[ 56.862466] audit: type=1800 audit(1538732579.899:27): pid=5968 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.242486] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 62.860010] random: sshd: uninitialized urandom read (32 bytes read) [ 63.290879] random: sshd: uninitialized urandom read (32 bytes read) [ 65.444703] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. [ 71.558460] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/05 09:43:16 fuzzer started [ 76.110173] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/05 09:43:21 dialing manager at 10.128.0.26:36867 2018/10/05 09:43:21 syscalls: 1 2018/10/05 09:43:21 code coverage: enabled 2018/10/05 09:43:21 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/05 09:43:21 setuid sandbox: enabled 2018/10/05 09:43:21 namespace sandbox: enabled 2018/10/05 09:43:21 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/05 09:43:21 fault injection: enabled 2018/10/05 09:43:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/05 09:43:21 net packed injection: enabled 2018/10/05 09:43:21 net device setup: enabled [ 81.072874] random: crng init done 09:45:26 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) close(r1) [ 204.613037] IPVS: ftp: loaded support on port[0] = 21 [ 206.961142] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.967761] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.976398] device bridge_slave_0 entered promiscuous mode [ 207.119108] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.125636] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.134259] device bridge_slave_1 entered promiscuous mode [ 207.270996] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 207.409030] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 207.838997] bond0: Enslaving bond_slave_0 as an active interface with an up link 09:45:31 executing program 1: r0 = add_key(&(0x7f0000000040)='id_legacy\x00', &(0x7f0000000080)={'syz'}, &(0x7f0000000200)="cf", 0x1, 0xfffffffffffffffe) keyctl$setperm(0x5, r0, 0x0) keyctl$get_security(0x11, r0, &(0x7f0000000280)=""/179, 0xb3) [ 208.007102] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.427553] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 208.434864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.764032] IPVS: ftp: loaded support on port[0] = 21 [ 209.136451] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.145665] team0: Port device team_slave_0 added [ 209.330049] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.338193] team0: Port device team_slave_1 added [ 209.544498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 209.551518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.560725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.720997] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 209.728173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.737247] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.882369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.889951] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.899232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.074034] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.081884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.090846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.862669] ip (6250) used greatest stack depth: 53056 bytes left [ 212.519644] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.526222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.533342] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.539788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.548899] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 212.565492] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.572192] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.580534] device bridge_slave_0 entered promiscuous mode [ 212.793630] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.800100] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.808680] device bridge_slave_1 entered promiscuous mode [ 213.075714] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.366707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 213.462512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 09:45:36 executing program 2: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$keyring(&(0x7f00000007c0)='keyring\x00', &(0x7f0000000800)={'syz'}, 0x0, 0x0, r0) r2 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000080)={'syz'}, 0x0, 0x0, r1) keyctl$link(0x16, 0x0, r2) [ 214.228461] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 214.540374] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 214.628078] IPVS: ftp: loaded support on port[0] = 21 [ 214.927676] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.934790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 215.262575] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 215.269870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 216.141932] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 216.150006] team0: Port device team_slave_0 added [ 216.470526] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 216.478961] team0: Port device team_slave_1 added [ 216.691162] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 216.698330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.707358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 216.935559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 216.942701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 216.951342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.115785] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 217.123692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.133011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.438337] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 217.446218] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.455777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.518263] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.524873] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.533295] device bridge_slave_0 entered promiscuous mode [ 219.861191] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.867838] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.876588] device bridge_slave_1 entered promiscuous mode [ 220.210716] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 220.410936] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 220.655725] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.662290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.669251] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.675841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.684759] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.791871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.219734] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 221.558806] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:45:44 executing program 3: ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=0x9, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000080)=@req3, 0x1c) r0 = signalfd(0xffffffffffffff9c, &(0x7f0000000180)={0x6}, 0x8) fcntl$setpipe(r0, 0x407, 0x3) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dmmidi(&(0x7f0000000280)='/dev/dmmidi#\x00', 0x9, 0x1) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r2, 0x40485404, &(0x7f0000000480)={{0xffffffffffffffff, 0x1, 0x4, 0x1, 0xff}, 0x0, 0xfffffffffffffffc}) epoll_wait(0xffffffffffffffff, &(0x7f00000001c0)=[{}, {}, {}], 0x3, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000440)=0xc) r3 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_setup(0x0, &(0x7f0000000540)) r4 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r4, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x801, 0x0) sendfile(r3, r3, &(0x7f0000000000), 0x2000005) listxattr(&(0x7f0000000380)='./file0\x00', &(0x7f00000013c0)=""/21, 0xfffffea1) fsetxattr$trusted_overlay_redirect(r1, &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file1\x00', 0x8, 0x2) ioctl$LOOP_CLR_FD(r3, 0x4c01) socket(0x0, 0x0, 0x10001) getsockopt$SO_COOKIE(r4, 0x1, 0x39, &(0x7f0000000200), &(0x7f0000000300)=0x8) ioctl$LOOP_SET_FD(r3, 0x4c00, r4) [ 221.936193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 221.943415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.255516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 222.263067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.808979] IPVS: ftp: loaded support on port[0] = 21 [ 223.420342] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.428482] team0: Port device team_slave_0 added [ 223.773285] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.781303] team0: Port device team_slave_1 added [ 224.156110] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.163329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.172193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.521431] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.528660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.537485] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 224.878671] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 224.886358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 224.895412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.257131] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.264873] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.274199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.290683] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.858038] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 228.211068] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.217543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.225689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 228.330915] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.337569] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.346072] device bridge_slave_0 entered promiscuous mode [ 228.674063] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.680553] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.689202] device bridge_slave_1 entered promiscuous mode [ 229.040195] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.046758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.053806] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.060249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.069385] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 229.078956] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 229.394854] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 229.490393] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.782915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.489233] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 230.786600] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.111828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 231.118864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.453900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 231.460930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 232.448417] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.456559] team0: Port device team_slave_0 added 09:45:55 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000640)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, 'port0\x00', 0xa9824f69d1376637, 0x10800a}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000200)={0x2000000021, @time}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc0a85352, &(0x7f0000000180)) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000280)={0x0, @time}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) [ 232.893239] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.901247] team0: Port device team_slave_1 added [ 233.343787] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 233.350845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.359806] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.787754] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 233.794918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 233.803925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.029945] IPVS: ftp: loaded support on port[0] = 21 [ 234.218581] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 234.226405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 234.235405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 234.720222] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 234.727991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 234.736984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 235.885170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.541468] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 09:46:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c00)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000800)=""/65, 0x41}], 0x1, &(0x7f0000000a00)=""/181, 0xb5}}], 0x1, 0x0, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000ac0)={"55c990aa4964e82a3ec457f4c7d69681319b32c4fe546fdaa52a7f1ee7a27d5f71fb895c4bf21bf0301d2a160f646d230ecc224077896302fd1e64ad393ef24145492c44f164e53100dc89f52d25895dcd4320f649fc784145767a5224088c492511d0a5d7bb0c0176706c238dfeee9caae8811bc4d2ec92a4a340c091647ae36123d290d72c375af37957c01aa945bdb6a7a6870069350c7c2ac6b9c032e80d8150ec020000baf9447badcc1908d174e06fd466e64e24e3c892ee42a4b31338ad67030baeffa5bfa701c1e7bfbd8fd016d87018d05ab11f9e813877bd9cdf0884cbaabe09190f95550884f8a1e6510f6bbe96f86859597bf89741aea068e55b938ebee9d9bff58478513c4b72edbf79f75431b54743ab05d3980b30b2127cf13bf94beba0828a4bb1848bc1f862fac00698e4bd2f4bde3bb35107056c4147c0ed8d7d588ba03c37b82ea384d1db706a8b46ee351812ad747d1045540a48b542996812548270c5af5d27ff72920bebd8371348c7f55a953e236ac13fe737a81bd9b61e30a5e9c526cf61862f5a0a90963c73febe3b66ab29f17b6da74b7647bcc4e527356d57fa1fe3f3dffab39df7b353eda6b839decb4484939f4fc0c84bda1c964941ccf4db1ca0d2c152fd356ac66441c8b68755d533b416d9f7999678227c7a69db08e997252dd6a38fc458d93fac9f1f14f49b7ca4a0b0c8b538d2f30c34503a0975506ae9004b3e5c3d2469cf4e03d9b79dc1499647b5b680a02bdc56c18782c48120dee663918288f068c49d85355d114cfe0c5d1405cf5e37b181f296fa7dc9ae116fbe220121fe139739226eefce468f27f5d21ab51ef0e26134c5341cf13799003ceb38d4050c2ba1c9e6decc2d11a8f14a6adadd45e615106b5dd4c07093ba114ac55b4e80d1a3545ab6e8fbf796b908ecc244340fc06e4d4bd6e069b7f0232198ab067a709bcdd4d41500e5dc7032e5993f965d4603033fe61cc523937d7345df42b4f1b62c4daf64f6c29eb2f214b88680bfe19252b67719ccea37d19fe3bfb0c8ad0bd6f4a1df532ec9220269453df5144ff48f63c2ad655b8f20db01b3af95c11f4e7de2bd0a47d47b08b620589a33327bef9ee310505c1736510e88b74281f098099c753d30fcf32f31a0521e32407d689b093f24d07049682ff4662b5b94616699fd704589c0edb02cf3e622088c685564b0c166f9f3cdb12dd8a70684ac6e24570191dda2db2b1965d2397a45060f834405b81fa79204e029b7cd93333dfbef669f3e480fd071f5b87e9fdf984dfe176353ed12ea15484366548336f540a5f1e8b9e19bdeb8d71dce9ecf03d09517bc4bcf7be382176e7e12395ee0f795f76695d0d90eee181d300deb89d7098403ac76309e63f6ca3eede1ce57dcd9de56e24610ed5c470d5540e9f50d068ee8a1431bb3216ae99b18"}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f00000000c0), 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00000000c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 239.253518] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 239.259869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.267792] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.414581] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 239.515482] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.522033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.528938] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.535532] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.543925] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.570804] ================================================================== [ 239.578218] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590 [ 239.584739] CPU: 1 PID: 6864 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63 [ 239.591946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 239.601323] Call Trace: [ 239.604497] dump_stack+0x306/0x460 [ 239.608157] ? loaded_vmcs_init+0x343/0x590 [ 239.612531] kmsan_report+0x1a3/0x2d0 [ 239.616374] __msan_warning+0x7c/0xe0 [ 239.620217] loaded_vmcs_init+0x343/0x590 [ 239.624427] __loaded_vmcs_clear+0x2fb/0x3c0 [ 239.628903] generic_exec_single+0x17b/0x500 [ 239.633353] ? vmx_get_msr_feature+0x180/0x180 [ 239.637977] smp_call_function_single+0x290/0x500 [ 239.642850] ? vmx_get_msr_feature+0x180/0x180 [ 239.647498] vmx_free_vcpu+0x582/0x8a0 [ 239.651420] ? vmx_create_vcpu+0x7920/0x7920 [ 239.655873] kvm_arch_destroy_vm+0x727/0xcd0 [ 239.660318] kvm_put_kvm+0x100b/0x1cf0 [ 239.664259] kvm_vcpu_release+0xad/0x100 [ 239.668344] ? kvm_vcpu_mmap+0x80/0x80 [ 239.672257] __fput+0x4e8/0xda0 [ 239.675593] ____fput+0x37/0x40 [ 239.678898] ? fput+0x3e0/0x3e0 [ 239.682204] task_work_run+0x467/0x500 [ 239.686143] prepare_exit_to_usermode+0x364/0x470 [ 239.691025] syscall_return_slowpath+0x112/0x880 [ 239.695809] ? __close_fd+0x465/0x4c0 [ 239.699660] ? __se_sys_close+0x72/0x140 [ 239.703758] do_syscall_64+0xe4/0x100 [ 239.707595] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 239.712816] RIP: 0033:0x411051 [ 239.716038] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 239.734967] RSP: 002b:0000000000a3fd90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 239.742708] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000411051 [ 239.749997] RDX: 0000000000000000 RSI: 00000000007314a8 RDI: 0000000000000007 [ 239.757292] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 239.764583] R10: 0000000000a3fcb0 R11: 0000000000000293 R12: 0000000000000000 [ 239.771874] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 [ 239.779182] [ 239.780828] Local variable description: ----error.i@loaded_vmcs_init [ 239.787326] Variable was created at: [ 239.791065] loaded_vmcs_init+0x8a/0x590 [ 239.795147] __loaded_vmcs_clear+0x2fb/0x3c0 [ 239.799570] ================================================================== [ 239.806939] Disabling lock debugging due to kernel taint [ 239.812409] Kernel panic - not syncing: panic_on_warn set ... [ 239.812409] [ 239.819827] CPU: 1 PID: 6864 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #63 [ 239.828416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 239.837803] Call Trace: [ 239.840425] dump_stack+0x306/0x460 [ 239.844120] panic+0x54c/0xafa [ 239.847387] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 239.852873] kmsan_report+0x2cd/0x2d0 [ 239.856711] __msan_warning+0x7c/0xe0 [ 239.860553] loaded_vmcs_init+0x343/0x590 [ 239.864746] __loaded_vmcs_clear+0x2fb/0x3c0 [ 239.869195] generic_exec_single+0x17b/0x500 [ 239.873633] ? vmx_get_msr_feature+0x180/0x180 [ 239.878256] smp_call_function_single+0x290/0x500 [ 239.883141] ? vmx_get_msr_feature+0x180/0x180 [ 239.887772] vmx_free_vcpu+0x582/0x8a0 [ 239.891702] ? vmx_create_vcpu+0x7920/0x7920 [ 239.896146] kvm_arch_destroy_vm+0x727/0xcd0 [ 239.900598] kvm_put_kvm+0x100b/0x1cf0 [ 239.904545] kvm_vcpu_release+0xad/0x100 [ 239.908641] ? kvm_vcpu_mmap+0x80/0x80 [ 239.912559] __fput+0x4e8/0xda0 [ 239.915886] ____fput+0x37/0x40 [ 239.919186] ? fput+0x3e0/0x3e0 [ 239.922506] task_work_run+0x467/0x500 [ 239.926466] prepare_exit_to_usermode+0x364/0x470 [ 239.931351] syscall_return_slowpath+0x112/0x880 [ 239.936136] ? __close_fd+0x465/0x4c0 [ 239.940000] ? __se_sys_close+0x72/0x140 [ 239.944098] do_syscall_64+0xe4/0x100 [ 239.947929] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 239.953148] RIP: 0033:0x411051 [ 239.956369] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 239.975292] RSP: 002b:0000000000a3fd90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 239.983031] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000411051 [ 239.990320] RDX: 0000000000000000 RSI: 00000000007314a8 RDI: 0000000000000007 [ 239.997605] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 240.004896] R10: 0000000000a3fcb0 R11: 0000000000000293 R12: 0000000000000000 [ 240.012183] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 [ 240.020514] Kernel Offset: disabled [ 240.024153] Rebooting in 86400 seconds..