae80, 0x0) 04:17:55 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'syz_tun\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000100fe8000000000000000000000000000aa"], 0x1}}, 0x0) 04:17:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f00000001c0)=0x100000001, 0x4) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) [ 343.087530] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 343.245481] ================================================================== [ 343.252954] BUG: KMSAN: uninit-value in vmx_queue_exception+0x757/0x920 [ 343.259804] CPU: 1 PID: 8418 Comm: syz-executor4 Not tainted 4.20.0-rc3+ #95 [ 343.267019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.276578] Call Trace: [ 343.279281] dump_stack+0x32d/0x480 [ 343.282951] ? vmx_queue_exception+0x757/0x920 [ 343.287606] kmsan_report+0x12c/0x290 [ 343.291466] __msan_warning+0x76/0xc0 [ 343.295324] vmx_queue_exception+0x757/0x920 [ 343.299774] ? vmx_set_rflags+0x5cf/0x790 [ 343.303977] ? vmx_inject_nmi+0x4d0/0x4d0 [ 343.308164] kvm_arch_vcpu_ioctl_run+0x7d81/0x12040 [ 343.314019] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 343.319429] ? update_load_avg+0x12ae/0x1db0 [ 343.323888] ? task_kmsan_context_state+0x51/0x90 [ 343.328765] ? INIT_BOOL+0xc/0x30 [ 343.332336] ? _raw_spin_lock_irqsave+0x320/0x490 [ 343.337655] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 343.343141] ? depot_save_stack+0x398/0x4b0 [ 343.347501] ? __msan_poison_alloca+0x1e0/0x270 [ 343.352212] ? put_pid+0x71/0x410 [ 343.355697] ? kvm_vcpu_ioctl+0x1f85/0x1f90 [ 343.360057] ? put_pid+0x330/0x410 [ 343.363632] ? get_task_pid+0x19d/0x290 [ 343.367647] kvm_vcpu_ioctl+0xfb1/0x1f90 [ 343.371752] ? do_vfs_ioctl+0x184/0x2f70 [ 343.375837] ? __se_sys_ioctl+0x1da/0x270 [ 343.380027] ? kvm_vm_release+0x90/0x90 [ 343.384046] do_vfs_ioctl+0xfbc/0x2f70 [ 343.387994] ? security_file_ioctl+0x92/0x200 [ 343.392544] __se_sys_ioctl+0x1da/0x270 [ 343.396592] __x64_sys_ioctl+0x4a/0x70 [ 343.400514] do_syscall_64+0xcf/0x110 [ 343.404388] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 343.409619] RIP: 0033:0x457569 [ 343.412847] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 343.428854] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 343.431778] RSP: 002b:00007f5017d98c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.445604] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 343.452906] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 343.460198] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 343.467495] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5017d996d4 [ 343.474788] R13: 00000000004c034e R14: 00000000004d0d60 R15: 00000000ffffffff [ 343.482103] [ 343.483752] Uninit was stored to memory at: [ 343.488175] kmsan_internal_chain_origin+0x13d/0x240 [ 343.493303] __msan_chain_origin+0x6d/0xb0 [ 343.497569] kvm_inject_page_fault+0xa60/0xef0 [ 343.502171] nested_vmx_get_vmptr+0x36f/0x3d0 [ 343.506691] handle_vmon+0x5ea/0xe70 [ 343.510432] vmx_handle_exit+0x21bd/0xb980 [ 343.514691] kvm_arch_vcpu_ioctl_run+0xaeee/0x12040 [ 343.519733] kvm_vcpu_ioctl+0xfb1/0x1f90 [ 343.523825] do_vfs_ioctl+0xfbc/0x2f70 [ 343.527739] __se_sys_ioctl+0x1da/0x270 [ 343.531741] __x64_sys_ioctl+0x4a/0x70 [ 343.535655] do_syscall_64+0xcf/0x110 [ 343.539496] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 343.544701] [ 343.546347] Local variable description: ----e@nested_vmx_get_vmptr [ 343.552678] Variable was created at: [ 343.556422] nested_vmx_get_vmptr+0xa5/0x3d0 [ 343.560852] handle_vmon+0x5ea/0xe70 [ 343.564597] ================================================================== [ 343.571977] Disabling lock debugging due to kernel taint [ 343.577444] Kernel panic - not syncing: panic_on_warn set ... [ 343.583371] CPU: 1 PID: 8418 Comm: syz-executor4 Tainted: G B 4.20.0-rc3+ #95 [ 343.591963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.601334] Call Trace: [ 343.603957] dump_stack+0x32d/0x480 [ 343.607641] panic+0x624/0xc08 [ 343.610909] kmsan_report+0x28a/0x290 [ 343.614756] __msan_warning+0x76/0xc0 [ 343.618609] vmx_queue_exception+0x757/0x920 [ 343.623045] ? vmx_set_rflags+0x5cf/0x790 [ 343.627239] ? vmx_inject_nmi+0x4d0/0x4d0 [ 343.631421] kvm_arch_vcpu_ioctl_run+0x7d81/0x12040 [ 343.636623] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 343.642013] ? update_load_avg+0x12ae/0x1db0 [ 343.646460] ? task_kmsan_context_state+0x51/0x90 [ 343.651340] ? INIT_BOOL+0xc/0x30 [ 343.654843] ? _raw_spin_lock_irqsave+0x320/0x490 [ 343.659731] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 343.665233] ? depot_save_stack+0x398/0x4b0 [ 343.669607] ? __msan_poison_alloca+0x1e0/0x270 [ 343.674319] ? put_pid+0x71/0x410 [ 343.677808] ? kvm_vcpu_ioctl+0x1f85/0x1f90 [ 343.682169] ? put_pid+0x330/0x410 [ 343.685745] ? get_task_pid+0x19d/0x290 [ 343.689760] kvm_vcpu_ioctl+0xfb1/0x1f90 [ 343.693869] ? do_vfs_ioctl+0x184/0x2f70 [ 343.697958] ? __se_sys_ioctl+0x1da/0x270 [ 343.702142] ? kvm_vm_release+0x90/0x90 [ 343.706146] do_vfs_ioctl+0xfbc/0x2f70 [ 343.710093] ? security_file_ioctl+0x92/0x200 [ 343.714633] __se_sys_ioctl+0x1da/0x270 [ 343.718653] __x64_sys_ioctl+0x4a/0x70 [ 343.722582] do_syscall_64+0xcf/0x110 [ 343.726421] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 343.731638] RIP: 0033:0x457569 [ 343.734859] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 343.753798] RSP: 002b:00007f5017d98c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.761595] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 343.768891] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 343.776199] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 343.783494] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5017d996d4 [ 343.790794] R13: 00000000004c034e R14: 00000000004d0d60 R15: 00000000ffffffff [ 343.799205] Kernel Offset: disabled [ 343.802852] Rebooting in 86400 seconds..