[ 55.976004] audit: type=1800 audit(1538958550.005:27): pid=5984 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 57.540314] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 59.785764] random: sshd: uninitialized urandom read (32 bytes read) [ 60.224969] random: sshd: uninitialized urandom read (32 bytes read) [ 62.284543] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. [ 68.048588] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 00:29:24 fuzzer started [ 72.665578] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 00:29:28 dialing manager at 10.128.0.26:36867 2018/10/08 00:29:29 syscalls: 1 2018/10/08 00:29:29 code coverage: enabled 2018/10/08 00:29:29 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 00:29:29 setuid sandbox: enabled 2018/10/08 00:29:29 namespace sandbox: enabled 2018/10/08 00:29:29 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 00:29:29 fault injection: enabled 2018/10/08 00:29:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 00:29:29 net packed injection: enabled 2018/10/08 00:29:29 net device setup: enabled [ 77.159598] random: crng init done 00:31:25 executing program 0: prctl$seccomp(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xfffffffffffffff9}]}) set_tid_address(&(0x7f0000000240)) [ 192.001403] IPVS: ftp: loaded support on port[0] = 21 [ 194.301998] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.308499] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.317036] device bridge_slave_0 entered promiscuous mode [ 194.474699] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.481168] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.489682] device bridge_slave_1 entered promiscuous mode [ 194.624669] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 194.760048] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:31:29 executing program 1: close(0xffffffffffffffff) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000000080)={0x9, 0x0, 0x0, 0x1}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f00000000c0)=@generic={0x3}) [ 195.214791] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.352791] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.793382] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 195.800439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.010158] IPVS: ftp: loaded support on port[0] = 21 [ 196.459977] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 196.468163] team0: Port device team_slave_0 added [ 196.671270] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 196.679466] team0: Port device team_slave_1 added [ 196.875513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 196.882765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.891586] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.064288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 197.071349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.080442] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.275846] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 197.283557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.292725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.498508] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 197.506332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.515499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.750744] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.757380] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.765823] device bridge_slave_0 entered promiscuous mode [ 200.065552] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.072189] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.080537] device bridge_slave_1 entered promiscuous mode [ 200.203706] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.210216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.217262] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.223776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.232597] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 200.368784] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 200.564710] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:31:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x5433, 0x0) [ 200.792296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.331603] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.638196] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.748581] IPVS: ftp: loaded support on port[0] = 21 [ 201.925507] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 201.932686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.219081] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 202.226355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.096852] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 203.105045] team0: Port device team_slave_0 added [ 203.332195] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 203.340179] team0: Port device team_slave_1 added [ 203.478574] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 203.485962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.494840] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.756305] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 203.763568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.772609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.133878] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 204.141507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.150705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.476856] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 204.484545] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.493734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 206.519169] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.525726] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.534631] device bridge_slave_0 entered promiscuous mode [ 206.869413] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.876063] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.884627] device bridge_slave_1 entered promiscuous mode [ 207.160044] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 207.458522] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 207.595043] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.601538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.608584] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.615103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.624037] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 208.153172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.239076] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.539703] bond0: Enslaving bond_slave_1 as an active interface with an up link 00:31:42 executing program 3: r0 = socket(0x20000000000000a, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x8}, 0x1c) [ 208.849835] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 208.857030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.210881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.218120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.708519] IPVS: ftp: loaded support on port[0] = 21 [ 210.188842] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.197050] team0: Port device team_slave_0 added [ 210.581372] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.589666] team0: Port device team_slave_1 added [ 210.946518] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.953769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.962761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.286343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.293632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.302654] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.637948] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.645709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.654777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.984182] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.991935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.000873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.051532] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.577621] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 214.977972] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 214.984685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.992719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 215.627977] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.634602] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.643256] device bridge_slave_0 entered promiscuous mode [ 215.719272] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.725827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.732832] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.739278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.748232] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 215.929659] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.936212] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.944636] device bridge_slave_1 entered promiscuous mode [ 216.022025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.354392] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 216.390262] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.684328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 217.648040] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 217.989491] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 218.296246] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 218.303496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.566596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.573791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:31:53 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f00000001c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz1\x00'}) [ 219.812243] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.820199] team0: Port device team_slave_0 added [ 220.253281] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 220.261329] team0: Port device team_slave_1 added [ 220.554366] IPVS: ftp: loaded support on port[0] = 21 [ 220.687662] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 220.699038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 220.707906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.100630] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 221.107992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.116962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.521034] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 221.528831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.537982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.952036] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 221.959639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.968872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.373816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.897302] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 225.643247] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 225.651256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.659170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.700938] kauditd_printk_skb: 3 callbacks suppressed [ 225.700982] audit: type=1326 audit(1538958719.745:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=6872 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 226.202004] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.208495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.215511] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.222051] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.230322] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 226.412626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 226.427390] audit: type=1326 audit(1538958720.475:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=6872 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 00:32:00 executing program 0: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) io_setup(0x3, &(0x7f0000000000)=0x0) io_getevents(r0, 0x1, 0x1, &(0x7f0000d83f60)=[{}], &(0x7f00005cfff0)={0x4000000000001, 0x7}) r1 = memfd_create(&(0x7f0000000180)="0d806c6f314e8786c37a6abc78a280921f3d45e7c4b4cfd607aca0cfa38fe55ad62b29de59a0020000004b44e995a09ccdbd0b977cf47a00da1cd2034e8c619a82c599020539f2453071e2c57b2f177cc5df6a414b354545f7ebfa3d24a3503c7ddb15b356485f031ac38f07937a5b80610a1f2fda", 0x0) io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f00000000c0)}]) [ 227.292382] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.422015] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.428503] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.437015] device bridge_slave_0 entered promiscuous mode 00:32:01 executing program 0: r0 = socket$bt_bnep(0x1f, 0x3, 0x4) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f00000015c0)={r1, r2/1000+30000}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x0, 0x100) ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r3) r5 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0x181f, r4, 0x4) ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f0000001640)={r5}) setsockopt$inet_dccp_buf(r4, 0x21, 0xe, &(0x7f0000001680)="54ce355176884ae8d51568deb11e16e6bf7882950a099870d60cbc7c6b2e53d9b13e5eeba4aea26ee733f6a4787a9fdb6bdda5713ca17f70587972149f785c58512f62884df989019f74305d57d537841622397b3bd1cd3938acab5ce9f9dc62ae6b9edffdfde2aa02ff7936c1c0934968e489ff67b106f373b9f1de294ed0a1f88b1fe2bad900ed0e909c808efac9abb7432fceb71a1191336dd0b8c9b39d9e984254af7a0e29584059eb4dbaa01ebcf4107e5b20873667771e756c75874b35d109f08fdb35f848edb65179c4b00253966465e5bb", 0xd5) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000001580)={0x128, 0x0, &(0x7f0000000440)=[@dead_binder_done={0x40086310, 0x2}, @decrefs, @transaction_sg={0x40486311, {{0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x48, &(0x7f00000001c0), &(0x7f0000000200)=[0x38, 0x40, 0x30, 0x48, 0x30, 0x0, 0x78, 0x38, 0x18]}, 0x87f}}, @request_death={0x400c630e, 0x0, 0x2}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000280)=[@fd={0x66642a85, 0x0, r3, 0x0, 0x1}, @fda={0x66646185, 0x1, 0x1, 0x1d}, @flat={0x77622a85, 0x10a, r5, 0x1}], &(0x7f0000000300)=[0x38, 0x0, 0x38]}, 0x3a7c}}, @acquire, @increfs_done={0x40106308, r6, 0x4}, @exit_looper, @release, @reply={0x40406301, {0x2, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x28, 0x18, &(0x7f00000003c0)=[@ptr={0x70742a85, 0x1, &(0x7f0000000380), 0x1, 0x1, 0x9}], &(0x7f0000000400)=[0x0, 0x0, 0x48]}}], 0x1000, 0x0, &(0x7f0000000580)="4f10eeb66d4b25b311f9153ac4e72342bad03d05a8d89cf043f25a13f16d930fad1118c651d6056adac0ef3df552e77be82a27b6d4775259144148e0392a41527c88ec042c346ae27f866473b9e76f05b970ae4e797494ce8b8aef612f6da2b6cf71ac4f272f34c8def4546ba006e4e62c47ecbca1bafecd7c006683f24b2cf738c3b6bb20f82e7bdc80c1f6ef99871a23fd32f0ecf557c263f32feef33a939892c6a41d684eb27b1286602746df30e915cafb5e8aa82abf6bcd23664e0824ab07805e728db5cef6e7ee68744ec11c2650bbeceb16e839ca68921dcf51a9802b06b4952c36ac89c96f311c081ae7c2e87722abc1168ddb9915ac653554c9965508bee19a888bd55b0da5dea5d2de4345a16c7de86baad1aa0f68862ec3b32e302038df2fed9c8a6bd58549982df4f9a2eec8db409c7af555d9d8d4ffe2495f4d47babf13f69e3620b3fa193cca44a72b86637ba5313595ad99653b11d4f19cdb477fd5353c3a17501875950d93941d645b1b387fc5599570f30860d762a619045f99932c9921aea39ac20ad577c17a7bd384de57bc7f372a2f79c6bb98f97e071a845704576b7e3005197f242d68161b0a55960e4d1c15e3cc408b2763fcb1cbbab31a42df8c8b5876a0dc35f97503322269613b6b408a39785808d8ebf4afa583204217b6ed519238e5ca3849d64440688242bda9e84a8b964b2c578e3c959424faba837e6d3ebac78db183b2776e4c42863f2bf18042a8228f4f43a84b95c9d897914d0b2060b97ae768fdb2261d0fd3e4eb1d72423751944976d2ea89bde3e14abc81e1675eaea0188bbe2291c1221640e0b04f68d7061de4a170fdc814f73b741ae8f056e8a6a6afa0fff8f73357ab84857e0dd82a5a437289877b26a4cb7674e18a56cbc36f31e345562a4922022e865068a4ec7bc2e4e2a343ffb814f704c0890a8b2761b6b193ec80a307ff3877c8d2d178ec390abbf57baf92cf1ee68cb6a4bd3d81e5f4d820ab2b2d47e3dd13a770bcfdde5a0859dc24ce81266d3bf5d82482339abb66b93a4ff771720ed2a2b6112f0d0eafb48568d3bd72dc6fd6070c9faa0b5c645c11f6727337be26ab5e1f58442ba82daa88ebf4008cd62276cda0f8cce1c07729978b039d05c571e585c582a83644ebc94c97b6baa6335124c4681121c9fc0ba783b05190baac7135058d0bd20ebc00745a064ddf88b8e6cae1f7db693b25c3e4acfb89744e410eb563b95c8593c201f80e2ddd63b32628538f8ab4731a974400e08d0bb77b74c8929452b57e044b219d4805e2289f89976abced9a4607da0c2ebdfd1f6e88a7e49a5a7f65bb4020d4fb1ceda4c07140e346b74dfe0e0c903c518050030e44af347a01c4356a16d2f2d8fc39f80dd2474c4277a7d409deac82f4cb64b19b90fba240c0d42fe1016bc5eadf80f6e8f1ef792956faba699a8c3fb5ce058c002689f7792b9d1aecc6213f309d9c1ed670e88ae15e796238d1b701a34b6420ed758f0945df2fdb640d6bfaf0829f63ef91b46af506c7dd399587d724ae16d0ff91eb73b9a60626ba0a1488a1f2b008e0cd4f409630c01089404d76c8010c8aff57f60528512023ccea7dcde673fb3f32c0e30ae64df50767a6f47b7ce0772a8f89d036fb387ba827b552e9d849565ff5403957aadc50d396e563f9c2b5d3c405b961acadaa9d9deaaedee129135f6e1d369c9e1f0e7568561128c77baabdec9cb8a5978eca3ccb0ce737ea80c409d77e35e97baaefe34e8b36da4223bc428f2357f5497bc9c70f78f5596f66d76ea8b154a4f3a7004adfbb086222767ecb0099f0f027f1f129cc3355d397faaa4ab51ed04570832fd05b576eab16185148c84c1e53c69d88ce3560172cbf5a7f6f33a214e2caff1d04b20ffec9d1b42ad197d461a0860dab18f6ea47453c5d8c82d443db01c27ac546b031166e70999864233f9ef4fb9fb688053c316df8feb3f60c16d67a6cd3c94aed048c61a76571779844f831c98faccf9e3dac92bec8149632d1c2dbf5fb64499d7123c1f96d889be71aa2b26f5c37e823e252e5d754c802b34cbda02c8da58506d90f72c28e259dd3bc5e445202d96bfafb181321d5a887209fc3e0f927197fb0e6a42b37cb0dcfc052f2fd7c0ffca46153d757778a299f6a2fadef5f0668640d165302882c64f7dc3058383e4e2766051fdbdc5e3e64238c72dad336df3eef37d8c39125174aad59f9ce04bf7248653b7129618413514a569b936a963e455cd7130c99218abe310bc39db6238bd34de5b37ac3b3b03420b988c4dbc9dd076681907787fa0b621883facdd37aee18e0337753569f0e36b63b942828d5591818c1d7f332114363d3e382a5dfbf4c03a4aefa6f86512905d4662af96227d057890933c484b66ddee496c3bc36949c018a04a886ab63ec1e907bb569e3489f1c4871632fc8add96052020a43c3c97daec852f157dd59368964d093a0692b9ff8e0d3a0f0948f014dd317aa70fadc31a3c1a666398d0380226cc4018c4aa85960d03a47b7d11a2c5eeda42391599d0aa3064ebcf5342b9b8cd21413ccf6584dc38fbc1648a35808fb50bf44177262011b0afc1f10ae12e921222c8ee349aeae5696f1724c6c854055e06dae91dde5600654d5cd6c7c00f9f866e25f68915d24d5b308ed169c3a327c35baa979ebccbb06d499d6640e81a5551836533f3d57aabf7337a2236a6ef056fe0259e7efc65d284d79d803b38d90b29675f86570dedd50b5b4acc3403a7cfb9da9c8cb8070d3e84d74507901e142efb32772c47eb15ae2b2bc1b16f745fc5142d019a96582ff282284a2d028c760cf6c68d985b09692c79bcddf52fe42caae22a9c8c569f9d76f961d8033ae5ca3987fa4d98566f5407b4033c92733fb8c1b0a8667b4fba6df4183b28c2c8f25e22f113a62c4bee74290aae05d2fb7c251385f8f73581ef931b9bd8bd42a697901901cf0832511997b80ccf1a04a47791fb8e2741e8c5f59ab53b8eac8c9c3f6aee0c0101a9df0e44ec4146b28cff4a865f0d5963b98a6df848bdad2e4ca74db9e5508a8957dafca0bab3ead5c688a26cc53af110557ffb09f10fae56103a87dbf3aad9a96c37e2d0bba00608672243d4cc2bd5a13af88fbb22a35692e6f77f06f9cb4266da3945d783969ddebd7740c445a73adf5453f6dc93a162a1072b6057bb28cd6f8427ebe9a17e9f978d5e26b2a34b3ef0db844fc9a3775953c65a427489f154da22bed3a506078cae204e91b3b882e4360101a02f6cb80e8b9758b1f1a1d97bff04afd9ac327b2e6e255da698635321c7d258d3b950be29b373a88ed4cb508f32fdc83bef1128c5e7b68ba6bc6d4a7c6617e01433c3d26322a2e4ec79c8b7de3006834b8ba7c8dffa19ae4f0549c84e4a1743bfb875412d0605cfb90343805e96332f1f3a21447f11b87237dd7ef154cc007dfb1e616a75dbd0a7a7447ee7f3ef54e06ae0636016c32cd88e9d3a0a85b2b74a8df33608fcdcd02731d36b3a41dc2a50cadd165332380cba9a96ca5575e9f597050644cd23f42fa5919625c91c6ed329de92c3d72b84d7ae1a65b7ab5e5bde808dce7e891c2fc2b63721dc0aaac547d97214d50eb22597da02022e549dd18229bc0229dd5c943e3e62b0aeeb0a008dfc174e5a9889bffb0ba87715cedb16955ccfcc2e6ab55b70a1c3b39f29d0ba12ebc200331d8c2ee357d539b6f5fd1b999d55b2d88300d9129c55d034679804cc77442be7d71f0595d29dae3a612e597fc0f13f93d2e1a2b30bfc62066d7e6a85f5c7d8b32357000181f4cc894c77941812b23ad609f1c1c8500240df4df9871d1a05b31b20747a80484992c29639eca54a8b201be21ca36f5c337c993b0c3f91c58f7a347cbb79dc2aad80e0c4ae0b568849138ab3817eef5a747fe754decdc4f247cfba3f92ea8cc20256d116e971eede33cf92723d3bbf6f8a1e108144ca93c161397e84817342168b034db1abe5bdc794a4b83b91a91d06d10bdd70bb781ad8013f98b7bc0a1b7ef2a867e9ca5e6474d8baffbd3980db5b5363afd32e6f3e8146714acdf242b99754770ece2abc4e52a565879c71528935dc5f3b0bd02fca6d325bca65212127a4400e63189da9066ca6b0d3e652a66e57d44f77b66032f9496d33bac24116f069a45fb5282550b369bf2896ece6caa88056c02d188f655c5401d3539be1b85d6f0c7f9b4ba41177314dd9958e43175f6cc2025aa0d6407ff0c622e8fbdc2641ae618d44d7752373417df4cb6182c149852df1114f5ad12a75c26a6809d539f11727e3614c10df3bc000a92a201b63822406814ed4f63e5259be973fb9455a144dfcb41896440c0521b4a7326b51619a83f9f63d9f9dc63688a4aaf7fa639e53b7adab51536ab10f2fde560cccbbdbbfbd15187184589d8833179c921b42012ef5c11b0efe3f0cefbc4fc4fa56edb4f8f0c93071a9936295b0777a6439b2092c8b480ab3c8ed5249867f6c3916f95f6f8a64fee96d292ba52dbaf1496da65db216ceea0e42cd059fb9059b9e701dc1c8c41d338995e2483c8569f236230bda227dca1dc61a241902b216da5654750444a34f30d733507088bb5d35a0a493e8f9fd0b0c6388fa460171306a05da9e9f324e1077eac331fb293b2a3128126184434e41b74d88d372f3eca0986459cbad99f367f7216ad33de941832bd9ae9aabbbdbc6d92778b1ab78ed89da794c5cb4b657ca85ef24c5e5c1849bf923fde53d8c4814dabaebaaf45e7f9c3f6e896942f8d83784f020112fa356ef8895afa748adc203e63f5af6477bbc02ba1ecf46f170b903d1ac43b8c2ce40e5ce498bca3fdb83f416f22d9f413a3a553fa605d2df100d97258b6f40f83a5ac61813e52114ce5232cce8b3bb8d907dd8aabe72ee81b9057a7ecd2cb1fb86e63a405990b2d7591d3b1c01a44220aae1eae18eb775851ffedd05299649fe86451de14f87859ca894a1a25974dc66ed3f6c311bf35af240de3c72b2d3bbf39f6eb4fb2c46f19ef8d69dd5901013f554e863b11e0edd1a14aa1e7ecfccfe3fd705cff4345612190c9672f342d57c4a6f371b18aa2cc5fa088dde1189fdb931ac4f1062d65572ae6327d51f6d545849274f89575aa6cf3eb2aa49262a15ccd56a20e9f43943c36a5a10cb98c1110f5cffb40019b8a113396cb44352bb258958913a43326354296b4f6d6d2c77f05fbde482e82829aaed54b3c57a31b68ff3d5c9ded55d2a19a43686bda8e878e620402808b0c2d4dfc0d0c1e37aa441315143c0b81a6ac5f0841d777a20796cfc3991a7d6ab24973755bbc8225dbcc59516e7e1125c5f2b40b09210580980de16f88374f5a146f838d6e5271d939b0f829071849820a59ec2510d091fb83ac57fd95bbca50a536b4a08ba53160a276b7258507aceda99e429e8ff97eec7e498f3e5f0f1edd01658a95a56cc4bd74a36a35604f5cc6cbbcd3e15bfe7138a31aa8443baa2dcb9164d74e4a4ec739fcfd2af5f71845170a169cc3b127d045186aefd98c0b20ab95e5df4e15d6dc217fd03944ee89e72dfd9c8434ccf05338d7acb7cd102361b04cc7ec008dfb319f34c413dd61132707c0c160ed879acc890351d51745245661e43e6935c9d1ebe42a9189a15d397079146728c186ea2d5c9aa0f3778ccffc362293a1cf1f4c67b4bcccd25bf07e29d94f4b06167213fbc495fea54d64112464202550e1fd09fa77d84f01f1f22ee4b1db52c295da53759da7c4ecb1030ff6d42ef288d440a12738e7567777b5031e6e553e"}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000140), 0x111, 0x2}}, 0x20) sendmsg$nl_route(r3, &(0x7f00000000c0)={&(0x7f0000000100), 0xc, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000010000b0ff30000000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000677265000c0702005c000a003f000000"], 0x38}}, 0x0) [ 227.747539] netlink: 24 bytes leftover after parsing attributes in process `syz-executor0'. 00:32:02 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x8001000000002c) r1 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x0, 0xe0380) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f0000000180)={{0x6, 0xfffffffffffff892}, 'port0\x00', 0xca, 0x1, 0x5, 0x2, 0x4, 0x2, 0xc016, 0x0, 0x6, 0x9a}) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x2, 0x0, @mcast1, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)}], 0x1, &(0x7f0000000200)}, 0x0) [ 227.984907] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.991387] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.999977] device bridge_slave_1 entered promiscuous mode 00:32:02 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x4000, 0x0) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/exec\x00', 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x240, 0x0) setsockopt$inet_buf(r1, 0x0, 0x60, &(0x7f0000000040), 0xfffffde2) [ 228.481518] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 00:32:02 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='vegas\x00', 0x6) rt_sigtimedwait(&(0x7f00000002c0)={0xffffffff}, &(0x7f0000000100), 0xffffffffffffffff, 0xfffffffffffffcc4) [ 228.906079] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:32:03 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x88) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000feb000)=0xa90d, 0x4) recvfrom$inet6(r0, &(0x7f0000fbef6d)=""/185, 0xb9, 0x1000022, 0x0, 0x0) bind$inet6(r0, &(0x7f00008a8000)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x8000000000000802, 0x88) sendto$inet6(r1, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x4e1d, 0x0, @empty, 0x1000000000000000}, 0x1c) sendmsg$inet_sctp(r1, &(0x7f0000a29000)={&(0x7f00005dafe4)=@in6={0xa, 0x4e23, 0x0, @mcast2}, 0x1c, &(0x7f0000fc8000)}, 0x8000) sendto$inet6(r1, &(0x7f0000b0cf6e), 0xffed, 0x0, &(0x7f000001b000), 0x1c) 00:32:03 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a}) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x0, 0x0) [ 230.139699] bond0: Enslaving bond_slave_0 as an active interface with an up link 00:32:04 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a}) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x0, 0x0) [ 230.632691] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.042024] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 231.049086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.378205] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 231.385420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 232.094168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.300036] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.308093] team0: Port device team_slave_0 added [ 232.574960] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.583092] team0: Port device team_slave_1 added [ 232.866439] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.873753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.882627] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.068536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 233.075884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 233.084614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.137874] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.390317] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 233.398981] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.408002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 233.740496] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 233.748287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.757287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.180979] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.187472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.195437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:32:09 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040), 0xfb01cbdd028b9044) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000080), 0x10) r1 = socket$inet6(0xa, 0x80003, 0x7) accept(r0, &(0x7f0000000140)=@ipx, &(0x7f00000001c0)=0x80) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000002c0)=[@in={0x2, 0x0, @broadcast}], 0x10) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") [ 235.286123] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.145838] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.152396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.159307] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.165865] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.174412] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.181004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.451209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.207358] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.961222] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.967741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.975633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:32:15 executing program 2: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) ioctl$KVM_SET_CPUID(r0, 0x551f, &(0x7f0000000040)=ANY=[]) [ 241.799996] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.870669] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.250366] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.588066] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.594486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.603050] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:32:19 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="2e22db340782e78d43e3d9eae9bb4e406d31ce597682726ff46008f99df753d6ea944451", 0x24) [ 246.031063] 8021q: adding VLAN 0 to HW filter on device team0 00:32:22 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="2e22db34", 0x4) 00:32:22 executing program 0: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x10000000141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)="0002000000b1b25073a71677efa27e5d2e11501d301a1d34238070dacd77392243e6278b6e17c700d6bb9af67285d03c282f387fe91778c4ee4d37c395256f0f83aef527b3ce57316a6a5ffa33105a4104dd169de3e7f969dce8") r2 = openat$cgroup_ro(r1, &(0x7f00000001c0)="6d656d0001792e737761532e63757272656e7400", 0x0, 0x0) preadv(r2, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1, 0x20000ffe) 00:32:22 executing program 5: timer_create(0x5, &(0x7f0000000000)={0x0, 0x1e}, &(0x7f0000000040)=0x0) timer_gettime(r0, &(0x7f0000000080)) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x8000, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000100)={0x1, 0x1e, 0x0, 0xff, "2bddc792916b74cf8ca47c7bae1721e5216562e88b0e94973729870dba18957e"}) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000140)={0x0, 0x0}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000180)={0x0, 0x80000, r1}) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f00000001c0)={r2, r3, 0x3}) r4 = getpgrp(0xffffffffffffffff) fcntl$setown(r1, 0x8, r4) fchmod(r1, 0xc) ioctl$RNDCLEARPOOL(r1, 0x5206, &(0x7f0000000200)=0x1ff) write$P9_RXATTRWALK(r1, &(0x7f0000000240)={0xf, 0x1f, 0x1, 0xffff}, 0xf) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000280)={[{0x80, 0x80, 0x2000000000000, 0x9939, 0x100000001, 0x2, 0x80000000, 0x5, 0x6, 0x911, 0x6, 0x1}, {0x10000000200000, 0x800, 0x7, 0x9, 0x8001, 0x8, 0xb4fe, 0x2c3e, 0x81, 0x7, 0x3, 0x7, 0x80000001}, {0x2, 0x400, 0x9f, 0x2, 0x91, 0x4, 0x8001, 0x10000, 0xef52, 0x1000, 0x200, 0x3d11, 0x7071c10}], 0x2fa0}) r5 = creat(&(0x7f0000000300)='./file0\x00', 0x82) r6 = syz_open_dev$adsp(&(0x7f0000000340)='/dev/adsp#\x00', 0x20, 0x8000) ioctl$BLKFLSBUF(r1, 0x1261, &(0x7f0000000380)=0x4) clock_gettime(0x0, &(0x7f0000000400)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) futimesat(r6, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000480)={{r7, r8/1000+10000}, {r9, r10/1000+10000}}) ioctl$sock_bt_bnep_BNEPCONNADD(r6, 0x400442c8, &(0x7f00000004c0)={r5, 0x0, 0x7fff, "acf6dbe9cec8c11ccdb7e41a0e2c5e7079e99e9d39a031d0a1231979179f1312567376a5ea9b41c7fb335134815c4d625683182cc6c951289b7c0a74849f40bea10058af8c07e3df4e11be4da9c7a433867c673d962438c4b86f3f6a7d994b89ac331ee5a22606041d18de6cd8a2e56d99ae48074ae51d2512a3569b89234f718ec3ff2b1f4374f9c63e1026bc90440d908f5a9fac3115222cd930d46e9f57218b382a0b553e3ac527d6c7a6845e504aebe32958add50dd97d8e8e"}) r11 = memfd_create(&(0x7f00000005c0)='/dev/autofs\x00', 0x2) ioctl$NBD_SET_SOCK(r1, 0xab00, r11) write(r5, &(0x7f0000000600)="c92dfc29", 0x4) eventfd(0x7) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) connect$netlink(r1, &(0x7f0000000640)=@kern={0x10, 0x0, 0x0, 0x200}, 0xc) getsockopt$inet6_tcp_int(r6, 0x6, 0x1f, &(0x7f0000000680), &(0x7f00000006c0)=0x4) setsockopt$inet6_dccp_buf(r6, 0x21, 0xf, &(0x7f0000000700)="1d0f602032b8fa2322803db20bfbe07c2c73183ad3d8ec7ed0a46e04c303454e377b70aec6ca00f2c6abdaeb5c6c18a71effea03a69eb4918a6d74923347097e7fc2569ddf30cf6a1b1614d812924aab622a99b1f6ffc1813391f96e2001a7db4030915651ec6dc3da0b7611723f7d6e2711e886425b4f41ff9f8fadc01ceee6dcf0cb5f2d43123c33f5c17c9944ea16e4c34d087d80e2008b25ce38d453fe03d452d7971d6a599745d9b759", 0xac) getsockopt$IPT_SO_GET_INFO(r5, 0x0, 0x40, &(0x7f00000007c0)={'security\x00'}, &(0x7f0000000840)=0x54) ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f00000009c0)={0x6, 0xaf6, &(0x7f0000000880)="981bd899f82986cbb54eb0b48e01f88bf907e2c2f73b9e2575a78996a12ed31acee20d57af2a66faa8a19cdb2c8dad02e374b301c4690b8d937bd34048b5c481c69655f21542319ffde54441f9bfef57793dc90d676830bebfda2f5b9dfe242aae", &(0x7f0000000900)="d42b34d9c3ecb6ce1db5cb12020356122f6ce83a4f20e66f16f7d0e37d71898a7dfd2e8b735e5eeae5775b0ee48915129be6cbf904dcad9bcbd68cae817c0bcec0fe47604e7523a7d4ec23f474851bf7ea574027aa955f0bc9abdc5dc5e028df613c6af01b02dc2b745622c86e25d417401f381c28e7f52e32a68ea908d49db684c878111c3d8a07d3f133f7afb41dd4a06a60c3d8fa2b816522ab0f7ffdd22a86f69222027c7e1a6a7dd3ebac84ff02f2a5ff94a533", 0x61, 0xb6}) 00:32:22 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="0af8e9e25872c1e5e5605c64c4a4482f304fffe00168f39e", 0x18) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000a80)="b6f3fbbda7668a01ae7ea5cfe7f9d2e1b5b184165e522d39117fbb3c99a3ce58ece170fe60c64b425ae16ab8bbc5cb3fb5447007ef17f6e4445bee1a06c6905649fe36a13eed5efb10945c9bd6ce5768e859a341038f9eeba44d3f8a5523babc", 0x60}], 0x1, &(0x7f0000000100)}, 0x0) recvmsg(r1, &(0x7f00000004c0)={&(0x7f0000000400)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000800)=[{&(0x7f0000002ec0)=""/4096, 0x1000}], 0x1, &(0x7f0000000880)=""/78, 0x4e}, 0x0) 00:32:22 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x100, 0xff1f) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet6(r0, &(0x7f0000000140)="0303000007005b0000000000fff55b4202938207d9bb37c81e1bbbed5bcc7cb26111b8301ee616d5c01843000000000053c0f485472da7222a2bb401000000c3b5003500f55dc667b3009b000000faffffff00000000aeb46245004bad2a66c9c19bc6e3408804", 0x67, 0x0, &(0x7f0000000080)={0xa, 0x200800800, 0x1, @mcast2}, 0x1c) 00:32:22 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005", 0x5) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0x8}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x40000000000022d, 0x0, &(0x7f0000001380)={0x77359400}) 00:32:22 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f000001bfc8)={&(0x7f0000000000)={0x10, 0x6c}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 00:32:22 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0xf4, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@loop={'/dev/loop'}, &(0x7f0000000100)='./file0\x00', &(0x7f0000000580)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac1bd722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d0edc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c6914a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa6840200", 0x0, &(0x7f0000000080)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) chroot(&(0x7f0000000280)='./file0\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000100), 0x0) 00:32:22 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xca, &(0x7f0000000180)={{0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, {0xa, 0x0, 0x0, @remote}}, 0x5c) [ 248.596872] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 00:32:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$DRM_IOCTL_FREE_BUFS(0xffffffffffffffff, 0x4010641a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[0xffc]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, &(0x7f0000000100)="66b8e6008ec0400fc71948b85b6de0a1d4eddd610f23c00f21f835000009000f23f866bad00466b8440066ef66baf80cb8883fed84ef66bafc0cb87e220000efc7442400d7000000c744240208000000ff1c24c7442400651a95c6c744240200300000c7442406000000000f011424b9800000c00f3235000800000f30c4027d1e3fb8010000000f01d9", 0x8a}], 0x1, 0x0, &(0x7f00000001c0), 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x0, 0x114000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 248.690744] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 248.787744] ================================================================== [ 248.795184] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 248.801794] CPU: 1 PID: 7547 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63 [ 248.809001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 248.818367] Call Trace: [ 248.821004] dump_stack+0x306/0x460 [ 248.824665] ? _raw_spin_lock_irqsave+0x227/0x340 [ 248.829537] ? vmx_create_vcpu+0x10df/0x7920 [ 248.833995] kmsan_report+0x1a3/0x2d0 [ 248.837830] __msan_warning+0x7c/0xe0 [ 248.841670] vmx_create_vcpu+0x10df/0x7920 [ 248.845946] ? kmsan_set_origin_inline+0x6b/0x120 [ 248.850824] ? __msan_poison_alloca+0x17a/0x210 [ 248.855536] ? vmx_vm_init+0x340/0x340 [ 248.859470] kvm_arch_vcpu_create+0x25d/0x2f0 [ 248.864003] kvm_vm_ioctl+0x13fd/0x33d0 [ 248.868022] ? __msan_poison_alloca+0x17a/0x210 [ 248.872735] ? do_vfs_ioctl+0x18a/0x2810 [ 248.876820] ? __se_sys_ioctl+0x1da/0x270 [ 248.880997] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 248.885904] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 248.890786] do_vfs_ioctl+0xcf3/0x2810 [ 248.894718] ? security_file_ioctl+0x92/0x200 [ 248.899255] __se_sys_ioctl+0x1da/0x270 [ 248.903275] __x64_sys_ioctl+0x4a/0x70 [ 248.907209] do_syscall_64+0xbe/0x100 [ 248.911034] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 248.916234] RIP: 0033:0x457579 [ 248.919452] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 248.938363] RSP: 002b:00007f088ac27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 248.946095] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 248.953371] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 248.960657] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 248.967939] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f088ac286d4 [ 248.975223] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 248.982524] [ 248.984162] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 248.991092] Variable was created at: [ 248.994831] vmx_create_vcpu+0xd5/0x7920 [ 248.998910] kvm_arch_vcpu_create+0x25d/0x2f0 [ 249.003416] ================================================================== [ 249.010782] Disabling lock debugging due to kernel taint [ 249.016236] ================================================================== [ 249.016242] Kernel panic - not syncing: panic_on_warn set ... [ 249.016242] [ 249.016271] CPU: 1 PID: 7547 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #63 [ 249.039572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 249.048948] Call Trace: [ 249.051576] dump_stack+0x306/0x460 [ 249.055262] panic+0x54c/0xafa [ 249.058536] kmsan_report+0x2cd/0x2d0 [ 249.062372] __msan_warning+0x7c/0xe0 [ 249.066218] vmx_create_vcpu+0x10df/0x7920 [ 249.070478] ? kmsan_set_origin_inline+0x6b/0x120 [ 249.075346] ? __msan_poison_alloca+0x17a/0x210 [ 249.080058] ? vmx_vm_init+0x340/0x340 [ 249.083990] kvm_arch_vcpu_create+0x25d/0x2f0 [ 249.088518] kvm_vm_ioctl+0x13fd/0x33d0 [ 249.092536] ? __msan_poison_alloca+0x17a/0x210 [ 249.097247] ? do_vfs_ioctl+0x18a/0x2810 [ 249.101326] ? __se_sys_ioctl+0x1da/0x270 [ 249.105497] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 249.110364] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 249.115244] do_vfs_ioctl+0xcf3/0x2810 [ 249.119176] ? security_file_ioctl+0x92/0x200 [ 249.123710] __se_sys_ioctl+0x1da/0x270 [ 249.127721] __x64_sys_ioctl+0x4a/0x70 [ 249.131634] do_syscall_64+0xbe/0x100 [ 249.135464] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 249.140671] RIP: 0033:0x457579 [ 249.143882] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 249.162799] RSP: 002b:00007f088ac27c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 249.170530] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 249.177825] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 249.185109] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 249.192390] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f088ac286d4 [ 249.199682] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 249.207008] CPU: 0 PID: 7556 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #63 [ 249.215597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 249.224954] Call Trace: [ 249.227564] dump_stack+0x306/0x460 [ 249.231247] kmsan_report+0x1a3/0x2d0 [ 249.235073] __msan_warning+0x7c/0xe0 [ 249.238897] vmx_vcpu_put+0x77b/0xce0 [ 249.242724] ? vmx_vcpu_load+0x1cf0/0x1cf0 [ 249.246978] kvm_arch_vcpu_put+0x3b6/0x480 [ 249.251236] kvm_sched_out+0x90/0xb0 [ 249.254970] __schedule+0x970/0x9b0 [ 249.258621] ? kvm_arch_vcpu_ioctl_run+0x1bba/0x10a20 [ 249.263829] _cond_resched+0x5e/0xf0 [ 249.267563] kvm_arch_vcpu_ioctl_run+0x1bba/0x10a20 [ 249.272734] ? task_kmsan_context_state+0x6b/0x120 [ 249.277686] ? __msan_get_context_state+0x9/0x30 [ 249.282463] ? INIT_INT+0xc/0x30 [ 249.285842] ? task_kmsan_context_state+0x6b/0x120 [ 249.290790] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 249.296265] ? kmsan_set_origin_inline+0x6b/0x120 [ 249.301127] ? __msan_poison_alloca+0x17a/0x210 [ 249.305819] ? put_pid+0x71/0x410 [ 249.309283] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 249.313626] ? put_pid+0x1a9/0x410 [ 249.317177] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 249.322553] ? get_task_pid+0x17b/0x270 [ 249.326556] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 249.330737] ? do_vfs_ioctl+0x18a/0x2810 [ 249.334818] ? __se_sys_ioctl+0x1da/0x270 [ 249.338984] ? kvm_vm_release+0x90/0x90 [ 249.342972] do_vfs_ioctl+0xcf3/0x2810 [ 249.346911] ? security_file_ioctl+0x92/0x200 [ 249.351459] __se_sys_ioctl+0x1da/0x270 [ 249.355472] __x64_sys_ioctl+0x4a/0x70 [ 249.359374] do_syscall_64+0xbe/0x100 [ 249.363218] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 249.368440] RIP: 0033:0x457579 [ 249.371651] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 249.390561] RSP: 002b:00007f7963e9fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 249.398283] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 249.405560] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 249.412836] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 249.420112] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7963ea06d4 [ 249.427389] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 249.434708] [ 249.436341] Uninit was stored to memory at: [ 249.440685] kmsan_internal_chain_origin+0x136/0x240 [ 249.446300] __msan_chain_origin+0x75/0xd0 [ 249.450547] vmx_prepare_switch_to_guest+0x4f6/0x1720 [ 249.455749] kvm_arch_vcpu_ioctl_run+0x82fa/0x10a20 [ 249.460779] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 249.464938] do_vfs_ioctl+0xcf3/0x2810 [ 249.468834] __se_sys_ioctl+0x1da/0x270 [ 249.472824] __x64_sys_ioctl+0x4a/0x70 [ 249.476721] do_syscall_64+0xbe/0x100 [ 249.480539] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 249.485762] [ 249.487394] Local variable description: ----error.i.i@vmx_prepare_switch_to_guest [ 249.495026] Variable was created at: [ 249.498753] vmx_prepare_switch_to_guest+0x188/0x1720 [ 249.503963] kvm_arch_vcpu_ioctl_run+0x82fa/0x10a20 [ 249.508979] ================================================================== [ 250.754939] Shutting down cpus with NMI [ 250.759021] ------------[ cut here ]------------ [ 250.763797] kernel BUG at mm/kmsan/kmsan_entry.c:81! [ 250.768927] invalid opcode: 0000 [#1] SMP [ 250.773089] CPU: 0 PID: 7556 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #63 [ 250.775956] Kernel Offset: disabled [[ 2 2550.0.77858533002]2] ReRebbooootitningg iin n8 686404000 s eseccoondnsd.s. . . C ompute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 250.798654] RIP: 0010:kmsan_nmi_enter+0x42/0x70 [ 250.803339] Code: 00 74 27 65 8b 04 25 40 8f 03 00 ff c0 83 f8 08 7d 28 65 89 04 25 40 8f 03 00 65 c6 04 25 d5 6c 0b 00 ff c3 0f 0b 66 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e [ 250.822249] RSP: 0018:fffffe000000eea8 EFLAGS: 00010046 [ 250.827641] RAX: 0000000080000000 RBX: 0000000000000001 RCX: 00000000c0000101 [ 250.834918] RDX: 00000000ffff8802 RSI: ffffffff8ac011a8 RDI: ffff88021fc39f00 [ 250.842196] RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000 [ 250.849470] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 250.856742] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 250.864025] FS: 00007f7963ea0700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 250.872253] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 250.878142] CR2: 0000000000000000 CR3: 0000000142e72000 CR4: 00000000001426f0 [ 250.885432] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 250.892707] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 250.899975] Call Trace: [ 250.902565] [ 250.904736] ? end_repeat_nmi+0x19/0x58 [ 250.908727] ? end_repeat_nmi+0x7/0x58 [ 250.912640] ? panic_smp_self_stop+0xe/0xd0 [ 250.916977] ? panic_smp_self_stop+0x12/0xd0 [ 250.921402] ? panic_smp_self_stop+0x12/0xd0 [ 250.925838] ? panic_smp_self_stop+0x12/0xd0 [ 250.930246] [ 250.932499] ? panic+0x324/0xafa [ 250.935885] ? printk+0x171/0x1f0 [ 250.939363] ? task_kmsan_context_state+0x6b/0x120 [ 250.944308] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 250.949776] ? kmsan_report+0x2cd/0x2d0 [ 250.953773] ? __msan_warning+0x7c/0xe0 [ 250.957768] ? vmx_vcpu_put+0x77b/0xce0 [ 250.961763] ? vmx_vcpu_load+0x1cf0/0x1cf0 [ 250.966009] ? kvm_arch_vcpu_put+0x3b6/0x480 [ 250.970459] ? kvm_sched_out+0x90/0xb0 [ 250.974360] ? __schedule+0x970/0x9b0 [ 250.978179] ? kvm_arch_vcpu_ioctl_run+0x1bba/0x10a20 [ 250.983383] ? _cond_resched+0x5e/0xf0 [ 250.987298] ? kvm_arch_vcpu_ioctl_run+0x1bba/0x10a20 [ 250.992625] ? task_kmsan_context_state+0x6b/0x120 [ 250.997586] ? __msan_get_context_state+0x9/0x30 [ 251.002351] ? INIT_INT+0xc/0x30 [ 251.005729] ? task_kmsan_context_state+0x6b/0x120 [ 251.010677] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 251.016143] ? kmsan_set_origin_inline+0x6b/0x120 [ 251.021000] ? __msan_poison_alloca+0x17a/0x210 [ 251.025691] ? put_pid+0x71/0x410 [ 251.029154] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 251.033494] ? put_pid+0x1a9/0x410 [ 251.037045] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 251.042431] ? get_task_pid+0x17b/0x270 [ 251.046445] ? kvm_vcpu_ioctl+0x11a7/0x20b0 [ 251.050802] ? do_vfs_ioctl+0x18a/0x2810 [ 251.054878] ? __se_sys_ioctl+0x1da/0x270 [ 251.059039] ? kvm_vm_release+0x90/0x90 [ 251.063029] ? do_vfs_ioctl+0xcf3/0x2810 [ 251.067121] ? security_file_ioctl+0x92/0x200 [ 251.071640] ? __se_sys_ioctl+0x1da/0x270 [ 251.075813] ? __x64_sys_ioctl+0x4a/0x70 [ 251.079884] ? do_syscall_64+0xbe/0x100 [ 251.083882] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.089265] Modules linked in: [ 251.092480] ---[ end trace 243188d4d798f967 ]--- [ 251.097257] RIP: 0010:kmsan_nmi_enter+0x42/0x70 [ 251.101939] Code: 00 74 27 65 8b 04 25 40 8f 03 00 ff c0 83 f8 08 7d 28 65 89 04 25 40 8f 03 00 65 c6 04 25 d5 6c 0b 00 ff c3 0f 0b 66 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e [ 251.120847] RSP: 0018:fffffe000000eea8 EFLAGS: 00010046 [ 251.126220] RAX: 0000000080000000 RBX: 0000000000000001 RCX: 00000000c0000101 [ 251.133496] RDX: 00000000ffff8802 RSI: ffffffff8ac011a8 RDI: ffff88021fc39f00 [ 251.140771] RBP: fffffe000000eef9 R08: 0000000000000000 R09: 0000000000000000 [ 251.148046] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 251.155318] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 251.162597] FS: 00007f7963ea0700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 [ 251.170826] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 251.176709] CR2: 0000000000000000 CR3: 0000000142e72000 CR4: 00000000001426f0 [ 251.183986] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 251.191259] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400