[ 58.805875] audit: type=1800 audit(1539255654.861:27): pid=6124 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 60.209336] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 61.649380] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 62.058447] random: sshd: uninitialized urandom read (32 bytes read) [ 64.622854] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.99' (ECDSA) to the list of known hosts. [ 70.411811] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 11:01:08 fuzzer started [ 74.914920] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/11 11:01:13 dialing manager at 10.128.0.26:39089 2018/10/11 11:01:13 syscalls: 1 2018/10/11 11:01:13 code coverage: enabled 2018/10/11 11:01:13 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 11:01:13 setuid sandbox: enabled 2018/10/11 11:01:13 namespace sandbox: enabled 2018/10/11 11:01:13 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 11:01:13 fault injection: enabled 2018/10/11 11:01:13 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 11:01:13 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 11:01:13 net device setup: enabled [ 79.863596] random: crng init done 11:03:12 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(anubis)\x00'}, 0x77) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x8912, &(0x7f0000000040)="153f0300488dd25d8e6070") setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r2 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000001d80)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000140)="71cf16c75109316bca811dc818fa1dc5acac4b17a40fb636a980adea0de1ce812e57fde16a2857f25f39f4cce41fa8a57b5ee21ef2e52bbf187ab324977c0bf8fe64cbcd21992ddbc71ce6d00694361f82", 0x51}], 0x1, &(0x7f0000000580)}], 0x1, 0x0) [ 197.003028] IPVS: ftp: loaded support on port[0] = 21 [ 198.503504] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.510129] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.518819] device bridge_slave_0 entered promiscuous mode [ 198.662811] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.669400] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.678132] device bridge_slave_1 entered promiscuous mode [ 198.821475] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 198.960441] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 199.404224] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.554077] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.840776] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.848148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:03:16 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r0, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @rand_addr}}, &(0x7f0000000080)=0x80) [ 200.300473] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 200.308838] team0: Port device team_slave_0 added [ 200.560123] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.568313] team0: Port device team_slave_1 added [ 200.852083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.018128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 201.025191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.034324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.210425] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.218196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.224152] IPVS: ftp: loaded support on port[0] = 21 [ 201.227373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.447795] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.455598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.464819] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.220352] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.226941] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.235628] device bridge_slave_0 entered promiscuous mode [ 203.430706] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.437337] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.446030] device bridge_slave_1 entered promiscuous mode [ 203.657769] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.879156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.921311] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.927866] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.934958] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.941569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.950789] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 204.462700] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 204.773850] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 204.956256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.030726] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 205.038035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.281878] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.289073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.990130] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 205.998525] team0: Port device team_slave_0 added [ 206.178027] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 206.186444] team0: Port device team_slave_1 added 11:03:22 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000180)="86007300000000000000000000", 0x2, 0x0) unshare(0x20040000) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000080)={'icmp6\x00'}, &(0x7f00000000c0)=0x1e) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) pipe2(&(0x7f0000000140), 0x0) r3 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x0) ioctl$BLKTRACESTART(r3, 0x1274, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0x100, 0x279d}) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) [ 206.442354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 206.449626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 206.458734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 206.744543] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 206.751773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 206.760554] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.151524] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 207.159290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.168346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.466712] IPVS: ftp: loaded support on port[0] = 21 [ 207.510249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 207.518429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.527652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.496326] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.502797] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.511412] device bridge_slave_0 entered promiscuous mode [ 210.786045] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.792537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.799602] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.806135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.815085] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.844012] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.850625] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.859233] device bridge_slave_1 entered promiscuous mode [ 210.955987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.102924] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 211.367744] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.056921] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.336705] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.662448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.669707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.047435] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.054505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.866809] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.875030] team0: Port device team_slave_0 added [ 214.089642] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 214.098022] team0: Port device team_slave_1 added [ 214.310738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.317927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.327044] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 11:03:30 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x6, 0x3, &(0x7f0000346fc8), &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)={&(0x7f0000000040)='./file0/file0\x00', r0}, 0x10) [ 214.565221] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.572426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.581759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.951275] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 214.961169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.970189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.270504] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 215.278240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.287580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.036476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.078316] IPVS: ftp: loaded support on port[0] = 21 [ 217.315239] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 218.764649] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 218.771254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 218.779525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.462656] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.469232] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.476301] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.482799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.491804] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 219.516870] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.523343] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.532072] device bridge_slave_0 entered promiscuous mode [ 219.757341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.953276] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.959939] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.968574] device bridge_slave_1 entered promiscuous mode [ 220.205706] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.292641] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 220.718718] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 221.819023] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.170868] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.512281] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.519477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.941125] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 222.948377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.062941] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.071258] team0: Port device team_slave_0 added [ 224.413589] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.421942] team0: Port device team_slave_1 added [ 224.811826] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.819073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.828189] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 11:03:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) unshare(0x24020400) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r2, 0x0, 0x0, r2}) [ 225.201197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.208507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.217406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.560644] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.568354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.577552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.783903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.057203] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.064939] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.074354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.910457] IPVS: ftp: loaded support on port[0] = 21 [ 227.552355] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 229.216341] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 229.222727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.230921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 11:03:45 executing program 0: r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendto(r0, &(0x7f0000000480), 0x0, 0x0, &(0x7f0000000580)=@generic={0x0, "cdc94ed4568810b9027bb1637493a5528e00d505333bf6c99058fb72bf813318783df2c572d2773ebb46dc420604cf76179a4e85d5f2d1e5bc4ce29522a8d7cb7675520ab784c640c4c9153e50f6c59156bb3c09fce15d4dc2096eac758ce4687691334e96bb40bf941dc0ca9276a9ae72cc0763b81706d7c9811050737c"}, 0x80) 11:03:46 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x200008930, &(0x7f0000000480)="153f448e0dfd7a64aa1a70a15e353a") r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x28900, 0x4000) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0], 0x5, 0x1, 0x1, 0x2}) 11:03:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x8684540fe7344f0e, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={&(0x7f00000000c0), 0x3ac, &(0x7f0000000300)={&(0x7f00000003c0)={0x1ed, 0x42, 0x105, 0x0, 0x0, {0x1a}}, 0xfec5}}, 0x0) [ 230.816495] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.822990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.830096] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.836634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.845399] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 11:03:47 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200)='/dev/uinput\x00', 0x1, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000100)={'raw\x00', 0xd6, "164847a5e59f1c8fc09cddc0a980a8895af0f39bfcac971a3a7a1af89ef48afeab7dab28662f0c3d7b7b9c80d1a122345bc5a8539cfe97f34bb05cb9b7bcf706cd5f4782c9a5cc0540cba8c90c768500577983341ac13d4e3414406b60153c73256dc7907cc21863d2c9d585681806459e45173a777eb5e96b4763ff2388051338b167e36d3a4f78ed3507be0c24a1f5afe63307632194f257c735d0ca3a9a559ed40982ee537ee952d29e555d865d0a392728a4a11164a07a7f0b0ca3f87b9f3ea01cfad144bbbaf5d93845eda965c41a4d9353d6c1"}, &(0x7f0000000240)=0xfa) ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz1\x00'}) r2 = epoll_create(0x400) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000000)) write$uinput_user_dev(r0, &(0x7f0000000880)={'syz1\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000040)={0x0, 0x7, 0x30}, &(0x7f0000000080)=0xc) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000d00)={r3, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}}}, 0x84) r4 = socket$inet_tcp(0x2, 0x1, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000dc0)={{{@in=@broadcast, @in6, 0x4e23, 0x7, 0x4e22, 0x4, 0xa, 0x80, 0xc52bab78623ef166, 0x3f, 0x0, r5}, {0x8, 0x133d, 0xffff, 0x1, 0x10000, 0x69, 0x75e, 0x9}, {0x1d78, 0x8, 0x9, 0x101}, 0x200, 0x6e6bb0, 0x1, 0x1, 0x2}, {{@in=@rand_addr=0x8, 0x4d6, 0x33}, 0xa, @in6=@remote, 0x3507, 0x2, 0x3, 0x1, 0x7fffffff, 0xe78, 0x5}}, 0xe8) [ 231.037526] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.101829] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.108383] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.117306] device bridge_slave_0 entered promiscuous mode [ 231.140321] input: syz1 as /devices/virtual/input/input5 [ 231.239256] input: syz1 as /devices/virtual/input/input6 11:03:47 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0x67}}, &(0x7f0000000180)="4550d4001f91eb2f57b73224433025039c3096b20c6b439348bf689c08608537d6223e63adc0624fbae2e109359dce6922324ccc13160b68cae6430697259dd52d1f73e16adc3592d02925dffae85e9cd2398c6c67c87fb5b12602f145b484be45912966e8b7e2f66069c56dd76c1dc112013c3a6b4de999cdcdc8855aee3437dcc87580cfbe546fbbfbc0eb56d8bbbea2904a7c73c2", 0x0, 0x60, &(0x7f0000000000)=""/195}, 0x16) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0x50, &(0x7f0000000240)={0x0, 0x0}}, 0x10) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x4c000, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000600)=r1, 0x4) ioctl$EVIOCSCLOCKID(r2, 0x400445a0, &(0x7f00000005c0)=0x200) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000340)='/dev/full\x00', 0x200000, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000400)={0x0, 0x78, &(0x7f0000000380)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xc}}, @in6={0xa, 0x4e23, 0x9, @remote, 0x2}, @in={0x2, 0x4e20, @local}, @in={0x2, 0x4e20, @rand_addr=0x7fffffff}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x9, @loopback, 0x1}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000480)={r4, @in6={{0xa, 0x4e23, 0x6, @empty, 0x3}}, 0x5, 0x8000, 0x3, 0xf7, 0x4}, &(0x7f0000000540)=0x98) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300)=r1, 0x4) [ 231.744927] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.751557] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.760648] device bridge_slave_1 entered promiscuous mode [ 231.849117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 11:03:48 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000500)={'filter\x00', 0x4}, 0x68) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) [ 232.219125] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 232.685068] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 11:03:48 executing program 0: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffffff, 0x80000) r1 = getpgrp(0xffffffffffffffff) r2 = getuid() stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={r1, r2, r3}, 0xc) r4 = socket(0x10, 0x802, 0x0) write$FUSE_INIT(r0, &(0x7f00000001c0)={0x50, 0x0, 0x5, {0x7, 0x1b, 0x0, 0x8102, 0x9, 0x9, 0x1, 0x7fff}}, 0x50) ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000280)={0x3, &(0x7f0000000240)=[0x8, 0x6, 0x4]}) write(r4, &(0x7f0000000380)="fc00000048000700ab092500090007000aab80ff010000000000369321000100ff0500000005d000a200000000039815fa2c1ec29b56aaa79bb94b46fe000000bc00020000036c6c25ebd9272f2e117c22ebc205214000000000008934d07302ade01720d7d5bbc91a3e2e80772105defd6c32e280fc83ab82f605f70c9ddef2fe082038f4f840000000000000000e5be60000000000000091cf190201ded815b2ccd243f295ed94e0ad918935296ce1bd0734babc7c3f2ed257d43dd26b17e583df150c3b880f410f46a6b567b4d5625587e658a1ad0a4f01731d05b0350b0041f0efe0d48f6f00000805403131e50e33429fd3000175e6dde4840ef71721f2e97799b5a09fe6930d4c2666f9036f7036471742abda421030053fe45f4949f41f68060c9bc85284f1f30c1552c7e2d718975d5afbe4", 0x136) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f0000000080)=r1) 11:03:49 executing program 0: r0 = socket$vsock_stream(0x28, 0x1, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d76bbb6") poll(&(0x7f0000000240)=[{r0}], 0x1, 0x4) [ 233.948153] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.410490] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 234.831214] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 234.838492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 235.227467] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 235.242831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.244871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.402574] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 236.410876] team0: Port device team_slave_0 added [ 236.806779] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.815047] team0: Port device team_slave_1 added [ 237.108190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.115511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.124308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.392734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 237.402099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.411165] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.589519] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 237.671424] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.679241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.688244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.022704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 238.030562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.039799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.906616] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 238.913047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.921251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 11:03:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r2}) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f00000000c0)={0x79}) [ 239.829171] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 240.171435] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.180848] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.187421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.194371] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.201044] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.209780] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 241.216506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 243.722744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.568552] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.362249] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.369269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.377243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.866562] ================================================================== [ 245.874011] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 245.881134] CPU: 0 PID: 7368 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #66 [ 245.888332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.897702] Call Trace: [ 245.900319] dump_stack+0x306/0x460 [ 245.903975] ? vmap_page_range_noflush+0x975/0xed0 [ 245.908958] kmsan_report+0x1a2/0x2e0 [ 245.912797] __msan_warning+0x7c/0xe0 [ 245.916635] vmap_page_range_noflush+0x975/0xed0 [ 245.921476] map_vm_area+0x17d/0x1f0 [ 245.925234] kmsan_vmap+0xf2/0x180 [ 245.928817] vmap+0x3a1/0x510 [ 245.931951] ? relay_open_buf+0x81e/0x19d0 [ 245.936233] relay_open_buf+0x81e/0x19d0 [ 245.940363] relay_open+0xabb/0x1370 [ 245.944145] do_blk_trace_setup+0xaf7/0x1780 [ 245.948632] __blk_trace_setup+0x20b/0x380 [ 245.952947] blk_trace_setup+0xfb/0x140 [ 245.956987] sg_ioctl+0x10ff/0x58b0 [ 245.960675] ? do_vfs_ioctl+0x18a/0x2810 [ 245.964766] ? __se_sys_ioctl+0x1da/0x270 [ 245.968960] ? sg_poll+0x870/0x870 [ 245.972535] do_vfs_ioctl+0xcf3/0x2810 [ 245.976474] ? security_file_ioctl+0x92/0x200 [ 245.981015] __se_sys_ioctl+0x1da/0x270 [ 245.985043] __x64_sys_ioctl+0x4a/0x70 [ 245.988966] do_syscall_64+0xbe/0x100 [ 245.992803] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 245.998019] RIP: 0033:0x457519 [ 246.001240] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 246.020156] RSP: 002b:00007fa20ad91c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 246.027904] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 246.035203] RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 0000000000000009 [ 246.042509] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 246.049795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa20ad926d4 [ 246.057084] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 246.064382] [ 246.066017] Uninit was created at: [ 246.069593] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 246.074715] kmsan_kmalloc+0xa4/0x120 [ 246.078541] __kmalloc+0x14b/0x440 [ 246.082108] kmsan_vmap+0x9b/0x180 [ 246.085682] vmap+0x3a1/0x510 [ 246.088812] relay_open_buf+0x81e/0x19d0 [ 246.092903] relay_open+0xabb/0x1370 [ 246.096655] do_blk_trace_setup+0xaf7/0x1780 [ 246.101085] __blk_trace_setup+0x20b/0x380 [ 246.105348] blk_trace_setup+0xfb/0x140 [ 246.109350] sg_ioctl+0x10ff/0x58b0 [ 246.113000] do_vfs_ioctl+0xcf3/0x2810 [ 246.116924] __se_sys_ioctl+0x1da/0x270 [ 246.120942] __x64_sys_ioctl+0x4a/0x70 [ 246.124852] do_syscall_64+0xbe/0x100 [ 246.128688] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 246.133895] ================================================================== [ 246.141271] Disabling lock debugging due to kernel taint [ 246.146730] Kernel panic - not syncing: panic_on_warn set ... [ 246.146730] [ 246.154148] CPU: 0 PID: 7368 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #66 [ 246.162737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.172100] Call Trace: [ 246.174721] dump_stack+0x306/0x460 [ 246.178412] panic+0x54c/0xafa [ 246.181691] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 246.187175] kmsan_report+0x2d3/0x2e0 [ 246.191018] __msan_warning+0x7c/0xe0 [ 246.194857] vmap_page_range_noflush+0x975/0xed0 [ 246.199710] map_vm_area+0x17d/0x1f0 [ 246.203469] kmsan_vmap+0xf2/0x180 [ 246.207045] vmap+0x3a1/0x510 [ 246.210184] ? relay_open_buf+0x81e/0x19d0 [ 246.214461] relay_open_buf+0x81e/0x19d0 [ 246.218579] relay_open+0xabb/0x1370 [ 246.222355] do_blk_trace_setup+0xaf7/0x1780 [ 246.226824] __blk_trace_setup+0x20b/0x380 [ 246.231114] blk_trace_setup+0xfb/0x140 [ 246.235130] sg_ioctl+0x10ff/0x58b0 [ 246.239344] ? do_vfs_ioctl+0x18a/0x2810 [ 246.243428] ? __se_sys_ioctl+0x1da/0x270 [ 246.247607] ? sg_poll+0x870/0x870 [ 246.251178] do_vfs_ioctl+0xcf3/0x2810 [ 246.255113] ? security_file_ioctl+0x92/0x200 [ 246.259653] __se_sys_ioctl+0x1da/0x270 [ 246.263670] __x64_sys_ioctl+0x4a/0x70 [ 246.267589] do_syscall_64+0xbe/0x100 [ 246.269359] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.271436] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 246.282505] RIP: 0033:0x457519 [ 246.285717] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 246.304638] RSP: 002b:00007fa20ad91c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 246.312378] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 246.319665] RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 0000000000000009 [ 246.326954] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 246.334247] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa20ad926d4 [ 246.341536] R13: 00000000004be982 R14: 00000000004ce680 R15: 00000000ffffffff [ 246.349860] Kernel Offset: disabled [ 246.353527] Rebooting in 86400 seconds..