[ 59.167049] audit: type=1800 audit(1539257411.202:27): pid=6024 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 60.728810] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 61.601656] random: sshd: uninitialized urandom read (32 bytes read) [ 62.092600] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 64.754530] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts. [ 70.508104] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 11:30:24 fuzzer started [ 75.333921] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/11 11:30:29 dialing manager at 10.128.0.26:39089 2018/10/11 11:30:29 syscalls: 1 2018/10/11 11:30:29 code coverage: enabled 2018/10/11 11:30:29 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 11:30:29 setuid sandbox: enabled 2018/10/11 11:30:29 namespace sandbox: enabled 2018/10/11 11:30:29 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 11:30:29 fault injection: enabled 2018/10/11 11:30:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 11:30:29 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 11:30:29 net device setup: enabled [ 80.979647] random: crng init done 11:32:39 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = semget$private(0x0, 0x7, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) semtimedop(r1, &(0x7f0000000000)=[{0x0, 0x7fffffff}], 0x1, &(0x7f00000000c0)={0x0, r2+10000000}) semop(r1, &(0x7f0000000240)=[{0x0, 0x7fff}], 0x1) [ 208.002586] IPVS: ftp: loaded support on port[0] = 21 [ 209.585667] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.592258] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.600970] device bridge_slave_0 entered promiscuous mode [ 209.750011] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.756645] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.765427] device bridge_slave_1 entered promiscuous mode [ 209.912768] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.059410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.517259] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.667891] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.955488] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.962663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.422805] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.431207] team0: Port device team_slave_0 added 11:32:43 executing program 1: r0 = getpgrp(0xffffffffffffffff) capget(&(0x7f0000000000)={0x20071026, r0}, &(0x7f0000000080)) [ 211.639634] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.648226] team0: Port device team_slave_1 added [ 211.904109] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.054626] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.062122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.071175] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.393710] IPVS: ftp: loaded support on port[0] = 21 [ 212.396903] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.406639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.415690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.626880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.634705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.644116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.617775] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.624394] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.633267] device bridge_slave_0 entered promiscuous mode [ 214.927877] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.934476] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.943473] device bridge_slave_1 entered promiscuous mode [ 215.145438] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.357165] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 215.526885] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.533467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.540470] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.547101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.556530] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 215.982212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.140984] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.346528] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.557296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 216.564548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 216.816126] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 216.823506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:32:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x0, 0x0) ustat(0x0, &(0x7f00000002c0)) [ 217.441556] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 217.450108] team0: Port device team_slave_0 added [ 217.774705] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 217.782967] team0: Port device team_slave_1 added [ 218.103203] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.110292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.119547] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.437962] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 218.445254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.454591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.646091] IPVS: ftp: loaded support on port[0] = 21 [ 218.812322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 218.820021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.829318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.156712] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.164480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.173826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.444648] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.451117] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.460784] device bridge_slave_0 entered promiscuous mode [ 221.694980] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.701466] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.710213] device bridge_slave_1 entered promiscuous mode [ 222.000567] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 222.276273] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.282862] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.289855] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.296530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.305973] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 222.369772] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 223.132262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.268240] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 223.646724] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 223.949966] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 223.957251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 224.242673] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 224.249784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.046895] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 225.056188] team0: Port device team_slave_0 added [ 225.372336] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.380698] team0: Port device team_slave_1 added [ 225.617017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.624302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.633631] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 11:32:58 executing program 3: msgrcv(0x0, &(0x7f0000000280)={0x0, ""/4096}, 0x1008, 0x0, 0x0) [ 226.001120] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 226.008382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 226.017613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.348065] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.355833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.365262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.736650] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.744515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.753895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.604771] IPVS: ftp: loaded support on port[0] = 21 [ 228.457016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.842932] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 231.030612] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.037195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.044303] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.050809] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.060261] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 231.075623] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.082218] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.090754] device bridge_slave_0 entered promiscuous mode [ 231.212832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 231.272597] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 231.279547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 231.287864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 231.514124] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.520592] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.529429] device bridge_slave_1 entered promiscuous mode [ 231.877655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 232.314950] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 232.844012] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.137150] ip (6643) used greatest stack depth: 53056 bytes left [ 233.444928] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 233.887856] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 234.318794] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 234.325980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 234.680867] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 234.688209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 235.842555] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.850814] team0: Port device team_slave_0 added [ 236.212287] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.220641] team0: Port device team_slave_1 added [ 236.635693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 236.642998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 236.651950] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.922566] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 236.929677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.938852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 11:33:09 executing program 4: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4) [ 237.343726] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.351448] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.361046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.379801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.736487] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 237.744286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.753621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.999989] IPVS: ftp: loaded support on port[0] = 21 [ 239.083898] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.739758] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.746341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.754734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 242.547528] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.823382] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.829897] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.837012] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.843561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.852206] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 243.350715] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.357314] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.366134] device bridge_slave_0 entered promiscuous mode 11:33:15 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000080)}, 0x0) [ 243.828197] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.834799] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.843506] device bridge_slave_1 entered promiscuous mode [ 243.899222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 11:33:16 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x14280, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000240)=0xffffffffffffffff, 0x4) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa347991907000000000000005e44573eef5fd0f423a5cfb386e4cc997c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e682e3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000e70da2fbe1595f24f3f202ebcb7774bb5dc9a4bdcc24ef5fe2d20b0012352c8536e5f07e7ccc9b973570123f8abef5118b2488a804b6fe27f839d17fa637636c6ba3b2b4fbfdd348f276c71576fbf514d52f72b29e83f07da15ec5da20d84d47907ca11c3c4944207ddcd90bcd238ab5391ebc7bee5562864794fa504ce1cc4eb26ff2040ef99dd2d4d29fd96ce9822c323db0cc4078f7d4de83e5bfc6b2f2543407f1bc4531acf7") r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000480)='fou\x00') sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x3c, r3, 0x108, 0x70bd25, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e22}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_TYPE={0x8, 0x4, 0x3}, @FOU_ATTR_TYPE={0x8, 0x4, 0x2}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x7f}]}, 0x3c}}, 0x8004) pread64(r2, &(0x7f0000000080), 0x0, 0x0) getdents64(r1, &(0x7f00000000c0)=""/227, 0x18) getdents64(r1, &(0x7f00000001c0)=""/100, 0x5b) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000440)) getdents64(r1, &(0x7f0000000580)=""/44, 0x2c) chroot(&(0x7f0000000080)='./file0\x00') [ 244.336911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 244.688371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 11:33:16 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0xfe41) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000200)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28) recvmmsg(r0, &(0x7f0000004bc0)=[{{&(0x7f0000004940)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000004a80), 0x0, &(0x7f0000004ac0)=""/197, 0xc5}}], 0x1300, 0x0, &(0x7f0000004dc0)={0x77359400}) r1 = gettid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x8800, 0x136) write$P9_RREADDIR(r3, &(0x7f0000000240)={0x103, 0x29, 0x2, {0x5, [{{0x53, 0x0, 0x5}, 0x100000001, 0x1, 0x7, './file0'}, {{0x4, 0x4, 0x3}, 0x100, 0x6, 0x7, './file0'}, {{0x8, 0x1, 0x8}, 0x80000000, 0x80000001, 0x7, './file0'}, {{0x0, 0x0, 0x2}, 0x20, 0x3, 0x7, './file0'}, {{0x20, 0x2, 0x1}, 0x8000, 0x1, 0x7, './file0'}, {{0x0, 0x2, 0x6}, 0xffff, 0x7, 0x7, './file0'}, {{0x0, 0x0, 0x5}, 0x20, 0x40, 0x7, './file0'}, {{0x80, 0x3, 0x8}, 0x5, 0xffffffffffffff39, 0x7, './file0'}]}}, 0x103) tkill(r1, 0x15) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) [ 244.927713] tls_set_device_offload_rx: netdev lo with no TLS offload [ 245.679360] tls_set_device_offload_rx: netdev lo with no TLS offload [ 245.929114] bond0: Enslaving bond_slave_0 as an active interface with an up link 11:33:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x4c, 0x0, &(0x7f0000000180)=[@reply_sg={0x630b, {{0x630c, 0x40406300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f00000000c0)}}}], 0x0, 0x0, &(0x7f0000000500)}) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x1, 0x0) [ 246.204599] binder: 6943:6944 ERROR: BC_REGISTER_LOOPER called without request [ 246.212393] binder: 6943:6944 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER [ 246.220532] binder: 6943:6944 transaction failed 29189/-22, size 0-536870912 line 2855 [ 246.275375] binder: 6943:6944 ERROR: BC_REGISTER_LOOPER called without request [ 246.283125] binder: 6943:6944 ERROR: BC_ENTER_LOOPER called after BC_REGISTER_LOOPER [ 246.291100] binder: 6943:6944 transaction failed 29189/-22, size 0-536870912 line 2855 [ 246.354043] binder: undelivered TRANSACTION_ERROR: 29189 [ 246.359837] binder: undelivered TRANSACTION_ERROR: 29189 [ 246.398545] bond0: Enslaving bond_slave_1 as an active interface with an up link 11:33:18 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = dup(r0) sendto$inet6(r0, &(0x7f0000000080), 0x0, 0x20000007, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet_group_source_req(r1, 0x0, 0x2f, &(0x7f0000000080)={0x80000000, {{0x2, 0x4e24, @loopback}}, {{0x2, 0x4e22, @local}}}, 0x108) setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f00000001c0)=0x9, 0x2) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000007c0)=0x80, 0x4) r2 = open(&(0x7f0000000040)='./bus\x00', 0x80, 0x0) ftruncate(r2, 0x2007ffb) sendfile(r1, r2, &(0x7f0000d83ff8)=0x54, 0x87ff7) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) [ 246.854159] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 246.926999] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 246.934508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 11:33:19 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2, 0x0) write$binfmt_elf32(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="c6"], 0x1) openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x240, 0x0) mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000002, 0x1013, r0, 0x0) ioctl$int_in(r0, 0x800000c0045005, &(0x7f00000004c0)=0x100000035) [ 247.419074] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 247.426477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:33:19 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010800000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23}, 0x1c) listen(r0, 0x800000002) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x36d, 0x400000) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)={0x2, 0x0, [{0xe, 0x0, 0x2, 0x1fca, 0x4, 0x3}, {0x6, 0x16, 0x6, 0x7, 0x3cd, 0x5, 0x9}]}) r3 = dup2(r1, r0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000140), &(0x7f0000000180)=0x8) [ 248.184353] 8021q: adding VLAN 0 to HW filter on device bond0 11:33:20 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f7, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000439c8c05996a721a00"]}) socket$nl_crypto(0x10, 0x3, 0x15) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x101000, 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000040)={0x8001, 0x401, 0x5, 0x88, 0x7, 0x10000, 0x5, 0x200, 0x8, 0x2}) write$P9_RXATTRCREATE(r1, &(0x7f00000000c0)={0x7, 0x21, 0x2}, 0x7) [ 248.721987] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 248.730258] team0: Port device team_slave_0 added [ 249.184548] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 249.193006] team0: Port device team_slave_1 added [ 249.589557] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 249.596945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 249.605859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 249.904057] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 249.911187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 249.920212] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 250.124051] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 250.211942] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 250.219595] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 250.228641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 250.537216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 250.545078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 250.554174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 251.403133] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 251.409545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 251.417542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 252.223468] capability: warning: `syz-executor1' uses deprecated v2 capabilities in a way that may be insecure 11:33:24 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8910, &(0x7f0000000040)=@buf={0x0, &(0x7f00000000c0)}) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000080)=0xfffffe1f, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="0a0775b0d5e383e5b3c06639d476a0bf", 0x10) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netstat\x00') sendfile(r1, r2, &(0x7f0000000000), 0x95c) [ 252.620277] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.859145] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.865762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.872857] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.879347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.888082] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 253.895470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 257.073163] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.934829] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 11:33:30 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') fcntl$notify(r0, 0x402, 0x13) exit(0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x0, r1}) [ 258.724167] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 258.730583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.738701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.431091] 8021q: adding VLAN 0 to HW filter on device team0 [ 261.448603] 8021q: adding VLAN 0 to HW filter on device bond0 [ 262.032877] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 262.631713] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 262.638340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 262.646553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 11:33:35 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000140)="0ffed965df310f0057002e80b68c7200f39066b8003000000f23c80f21f86635040050000f23f8ba4300ed66b98202000066b80058000066ba000000000f300f015ce60f0016f1ff", 0x48}], 0x1, 0x0, &(0x7f0000000040), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 263.197800] 8021q: adding VLAN 0 to HW filter on device team0 [ 263.296764] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 263.343668] ================================================================== [ 263.351116] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 263.358783] CPU: 1 PID: 7405 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #66 [ 263.366006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.375420] Call Trace: [ 263.378063] dump_stack+0x306/0x460 [ 263.381742] ? vmx_set_constant_host_state+0x1778/0x1830 [ 263.387262] kmsan_report+0x1a2/0x2e0 [ 263.391121] __msan_warning+0x7c/0xe0 [ 263.394984] vmx_set_constant_host_state+0x1778/0x1830 [ 263.400323] vmx_create_vcpu+0x3e6f/0x7870 [ 263.404605] ? kmsan_set_origin_inline+0x6b/0x120 [ 263.409501] ? __msan_poison_alloca+0x17a/0x210 [ 263.414247] ? vmx_vm_init+0x340/0x340 [ 263.418187] kvm_arch_vcpu_create+0x25d/0x2f0 [ 263.422744] kvm_vm_ioctl+0x13fd/0x33d0 [ 263.426783] ? __msan_poison_alloca+0x17a/0x210 [ 263.431508] ? do_vfs_ioctl+0x18a/0x2810 [ 263.435622] ? __se_sys_ioctl+0x1da/0x270 [ 263.439817] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 263.444702] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 263.449597] do_vfs_ioctl+0xcf3/0x2810 [ 263.453554] ? security_file_ioctl+0x92/0x200 [ 263.458123] __se_sys_ioctl+0x1da/0x270 [ 263.462167] __x64_sys_ioctl+0x4a/0x70 [ 263.466112] do_syscall_64+0xbe/0x100 [ 263.469977] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.475216] RIP: 0033:0x457519 [ 263.478466] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 263.497434] RSP: 002b:00007f080750bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.505191] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 263.512502] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 263.519934] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 263.527246] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f080750c6d4 [ 263.534552] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff [ 263.541881] [ 263.543547] Local variable description: ----dt@vmx_set_constant_host_state [ 263.550586] Variable was created at: [ 263.554345] vmx_set_constant_host_state+0x2b0/0x1830 [ 263.559603] vmx_create_vcpu+0x3e6f/0x7870 [ 263.563865] ================================================================== [ 263.571260] Disabling lock debugging due to kernel taint [ 263.576741] Kernel panic - not syncing: panic_on_warn set ... [ 263.576741] [ 263.584165] CPU: 1 PID: 7405 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #66 [ 263.592779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.602171] Call Trace: [ 263.604813] dump_stack+0x306/0x460 [ 263.608529] panic+0x54c/0xafa [ 263.611824] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 263.617334] kmsan_report+0x2d3/0x2e0 [ 263.621227] __msan_warning+0x7c/0xe0 [ 263.625094] vmx_set_constant_host_state+0x1778/0x1830 [ 263.630460] vmx_create_vcpu+0x3e6f/0x7870 [ 263.634746] ? kmsan_set_origin_inline+0x6b/0x120 [ 263.639637] ? __msan_poison_alloca+0x17a/0x210 [ 263.644370] ? vmx_vm_init+0x340/0x340 [ 263.648347] kvm_arch_vcpu_create+0x25d/0x2f0 [ 263.652943] kvm_vm_ioctl+0x13fd/0x33d0 [ 263.656980] ? __msan_poison_alloca+0x17a/0x210 [ 263.661710] ? do_vfs_ioctl+0x18a/0x2810 [ 263.665820] ? __se_sys_ioctl+0x1da/0x270 [ 263.670019] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 263.674913] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 263.679807] do_vfs_ioctl+0xcf3/0x2810 [ 263.683769] ? security_file_ioctl+0x92/0x200 [ 263.688324] __se_sys_ioctl+0x1da/0x270 [ 263.692414] __x64_sys_ioctl+0x4a/0x70 [ 263.696356] do_syscall_64+0xbe/0x100 [ 263.700243] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.705475] RIP: 0033:0x457519 [ 263.708720] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 263.727662] RSP: 002b:00007f080750bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.735446] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 263.742756] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 263.750064] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 263.757403] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f080750c6d4 [ 263.764714] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff [ 263.773186] Kernel Offset: disabled [ 263.776844] Rebooting in 86400 seconds..