[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 59.210184] sshd (6133) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 59.452638] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 60.947385] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.457497] random: sshd: uninitialized urandom read (32 bytes read) [ 63.729216] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.102' (ECDSA) to the list of known hosts. [ 69.504002] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/09 14:30:43 fuzzer started [ 74.354131] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/09 14:30:48 dialing manager at 10.128.0.26:44001 2018/10/09 14:30:48 syscalls: 1 2018/10/09 14:30:48 code coverage: enabled 2018/10/09 14:30:48 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/09 14:30:48 setuid sandbox: enabled 2018/10/09 14:30:48 namespace sandbox: enabled 2018/10/09 14:30:48 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/09 14:30:48 fault injection: enabled 2018/10/09 14:30:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/09 14:30:48 net packed injection: enabled 2018/10/09 14:30:48 net device setup: enabled [ 80.044734] random: crng init done 14:32:47 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x2, 0x4001) [ 196.600535] IPVS: ftp: loaded support on port[0] = 21 [ 198.735017] ip (6259) used greatest stack depth: 53056 bytes left [ 199.036927] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.043480] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.052174] device bridge_slave_0 entered promiscuous mode [ 199.197067] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.203650] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.212331] device bridge_slave_1 entered promiscuous mode [ 199.354021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 199.497645] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 14:32:52 executing program 1: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000240)={0x41, 0x6, 0x0, {0x0, 0x0, 0x18, 0x0, '/dev/infiniband/rdma_cm\x00'}}, 0x41) [ 199.939014] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.199415] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.505123] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 200.512334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.659732] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 200.666933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.724512] IPVS: ftp: loaded support on port[0] = 21 [ 201.539296] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 201.547618] team0: Port device team_slave_0 added [ 201.815999] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 201.824244] team0: Port device team_slave_1 added [ 202.107121] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 202.114346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.123362] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.300129] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 202.307239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.316163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.495032] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 202.502836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.511960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.822921] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 202.830622] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.839825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.339568] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.346144] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.354747] device bridge_slave_0 entered promiscuous mode [ 204.565465] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.572118] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.580645] device bridge_slave_1 entered promiscuous mode [ 204.724098] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.939341] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 205.572236] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 205.630711] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.637262] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.644348] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.650807] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.659700] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.797653] bond0: Enslaving bond_slave_1 as an active interface with an up link 14:32:57 executing program 2: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x10000) ioctl$KVM_PPC_ALLOCATE_HTAB(r0, 0xc004aea7, &(0x7f0000000000)=0x2) sendfile(r0, r0, &(0x7f00000002c0), 0x100000000) [ 206.119697] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 206.126979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 206.339438] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 206.346705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 206.403742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.002942] IPVS: ftp: loaded support on port[0] = 21 [ 207.277186] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 207.285340] team0: Port device team_slave_0 added [ 207.516780] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 207.525147] team0: Port device team_slave_1 added [ 207.856346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 207.863554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.872657] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.107412] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 208.114546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.123627] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.314299] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.322120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.331252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.516096] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 208.524352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.533610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.947145] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.953699] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.960643] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.967225] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.976430] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 212.001885] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.008433] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.017623] device bridge_slave_0 entered promiscuous mode [ 212.309790] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.316423] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.325034] device bridge_slave_1 entered promiscuous mode [ 212.522975] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 212.652603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.857069] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 213.741344] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 214.062517] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 214.363631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.370676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.633965] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 214.641042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 14:33:06 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x2) ioctl$UI_SET_SWBIT(r0, 0x8004550f, 0x70e000) [ 215.637960] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 215.646042] team0: Port device team_slave_0 added [ 215.953538] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 215.961735] team0: Port device team_slave_1 added [ 216.100011] IPVS: ftp: loaded support on port[0] = 21 [ 216.292741] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 216.299784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.308812] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 216.687678] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 216.694876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 216.703760] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.085120] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 217.092815] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.101967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.375647] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 217.383787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.392853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.934959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.493490] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 220.789724] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.796219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.804453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.572832] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.579371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.586371] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.592895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.601890] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 221.834448] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.840949] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.849703] device bridge_slave_0 entered promiscuous mode [ 222.092614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.151400] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.158047] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.166870] device bridge_slave_1 entered promiscuous mode [ 222.236712] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.542167] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 222.896507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 224.025714] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 224.420138] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 224.776864] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 224.784096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.143587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 225.150636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 14:33:17 executing program 4: unshare(0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vcs\x00', 0x2000, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000000)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x20601, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, &(0x7f0000000140)) read(r1, &(0x7f0000001700)=""/4096, 0x1000) clock_gettime(0x8, &(0x7f0000000200)) write$evdev(r1, &(0x7f0000000400), 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x0, 0x0) setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000004c0)={0x0, @multicast2, @broadcast}, 0xc) getdents(0xffffffffffffffff, &(0x7f0000000700)=""/4096, 0x1000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)) utimensat(0xffffffffffffffff, 0x0, &(0x7f00000016c0)={{0x0, 0x2710}}, 0x0) [ 226.316772] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.324958] team0: Port device team_slave_0 added [ 226.670034] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.712236] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 226.720310] team0: Port device team_slave_1 added [ 227.174159] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 227.181200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 227.189999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.241861] IPVS: ftp: loaded support on port[0] = 21 [ 227.605807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 227.613229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 227.622308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.078029] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 228.085739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 228.094942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.452575] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 228.520607] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 228.528444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.537325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.177411] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 230.184437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 230.192716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 231.901011] 8021q: adding VLAN 0 to HW filter on device team0 14:33:24 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000007000)={&(0x7f0000001000), 0xc, &(0x7f0000007ff0)={&(0x7f0000009000)=@newsa={0x138, 0x10, 0x301, 0x0, 0x0, {{@in=@broadcast, @in=@rand_addr}, {@in6=@loopback, 0x0, 0x32}, @in6, {}, {}, {}, 0x0, 0x0, 0x2, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}]}, 0x138}}, 0x0) 14:33:24 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x96b2, 0x4000) accept4$unix(r1, &(0x7f0000000340)=@abs, &(0x7f0000000400)=0x6e, 0x80800) fcntl$getownex(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0}) lsetxattr$security_evm(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='security.evm\x00', &(0x7f0000000500)=@md5={0x1, "479ccf6f3dcf0eebd0639eee165f6dee"}, 0x11, 0x2) r3 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a58}, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = memfd_create(&(0x7f0000000080)='/dev/vga_arbiter\x00', 0x1) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$SG_GET_TIMEOUT(r5, 0x2202, 0x0) socket(0xa, 0x1, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x9, &(0x7f0000000280)="025cc83d6d345f8f760070") bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x9, 0x401, 0x1, 0x3, 0x0, r5}, 0x2c) getegid() r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x80000, 0x0) r7 = socket$inet6(0xa, 0x3, 0x3a) syz_open_procfs$namespace(r2, &(0x7f0000000680)="6e732f75747300a4b5e7d1bdca90ecbaa740be21123cb927528ad51ee9ce88557a8cee75343fd0b2ff0db078d7ea6505cd92356908454a56bdc402f40278824007b93c3adff9000000000000902f7a3fbd6b8c625baf71647387dcdbfc811d127fd79365bff3e2cf5002b6fdd2cf9823252452255e6f49eb425ac74b7c6162c3e4dbcff1f655da8924366a54e39ca58af623c119bd0c0784b1495168198d457f6e581d2cdbcc3d78ee779da4fc548640c110fcfacc7e63f645ec6e9eade380837c371d7e2309cbde64fd3fc45df839ea0969ac99aeecec28c9780743a1998e8540c6652b10bc") ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r4, 0x54a2) ioctl$GIO_SCRNMAP(r5, 0x4b40, &(0x7f00000002c0)=""/89) r8 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r8, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000016000)=[{0x28, 0x0, 0x0, 0xfffffffffffff014}, {0x6}]}, 0x10) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000000)={0x1, 0x1, 0x3, 0x401, 0xffffffff}, 0xc) setsockopt$inet6_MRT6_ADD_MIF(r7, 0x29, 0xca, &(0x7f0000000540)={0x0, 0x0, 0x2dfd, 0x1, 0x8000000000008000}, 0xc) ioctl$TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f0000000440)=r5) write$FUSE_INIT(r6, &(0x7f0000000580)={0x50, 0x0, 0x1, {0x7, 0x1b, 0x5, 0x50, 0x0, 0x5, 0x9, 0x7}}, 0x50) 14:33:25 executing program 0: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f00000002c0)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x9a, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={r1, r0, r0}, &(0x7f0000000080)=""/107, 0x6b, &(0x7f0000000280)={&(0x7f00000001c0)={'crct10dif-generic\x00'}, &(0x7f0000000240)}) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x400a00, 0x0) write$P9_RWSTAT(r2, &(0x7f0000000180)={0x7, 0x7f, 0x2}, 0x7) [ 233.567593] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.574153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.581058] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.587648] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.596080] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 14:33:25 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, 0x6}, @IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@IFLA_VTI_LOCAL={0x8, 0x4, @multicast2}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x800) io_submit(0x0, 0x1, &(0x7f0000001500)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000380)="ecac1e8650bd3ed3721c094065c9d42af0ec839fc4a33f0d8cf6b48255a429b84665992dbedb0d327e02a78b8026b7b5a2a968171632cb11e5905773065f948bb5a4228d0fda6f09d5c3b73fe04da17824e39e955d7c3689effbc5148919adb5c9f4e7a360f707c93a85967fb83754096ad3d701b0088c18a2a54e0ab4d242c7f131c4bc78a1de9a792fd64a059f", 0x8e}]) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x82002, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) pwrite64(r1, &(0x7f00000000c0)="282a65a25e55afda9486babc6d6cbb53d8dd1f0290d7e729bf79d74866462ee869ef8c0c8842227990f1ba04752f96c5357c8a278194931c6210389e127a29b9665bea4c19d80a88a0555fe5b30180e0c99fc4666c770474d57d8f2bf2d285faca9bccad02d8942c23a4305e8d6acc40269609819ec849a18757caba8e1a0a274ab6db6bade36f03e6e4b52c3eee5dab2cca8af972c2a21de0e2bf79279496740a0dc6748c74f50c33cd0b66469aaa3d65623628b77fe42cdcc8d8ae4f50526744402edada03e56100dbbe7b043fe1ac44fc94906501", 0xd6, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") write$sndseq(r1, &(0x7f0000000340)=[{0x1, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x3}, @connect}], 0x6) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000000)={0x2, 0x5}) [ 234.246362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 14:33:26 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, 0x6}, @IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@IFLA_VTI_LOCAL={0x8, 0x4, @multicast2}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x800) io_submit(0x0, 0x1, &(0x7f0000001500)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000380)="ecac1e8650bd3ed3721c094065c9d42af0ec839fc4a33f0d8cf6b48255a429b84665992dbedb0d327e02a78b8026b7b5a2a968171632cb11e5905773065f948bb5a4228d0fda6f09d5c3b73fe04da17824e39e955d7c3689effbc5148919adb5c9f4e7a360f707c93a85967fb83754096ad3d701b0088c18a2a54e0ab4d242c7f131c4bc78a1de9a792fd64a059f", 0x8e}]) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x82002, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) pwrite64(r1, &(0x7f00000000c0)="282a65a25e55afda9486babc6d6cbb53d8dd1f0290d7e729bf79d74866462ee869ef8c0c8842227990f1ba04752f96c5357c8a278194931c6210389e127a29b9665bea4c19d80a88a0555fe5b30180e0c99fc4666c770474d57d8f2bf2d285faca9bccad02d8942c23a4305e8d6acc40269609819ec849a18757caba8e1a0a274ab6db6bade36f03e6e4b52c3eee5dab2cca8af972c2a21de0e2bf79279496740a0dc6748c74f50c33cd0b66469aaa3d65623628b77fe42cdcc8d8ae4f50526744402edada03e56100dbbe7b043fe1ac44fc94906501", 0xd6, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") write$sndseq(r1, &(0x7f0000000340)=[{0x1, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x3}, @connect}], 0x6) ioctl$KVM_SET_ONE_REG(r1, 0x4010aeac, &(0x7f0000000000)={0x2, 0x5}) [ 234.657229] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.663786] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.672465] device bridge_slave_0 entered promiscuous mode 14:33:27 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x8) sendmsg$unix(r0, &(0x7f0000001980)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000001500), 0x0, &(0x7f0000001880)=[@rights={0x10}, @cred={0x20}], 0x30}, 0x0) [ 235.108567] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.115220] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.123697] device bridge_slave_1 entered promiscuous mode 14:33:27 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x8) sendmsg$unix(r0, &(0x7f0000001980)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000001500), 0x0, &(0x7f0000001880)=[@rights={0x10}, @cred={0x20}], 0x30}, 0x0) [ 235.574830] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 14:33:28 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234418dc25d766070") r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x80000001, 0x100) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet(0xa, 0x801, 0x84) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000400), &(0x7f0000000440)=0x18) [ 235.954335] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 237.207486] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 237.577495] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 237.904663] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 237.912035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.207248] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 238.214601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.544568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.854621] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 238.862835] team0: Port device team_slave_0 added [ 239.213956] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 239.222158] team0: Port device team_slave_1 added [ 239.519188] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 239.526425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.535720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.600431] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 239.741518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 239.748660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.757469] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.067979] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 240.075784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.084773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.434087] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 240.441941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.450721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 14:33:32 executing program 1: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000240)={0x41, 0x6, 0x0, {0x0, 0x0, 0x18, 0x0, '/dev/infiniband/rdma_cm\x00'}}, 0x41) [ 240.762273] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.768631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.776529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.691299] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.083769] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.090251] bridge0: port 2(bridge_slave_1) entered forwarding state [ 243.097298] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.103831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.112375] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 243.119166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.984968] 8021q: adding VLAN 0 to HW filter on device bond0 14:33:38 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)) r2 = epoll_create1(0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000e4cfe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r3 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000)) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000140)={0x3, 0x0, 0x81}) dup3(r2, r3, 0x0) dup3(r2, r1, 0x0) [ 246.754706] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 247.470577] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 247.477147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.485136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 248.029226] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.681132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.229927] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 14:33:43 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x80000000000046, 0x0) ioctl$VHOST_GET_VRING_BASE(r0, 0xc008af12, &(0x7f0000000200)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f79805854fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") sendfile(r0, r1, &(0x7f0000000000), 0x2b428a52) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000240)={0x4, 0x105000}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) syz_genetlink_get_family_id$nbd(&(0x7f00000002c0)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYBLOB="000428bd7000fedbdf250100000008000100000000000c00060003000000000000000c00050001000000000000000c000800cc000000000000000c000800150c0000000000000c00060001000000000000000c000600000000d4000000000000000007000000000000008b9c99b04372a1ba13dd792e414da7a6070427e3b8841eca5afa0d603efe842d8787f735d6e1fe81dd620f1e5845898be553c63b2e6c3988dc34bc0de2e42722e593b4081085279d1bb07a8541311cc680faa24e0db699cac510a1c806517dd9ee76b6affc6e959b148a21603f3daf88de71ed9efc7535674c0702d0cd7b793a8dd9850476688e922d4cfae9bba4db452851c444746afc4ea48b3c7e49ffb6c974fd7ed1420e36a27a5ca8d8f452812f93fd8c7cb5e5b2a60aece28b30be7bf4266947a0fb0119ce335af2e46f999715c128f8c6"], 0x1}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) recvmmsg(0xffffffffffffffff, &(0x7f0000002780), 0x19d, 0x8000000000000000, &(0x7f0000002840)={0x0, 0x1c9c380}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}) ioctl$KVM_NMI(r4, 0xae9a) syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="040325bd7000fedbdf25100000001c0003000800030003000000080003000300000008000500ac14141208000600050000000800050005000000080004007c0d000008000600030000000800050000000000080004000300000008000500010400000800060007000000"], 0x1}, 0x1, 0x0, 0x0, 0x8000}, 0x48880) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) io_setup(0x0, &(0x7f0000000140)) [ 251.763769] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 251.795866] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 251.802328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 251.810262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 251.818951] ================================================================== [ 251.826357] BUG: KMSAN: uninit-value in vmx_handle_external_intr+0x244/0x280 [ 251.833573] CPU: 0 PID: 7507 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #65 [ 251.840772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.850138] Call Trace: [ 251.852755] dump_stack+0x306/0x460 [ 251.856413] ? _raw_spin_lock_irqsave+0x227/0x340 [ 251.861282] ? vmx_handle_external_intr+0x244/0x280 [ 251.866347] kmsan_report+0x1a2/0x2e0 [ 251.870185] __msan_warning+0x7c/0xe0 [ 251.874018] vmx_handle_external_intr+0x244/0x280 [ 251.878880] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 251.884281] ? free_kvm_area+0x250/0x250 [ 251.888372] kvm_arch_vcpu_ioctl_run+0x9d7a/0x10a20 [ 251.893505] ? update_cfs_rq_load_avg+0x5df/0xa00 [ 251.898454] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 251.903846] ? __list_add_valid+0xb8/0x450 [ 251.908126] ? kmsan_set_origin+0x83/0x140 [ 251.912397] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 251.917815] ? __msan_get_context_state+0x9/0x30 [ 251.922606] ? INIT_BOOL+0xc/0x30 [ 251.926094] ? mutex_lock_killable+0x2c5/0x420 [ 251.930728] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 251.934936] ? do_vfs_ioctl+0x18a/0x2810 [ 251.939028] ? __se_sys_ioctl+0x1da/0x270 [ 251.943273] ? kvm_vm_release+0x90/0x90 [ 251.947293] do_vfs_ioctl+0xcf3/0x2810 [ 251.951235] ? security_file_ioctl+0x92/0x200 [ 251.955805] __se_sys_ioctl+0x1da/0x270 [ 251.959824] __x64_sys_ioctl+0x4a/0x70 [ 251.963747] do_syscall_64+0xbe/0x100 [ 251.967581] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.972797] RIP: 0033:0x457579 [ 251.976015] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 251.994946] RSP: 002b:00007f79b7347c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 252.002697] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 252.009994] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 252.017284] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 252.024574] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f79b73486d4 [ 252.031864] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 252.039176] [ 252.040816] Uninit was stored to memory at: [ 252.045164] kmsan_internal_chain_origin+0x136/0x240 [ 252.050294] __msan_chain_origin+0x75/0xd0 [ 252.054565] vmx_set_constant_host_state+0xf1a/0x1830 [ 252.059783] vmx_create_vcpu+0x3e6f/0x7870 [ 252.064047] kvm_arch_vcpu_create+0x25d/0x2f0 [ 252.068578] kvm_vm_ioctl+0x13fd/0x33d0 [ 252.072585] do_vfs_ioctl+0xcf3/0x2810 [ 252.076515] __se_sys_ioctl+0x1da/0x270 [ 252.080524] __x64_sys_ioctl+0x4a/0x70 [ 252.084448] do_syscall_64+0xbe/0x100 [ 252.088280] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 252.093485] [ 252.095136] Local variable description: ----dt@vmx_set_constant_host_state [ 252.102157] Variable was created at: [ 252.105906] vmx_set_constant_host_state+0x2b0/0x1830 [ 252.111117] vmx_create_vcpu+0x3e6f/0x7870 [ 252.115358] ================================================================== [ 252.122735] Disabling lock debugging due to kernel taint [ 252.128200] Kernel panic - not syncing: panic_on_warn set ... [ 252.128200] [ 252.135611] CPU: 0 PID: 7507 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #65 [ 252.144208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 252.153584] Call Trace: [ 252.156203] dump_stack+0x306/0x460 [ 252.159880] panic+0x54c/0xafa [ 252.163152] kmsan_report+0x2d3/0x2e0 [ 252.166994] __msan_warning+0x7c/0xe0 [ 252.170833] vmx_handle_external_intr+0x244/0x280 [ 252.175706] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 252.181112] ? free_kvm_area+0x250/0x250 [ 252.185214] kvm_arch_vcpu_ioctl_run+0x9d7a/0x10a20 [ 252.190348] ? update_cfs_rq_load_avg+0x5df/0xa00 [ 252.195295] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 252.200698] ? __list_add_valid+0xb8/0x450 [ 252.204982] ? kmsan_set_origin+0x83/0x140 [ 252.209253] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 252.214665] ? __msan_get_context_state+0x9/0x30 [ 252.219461] ? INIT_BOOL+0xc/0x30 [ 252.222942] ? mutex_lock_killable+0x2c5/0x420 [ 252.227581] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 252.231773] ? do_vfs_ioctl+0x18a/0x2810 [ 252.235858] ? __se_sys_ioctl+0x1da/0x270 [ 252.240050] ? kvm_vm_release+0x90/0x90 [ 252.244053] do_vfs_ioctl+0xcf3/0x2810 [ 252.247982] ? security_file_ioctl+0x92/0x200 [ 252.252518] __se_sys_ioctl+0x1da/0x270 [ 252.256542] __x64_sys_ioctl+0x4a/0x70 [ 252.260462] do_syscall_64+0xbe/0x100 [ 252.264298] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 252.269504] RIP: 0033:0x457579 [ 252.272716] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 252.291647] RSP: 002b:00007f79b7347c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 252.299386] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 252.306688] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 252.313976] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 252.321270] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f79b73486d4 [ 252.328564] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 252.336771] Kernel Offset: disabled [ 252.340418] Rebooting in 86400 seconds..