[ 54.952442] audit: type=1800 audit(1538759949.985:27): pid=6002 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 56.402872] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 59.116909] random: sshd: uninitialized urandom read (32 bytes read) [ 59.584991] random: sshd: uninitialized urandom read (32 bytes read) [ 62.064886] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. [ 67.804323] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/05 17:19:24 fuzzer started [ 72.461542] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/05 17:19:30 dialing manager at 10.128.0.26:36867 2018/10/05 17:19:30 syscalls: 1 2018/10/05 17:19:30 code coverage: enabled 2018/10/05 17:19:30 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/05 17:19:30 setuid sandbox: enabled 2018/10/05 17:19:30 namespace sandbox: enabled 2018/10/05 17:19:30 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/05 17:19:30 fault injection: enabled 2018/10/05 17:19:30 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/05 17:19:30 net packed injection: enabled 2018/10/05 17:19:30 net device setup: enabled [ 77.283799] random: crng init done 17:21:24 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000dec000)={0x6, 0x4, 0x338d, 0x7}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000c88000)={r0, &(0x7f0000847f95), &(0x7f000089b000)}, 0x3a8) [ 189.783971] IPVS: ftp: loaded support on port[0] = 21 [ 192.073017] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.079499] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.088149] device bridge_slave_0 entered promiscuous mode [ 192.225757] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.232399] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.240747] device bridge_slave_1 entered promiscuous mode [ 192.377315] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 192.517035] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 192.934178] bond0: Enslaving bond_slave_0 as an active interface with an up link 17:21:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) recvmmsg(0xffffffffffffffff, &(0x7f0000001c00), 0x0, 0x0, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f000000b000)={&(0x7f000000f000), 0xc, &(0x7f00005a6ff0)={&(0x7f0000451ccc)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in6}, {@in=@loopback}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}}, 0xf0}}, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000012c0)={"29fb9968ef7106feec3614a6ac67866778f51801166af1cdfb7713f13cf8c4e4832935b509a03285b4f8794b40d29a0cdc1a491998da82984d39073a29dffcc66de806e2782796d8c53ecea498c8410b448c5d82ad6b0c24069884980b5ff1a40c2b57aa5aacbeb54b4f4c5d61583f19fe416446ca1ec8b2b91b90333130c03e1e920878b8a2fa525c65941d2354542ee4c7c0224a1710c9306533f77bf3e2da8bae7bc9b7bf9182a9ac37a901d79f189c5893178cc03e7e0c6b43a423e5d773464e739bb2ac37cf42ca5dd704f70a36a316704a5a640dcd81f76be4acd0b4a1322db1587e0efacea4b40fbefceb1e099c8d47a7f6d88fdb4ab9582dc4640587eefde47bd351575a5249ea876b42fa877b4e6a926899c4df3f2dd083011f7bcc19c70f3f81fa95f03e9a1e11eec212535add74e03fecd2d264abc987baeb68ff4e1e689338841c7b07447ddd358757067220bcb86530559699f4b6b122506a0fe49a8e7c73d7660508831dae0b857a8f02e90ed44e3205e683169ecee114a33ab6ef8268e33dd97a4a9e0531440acbf6fb6791cd34b553f6d677e2f3e8f1c57988ca1226f8a44e7871108d2c76a64425b82cae2e561c5a41c11974b5f80cc01ca7f1c17f9c5c286794f70160e2daef14aee244f7a6b4de62d3516f3cd7ec22e37f4f105ad076ae5af8ee2a5360a1f4a1a5be7c73175ffc2eab97fb6f4d4cbb1fb161d054b02ea96eb40f78fe1613c9300a2c8607ba31c30b809dfc02e5d2ada29ef3120c1c1e4175fd1f62386eb1dd506a1e79d62d866b6e9956fe120e2cd9ff3a602f9beb12b012c9c54848446f408f7d683830243f07a37f924e5f5dd55480010c89ab296b2f41ccad9b6219a8b7e204fc9ca5e664a4617d1b745aa6cf6afeb8379e187580b8b9dffd62dea07b20805400091a4266d527b452d82e1141d039de024909f5cb8d1835a41b7abc29fd0a06e54dc09104c95510f5a8998b684b515110d608db14d1a5910d77d60e3725bf5d0c378c9d650fe183242a3291a3190da7b65bfd99a1073ac7686e93912c1a06aa40715b72e03fdebf2be5a647437b7f5021873332a8e2a5dae241fc47ed65587744785c14eeadb6d9f8b49ce4ed87107f7ec839b3f20106d5de7401faf00950b90e3d6c712aebc36d68040e082352107e1b77f8e427541023a914fafd2c36768c820725737bedfbcc22f30cad4af72f8d62e30b827b9a5aed691ab9a2575dcfce6c9ff145ee4a6e6f9c319d829475d0aa133b1d9f7b55e2fc9c2d631db922c4dc2d17de0447531c64a9841cca097b6f9fbc94429f5ee2dc6b312f0eb66847435a9bbaae3a4a61260deb563dca2638e1a59461c097f80ad1d82ea4b31e06f74d3a5fe5243be0fb55bc2fdc58eab171dcafdf741bc977e05a8088566f3c5d9a1474388490b2ec97ddb1a95c568557a5a2"}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000240)=0x3004) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 193.131249] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.634064] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 193.641093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.677469] IPVS: ftp: loaded support on port[0] = 21 [ 194.408834] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 194.417108] team0: Port device team_slave_0 added [ 194.613267] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 194.621223] team0: Port device team_slave_1 added [ 194.924181] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 194.931207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.940213] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.124161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 195.131195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.140566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.322329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 195.329926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.339010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.544011] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 195.551551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.560778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 197.174246] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.180726] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.189238] device bridge_slave_0 entered promiscuous mode [ 197.478481] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.485143] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.493807] device bridge_slave_1 entered promiscuous mode [ 197.792633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 197.854333] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.860829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.867905] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.874427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.883495] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 197.964407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 198.490330] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.573563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.713758] bond0: Enslaving bond_slave_1 as an active interface with an up link 17:21:33 executing program 2: r0 = epoll_create(0x6) close(r0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) [ 198.983763] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 198.990796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.216601] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.223997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.679737] IPVS: ftp: loaded support on port[0] = 21 [ 200.181192] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 200.189326] team0: Port device team_slave_0 added [ 200.460299] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.468389] team0: Port device team_slave_1 added [ 200.724465] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.731503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.741092] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.995729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 201.002898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.011548] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.326412] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.334248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.343262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.671271] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.679027] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.688118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.144740] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.151213] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.159634] device bridge_slave_0 entered promiscuous mode [ 204.444291] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.450775] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.459267] device bridge_slave_1 entered promiscuous mode [ 204.792124] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.798619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.805623] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.812144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.820868] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 204.838647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.893268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.137023] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 205.979077] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 206.260984] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 206.511819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 206.519015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 17:21:41 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x2, 0x803, 0x1) connect$inet(r0, &(0x7f0000390000)={0x2, 0x0, @loopback}, 0x10) r1 = open(&(0x7f0000000000)='./file0\x00', 0x40042, 0x0) ftruncate(r1, 0x10004) sendfile(r0, r1, 0x0, 0xea19) [ 206.713909] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 206.720953] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.678206] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 207.686376] team0: Port device team_slave_0 added [ 207.828722] IPVS: ftp: loaded support on port[0] = 21 [ 207.981417] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 207.989548] team0: Port device team_slave_1 added [ 208.350107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 208.357270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.366381] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.824536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 208.852093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.860977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.168456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.176133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.185267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.517434] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.525126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.534161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.853079] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.274377] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 212.483723] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.490130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.499319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.394318] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.400818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.407827] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.414339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.423191] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.544429] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.550905] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.559442] device bridge_slave_0 entered promiscuous mode [ 213.908512] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.915156] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.923637] device bridge_slave_1 entered promiscuous mode [ 213.942949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.996040] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.333154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 214.640082] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 215.639947] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.156401] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.517394] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 216.524706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 216.825515] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 216.832693] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 17:21:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="c744240006000000c744240200000080c7442406000000000f01142466b8c2008ec80f070f0f369a0f2002674669f9c12c000026660f38157e0f660f0dbead00000066baf80cb8bcecb281ef66bafc0cb80b000000ef0f20d835080000000f22d8", 0x61}], 0x1, 0x0, &(0x7f0000000180), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000600)="0f75720066b98f03000066b8f8ffffff66baffffffff0f3000db6766c7442400000000006766c7442402000000006766c744240600000000670f011c240f20e06635000010000f22e0b84e000f00d066b8033900000f23d80f21f86635800000d00f23f80fc79e87a6fd0fc76fb5", 0x6e}], 0x1, 0x0, &(0x7f00000006c0), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 217.913558] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 217.921528] team0: Port device team_slave_0 added [ 218.341738] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.349843] team0: Port device team_slave_1 added [ 218.538713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.792665] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.799709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.808596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.091173] IPVS: ftp: loaded support on port[0] = 21 [ 219.269854] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.277143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.286133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.683382] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.690948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.702662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.049043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 220.056783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.065888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.239305] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 221.707097] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 221.713619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.721261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 17:21:57 executing program 0: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x50, &(0x7f0000000340), &(0x7f0000000040)=0x362) 17:21:58 executing program 0: r0 = accept4(0xffffffffffffff9c, &(0x7f0000000080), &(0x7f0000000200)=0x80, 0x800) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, r0, 0x0) chdir(&(0x7f0000000040)='./file0/../file0\x00') llistxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)=""/196, 0xc4) [ 223.406345] 8021q: adding VLAN 0 to HW filter on device team0 17:21:58 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000b4508a)='/dev/ashmem\x00', 0x0, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x101400, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x8000) write$P9_RSTATFS(r1, &(0x7f0000000180)={0x43, 0x9, 0x2, {0x5, 0x6, 0xf4, 0x2, 0x2, 0x100000000, 0x0, 0x5, 0x8}}, 0x43) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x10005) mmap(&(0x7f00006f7000/0x4000)=nil, 0x4000, 0x0, 0x2012, r0, 0x0) setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='system.posix_acl_access\x00', &(0x7f00000000c0)='-nodev,\x00', 0x8, 0x1) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x121802, 0x0) ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x9) 17:21:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x20000, 0x0) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000080)={0xffffffffffffffff, 0x1, 0xee6, 0x120000000000000, 0x8}, 0xc) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x3}]}}}]}, 0x3c}}, 0x0) 17:21:59 executing program 0: socketpair$inet6_sctp(0xa, 0x1, 0x84, &(0x7f0000000000)) syz_emit_ethernet(0xfdef, &(0x7f0000000080)={@local, @empty=[0x0, 0x0, 0xfeffffff00000000], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0xffffff89, 0x0, @local={0xac, 0x223}, @dev}, @udp={0x0, 0x0, 0x8}}}}}, &(0x7f00000000c0)) [ 225.010220] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.016751] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.023757] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.030206] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.038561] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 225.045257] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 17:22:00 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r0, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000d10ffc)=0x3, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, @in={0x2, 0x0, @multicast1}, @in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @mcast2}], 0x58) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x28, &(0x7f0000000080)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r2, 0x3ff, 0x18}, 0xc) 17:22:00 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000180)='/dev/snd/controlC#\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488d") syz_open_dev$sndctrl(&(0x7f0000000440)='/dev/snd/controlC#\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x40000000040201, 0x0) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000100)={0x9, 0x3f}, 0x2) openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nullb0\x00', 0x80, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0) getsockopt$packet_buf(r2, 0x107, 0x5, &(0x7f00000002c0)=""/144, &(0x7f0000000140)=0x90) [ 226.189247] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.195953] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.204335] device bridge_slave_0 entered promiscuous mode [ 226.672150] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.678629] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.687073] device bridge_slave_1 entered promiscuous mode [ 227.087055] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 17:22:02 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x3, 0x402) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0) write$binfmt_elf32(r0, &(0x7f0000000680)=ANY=[@ANYBLOB="7f454c460000000000000000000000000200000000110000000000000000000000000000ff070020000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000c7ff94ab7d3ac9b779c4c247429431f4e0a81b0147cade87185979538b203964e877c95c8ffa0b034e28c26642ee21ac4aa6ed10d4ede6865c835162b5ffa00fa30c38a3ca2176dcfc1bd74f9d66e864faed80797174ba5d7711d73eff87c384bcefb99d0c6505ad4c4b651b80cd86032ce52664b226263b00ee4ca6682da568565d59f651eb82e0a10966d24c566753f67b0e78f5683139a0867eb76a052602adf3db55b1"], 0x58) readv(r0, &(0x7f0000000600)=[{&(0x7f0000000140)=""/142}, {&(0x7f0000000200)=""/190}, {&(0x7f00000002c0)=""/198}, {&(0x7f0000000000)=""/55}, {&(0x7f00000003c0)=""/205}, {&(0x7f00000004c0)=""/247, 0x323}, {&(0x7f00000005c0)=""/22}], 0x100000000000025a) [ 227.400059] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 228.695242] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 229.088267] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 229.465634] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 229.472846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.835875] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 229.843110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.010995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.736556] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 230.744728] team0: Port device team_slave_0 added [ 230.999225] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.007567] team0: Port device team_slave_1 added [ 231.057478] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 231.299065] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 231.306286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.315122] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.582317] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 231.589362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.598154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.793409] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 231.956266] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.963982] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.972912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.005615] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 232.006986] hrtimer: interrupt took 54146 ns [ 232.013123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 232.024111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 232.101790] ================================================================== [ 232.109233] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590 [ 232.115747] CPU: 1 PID: 7117 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #63 [ 232.122951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.132314] Call Trace: [ 232.134929] dump_stack+0x306/0x460 [ 232.138590] ? loaded_vmcs_init+0x343/0x590 [ 232.142971] kmsan_report+0x1a3/0x2d0 [ 232.146811] __msan_warning+0x7c/0xe0 [ 232.150652] loaded_vmcs_init+0x343/0x590 [ 232.154840] __loaded_vmcs_clear+0x2fb/0x3c0 [ 232.159284] generic_exec_single+0x17b/0x500 [ 232.163728] ? vmx_get_msr_feature+0x180/0x180 [ 232.168354] smp_call_function_single+0x290/0x500 [ 232.173231] ? vmx_get_msr_feature+0x180/0x180 [ 232.177861] vmx_free_vcpu+0x582/0x8a0 [ 232.181777] ? vmx_create_vcpu+0x7920/0x7920 [ 232.186220] kvm_arch_destroy_vm+0x727/0xcd0 [ 232.190670] kvm_put_kvm+0x100b/0x1cf0 [ 232.194614] kvm_vcpu_release+0xad/0x100 [ 232.198699] ? kvm_vcpu_mmap+0x80/0x80 [ 232.202613] __fput+0x4e8/0xda0 [ 232.205935] ____fput+0x37/0x40 [ 232.209242] ? fput+0x3e0/0x3e0 [ 232.212549] task_work_run+0x467/0x500 [ 232.216489] prepare_exit_to_usermode+0x364/0x470 [ 232.221368] syscall_return_slowpath+0x112/0x880 [ 232.226149] ? __close_fd+0x465/0x4c0 [ 232.229995] ? __se_sys_close+0x72/0x140 [ 232.234089] do_syscall_64+0xe4/0x100 [ 232.237923] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 232.243145] RIP: 0033:0x411051 [ 232.246528] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 232.265444] RSP: 002b:0000000000a3fd90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 232.273182] RAX: 0000000000000000 RBX: 000000000000000a RCX: 0000000000411051 [ 232.280472] RDX: 0000000000000000 RSI: 0000000000731f00 RDI: 0000000000000009 [ 232.287754] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 232.295041] R10: 0000000000a3fcb0 R11: 0000000000000293 R12: 0000000000000000 [ 232.302327] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 232.309627] [ 232.311262] Local variable description: ----error.i@loaded_vmcs_init [ 232.317845] Variable was created at: [ 232.321584] loaded_vmcs_init+0x8a/0x590 [ 232.325665] __loaded_vmcs_clear+0x2fb/0x3c0 [ 232.330080] ================================================================== [ 232.337454] Disabling lock debugging due to kernel taint [ 232.342917] Kernel panic - not syncing: panic_on_warn set ... [ 232.342917] [ 232.350327] CPU: 1 PID: 7117 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #63 [ 232.358910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.368599] Call Trace: [ 232.371213] dump_stack+0x306/0x460 [ 232.374886] panic+0x54c/0xafa [ 232.378149] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 232.383627] kmsan_report+0x2cd/0x2d0 [ 232.387474] __msan_warning+0x7c/0xe0 [ 232.391318] loaded_vmcs_init+0x343/0x590 [ 232.395517] __loaded_vmcs_clear+0x2fb/0x3c0 [ 232.399974] generic_exec_single+0x17b/0x500 [ 232.404417] ? vmx_get_msr_feature+0x180/0x180 [ 232.409043] smp_call_function_single+0x290/0x500 [ 232.413920] ? vmx_get_msr_feature+0x180/0x180 [ 232.418558] vmx_free_vcpu+0x582/0x8a0 [ 232.422480] ? vmx_create_vcpu+0x7920/0x7920 [ 232.426923] kvm_arch_destroy_vm+0x727/0xcd0 [ 232.431386] kvm_put_kvm+0x100b/0x1cf0 [ 232.435326] kvm_vcpu_release+0xad/0x100 [ 232.439412] ? kvm_vcpu_mmap+0x80/0x80 [ 232.443327] __fput+0x4e8/0xda0 [ 232.446656] ____fput+0x37/0x40 [ 232.449970] ? fput+0x3e0/0x3e0 [ 232.453285] task_work_run+0x467/0x500 [ 232.457217] prepare_exit_to_usermode+0x364/0x470 [ 232.462098] syscall_return_slowpath+0x112/0x880 [ 232.466884] ? __close_fd+0x465/0x4c0 [ 232.470735] ? __se_sys_close+0x72/0x140 [ 232.474838] do_syscall_64+0xe4/0x100 [ 232.478673] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 232.483886] RIP: 0033:0x411051 [ 232.487131] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 232.504045] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.506589] RSP: 002b:0000000000a3fd90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 232.514308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.521166] RAX: 0000000000000000 RBX: 000000000000000a RCX: 0000000000411051 [ 232.521194] RDX: 0000000000000000 RSI: 0000000000731f00 RDI: 0000000000000009 [ 232.530075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 232.535750] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 232.535764] R10: 0000000000a3fcb0 R11: 0000000000000293 R12: 0000000000000000 [ 232.535777] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 232.544097] Kernel Offset: disabled [ 232.576826] Rebooting in 86400 seconds..