[....] Starting OpenBSD Secure Shell server: sshd[ 50.446221] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 50.783008] audit: type=1800 audit(1538964171.841:29): pid=5849 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 50.802550] audit: type=1800 audit(1538964171.851:30): pid=5849 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 54.875066] random: sshd: uninitialized urandom read (32 bytes read) [ 55.259075] random: sshd: uninitialized urandom read (32 bytes read) [ 56.616874] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts. [ 62.567608] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 02:03:05 fuzzer started [ 66.857973] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 02:03:10 dialing manager at 10.128.0.26:36867 2018/10/08 02:03:10 syscalls: 1 2018/10/08 02:03:10 code coverage: enabled 2018/10/08 02:03:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 02:03:10 setuid sandbox: enabled 2018/10/08 02:03:10 namespace sandbox: enabled 2018/10/08 02:03:10 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 02:03:10 fault injection: enabled 2018/10/08 02:03:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 02:03:10 net packed injection: enabled 2018/10/08 02:03:10 net device setup: enabled [ 72.266336] random: crng init done 02:04:52 executing program 0: [ 172.513868] IPVS: ftp: loaded support on port[0] = 21 [ 174.314752] ip (6043) used greatest stack depth: 53056 bytes left [ 174.553344] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.559814] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.568255] device bridge_slave_0 entered promiscuous mode [ 174.689182] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.695982] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.704226] device bridge_slave_1 entered promiscuous mode [ 174.823776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.943631] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.312707] bond0: Enslaving bond_slave_0 as an active interface with an up link 02:04:56 executing program 1: [ 175.443701] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.141804] IPVS: ftp: loaded support on port[0] = 21 [ 176.215159] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.223154] team0: Port device team_slave_0 added [ 176.432882] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.440910] team0: Port device team_slave_1 added [ 176.633732] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.662303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.670996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.780633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.013867] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.021380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.030382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.158103] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.165930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.174890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.003356] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.009834] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.016838] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.023343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.032270] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.564204] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.570674] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.578987] device bridge_slave_0 entered promiscuous mode [ 179.691922] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.784481] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.790939] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.799283] device bridge_slave_1 entered promiscuous mode [ 180.050118] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.232060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.660417] bond0: Enslaving bond_slave_0 as an active interface with an up link 02:05:01 executing program 2: [ 180.865613] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.037711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.046254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.267015] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.274385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.701239] IPVS: ftp: loaded support on port[0] = 21 [ 182.079879] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.087822] team0: Port device team_slave_0 added [ 182.287385] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.295391] team0: Port device team_slave_1 added [ 182.520169] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.528366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.537026] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.745385] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.752540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.761084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.962176] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.969787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.978947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.264418] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.272242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.280988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.935630] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.942196] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.950469] device bridge_slave_0 entered promiscuous mode [ 185.982953] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.989434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.996386] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.002907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.011136] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.186227] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.192833] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.200984] device bridge_slave_1 entered promiscuous mode [ 186.482852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.749631] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.898513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.620963] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.820729] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.091021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.098547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.323012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.330068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 02:05:09 executing program 3: seccomp(0x1, 0x0, &(0x7f0000007ff0)={0x1, &(0x7f0000004fe8)=[{0x6, 0x0, 0x0, 0x50ffd}]}) seccomp(0x1, 0x1, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) shutdown(0xffffffffffffffff, 0x1) [ 188.966267] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.109128] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.117151] team0: Port device team_slave_0 added [ 189.455629] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.463834] team0: Port device team_slave_1 added [ 189.657118] IPVS: ftp: loaded support on port[0] = 21 [ 189.841545] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 189.848786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.857743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.125674] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.132976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.141526] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.202377] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.423938] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.431615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.440552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.802154] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.809677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.819315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.414763] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.421153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.429369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.665824] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.208333] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.214915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.221916] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.228352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.236791] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.442091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.994187] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.000771] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.009292] device bridge_slave_0 entered promiscuous mode [ 195.337348] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.344105] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.352294] device bridge_slave_1 entered promiscuous mode [ 195.679556] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 196.016387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 197.126949] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 197.456665] bond0: Enslaving bond_slave_1 as an active interface with an up link 02:05:18 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)="2f65786500eebf000ee9a90f798058439ed554fa07424adee901d2da75af3002000400fb9845f9e19859c9693206f2c60b0000000719e1d66e970123d893d974e5b9c3285677b213982332422bf4cdd2e22d8615597597e5500c92ab5b94da3a7de19f063bb765b02bd5b660fb7fa898c6f5c6369c3f363068d10af833f6475fbe8b7967255b177607ba100f6c4654718232dbda64aa1f69cf9ab5b3ea3ed63452b7ebd37e9daee64e322e08ad8f6029fe8fd0b34c7127480471aeca0a3fc9eceb28509ca8a83e4f8b85131808bc5cfb4cc24e1901769c084c08271ab4666b6dddf74ced693973ba1ded8b006423f86c3f579e42efabbb41f4b66f78a4eca4b919a06dc792500c9065a88465b04c191299ef82438e1ba74327e34e54abfd736f5335893a3e25af3eab6c24ccce51f8239e797883dfb100b15b58a64824caba2f514aadb5553f4a63a85b5795424a2f2e06ce26337a8e87bdad66c1081af8028ccf2eb474341e1a064f66944ac5861caf605336") preadv(r0, &(0x7f0000000800)=[{&(0x7f0000003200)=""/4096, 0x1000}], 0x1, 0x0) [ 197.743918] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 197.750992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.049835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.120406] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 198.127695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.005140] IPVS: ftp: loaded support on port[0] = 21 [ 199.347710] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.355867] team0: Port device team_slave_0 added [ 199.459188] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.723243] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 199.731000] team0: Port device team_slave_1 added [ 200.070747] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.078047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.086912] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 02:05:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000040), 0xc, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="cf96b3e43f000012ee2f680d95a617792d9ce3debb648560b110c938a0e767a320b4e2ff9f1e123c0edbc2fc429a6bdeca284e217168a1e58bd62dabf1f386e1c159c78e3e41f54edded80bc06467f706d5a4d2b0eaba6d4048581675d8ccc5be3c6268ba8cbb2f2e90f172d142a1515ada66183a71426d485e1613298df0aab02e5e68b7f6400af8769910c46b4b47c6fb334e734e10dc27a6bda52764b73bcf192c18e3b3b1b059fe519597397808964ee1c6f68a09cc661607a5b1ec7a40596c6f292d6e710768abef5198e12843a0cc29600c4921fbdad7c38d1ce795256cf15f76fbe4db3e3"], 0x1}}, 0x0) recvmmsg(r0, &(0x7f0000004880)=[{{&(0x7f00000002c0)=@generic, 0x80, &(0x7f0000000440), 0x0, &(0x7f0000000600)=""/202, 0xca}}], 0x1, 0xffffffffffffffff, &(0x7f0000004a80)={0x77359400}) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/snapshot\x00', 0x8000, 0x0) ioctl$VT_OPENQRY(r2, 0x5600, &(0x7f0000000700)) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000180)=""/78, &(0x7f0000000040)=0x4e) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000580)={0x0, @loopback, @broadcast}, &(0x7f0000000280)=0xc) getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)=@known='trusted.overlay.nlink\x00', &(0x7f00000002c0)=""/152, 0x98) r5 = fcntl$dupfd(r1, 0x0, r1) ioctl$sock_inet_tcp_SIOCATMARK(r5, 0x8905, &(0x7f0000000500)) r6 = syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x3, 0x20900) syz_genetlink_get_family_id$team(&(0x7f0000000400)='team\x00') sendmsg$TEAM_CMD_OPTIONS_GET(r6, &(0x7f0000000fc0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x21010000}, 0xc, &(0x7f0000000f80)={&(0x7f0000000540)=ANY=[@ANYBLOB="400002003c00fbff23000100650000000000000000000000002000000008000300060000000400d508000600000000000000000000000000000000", @ANYRES32=r4], 0x2}, 0x1, 0x0, 0x0, 0x4040001}, 0x80) ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000380)={{0x2, 0x4e22, @remote}, {0x306, @dev={[], 0xb}}, 0x4, {0x2, 0x4e24, @multicast1}, 'syz_tun\x00'}) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x80, &(0x7f0000000540), 0x0, &(0x7f0000001300)=ANY=[]}, 0x0) ioctl$KDSKBSENT(r6, 0x4b49, &(0x7f0000001000)="eeb9fedb3fb26fb8913febc751aa47ef4c77b0e003272c6d46bd361eb73be205c0b7219a70c6b55e8fe4b0db0c890b2c23cb56116fb6392c8633aa82e2a53f902f145413c81c76acc919c17877f4d18f2eb7aba0c3d05575f4c8") io_setup(0x0, &(0x7f00000004c0)) creat(&(0x7f0000000100)='./file0\x00', 0x0) r7 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r7, 0xc1004110, &(0x7f0000000080)="5aad1aad9f203b1cba7ee1ebcf") r8 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0xfffffffffffffff8, 0x2) mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1) ioctl$PIO_UNIMAPCLR(r8, 0x4b68, &(0x7f0000000440)={0x4007fffffff, 0x10001, 0x3}) r9 = syz_open_dev$midi(&(0x7f0000000400)='/dev/midi#\x00', 0x67, 0x8000) ioctl$LOOP_SET_FD(r8, 0x4c00, r9) ioctl$sock_SIOCOUTQ(r7, 0x5411, &(0x7f0000000480)) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r8, 0x84, 0x70, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e24}}, [0xffffffff, 0x1, 0x0, 0x7, 0x0, 0x8000, 0xffff, 0x3ff, 0x8, 0x0, 0x80000000, 0xffffffffffffffff, 0x4, 0xff, 0x3]}, &(0x7f0000000240)=0x100) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r8, 0x84, 0x6, &(0x7f0000000340)={r10, @in={{0x2, 0x4e23, @local}}}, &(0x7f0000000280)=0x84) [ 200.497660] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.504888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.513564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.669479] hrtimer: interrupt took 53241 ns [ 201.051456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.059383] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.068274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.098235] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.113598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.121280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 02:05:22 executing program 0: r0 = memfd_create(&(0x7f0000000880)='#em1#+\x00', 0x0) ftruncate(r0, 0x8000) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x100000038, 0x2, @thr={&(0x7f0000000140)="070d61d55cf366ad2155ffbd5f2cc236e43d188f36038e71d7df3ae6843f742c332255c902f07bdab12bdb8d82491910184968aacca8fe8f864395e719a127b00c5cd3ac97d6bff3adc76a8cf81041f8d2d753a7a47a1abd5887760d877e960f3e8d64446f0dc7b3061a55eb60", &(0x7f00000001c0)="b9b0b1b21174849b9c005ba691df9bed108b3c7c836701c9cac40755a1cf7534e1a956b7d7497729f6ac2f0266ea44adb9c7003a176811fae5e1c9372bb53e9b8c05d46f13e8cb3ec30fd2c09e10ea3d335240aa64827caed51e805c4c568b10fdbb11037e451b1c9fb5cdb39998016661bef1d3efb94e86e42c26c03f00f38feab1676158905e2dfc70c928b6a712991cdca3cf5dee667e586f48be433ee1da15f522f9d34e1f5aeecb23bb2e32e1e5088ea443c982b4b272636c653371b6640487eb029376916e402d53bc2946d94132e4575ea528579fbd9d4e92296f9ffdf4c80e30c90932862c7e04f6067a715f7ac5"}}, &(0x7f00000000c0)=0x0) timer_gettime(r1, &(0x7f0000000100)) write(r0, &(0x7f0000000040)="06", 0x1) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000000), 0x2) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000080)=0x5, 0x8) keyctl$join(0x1, &(0x7f0000000600)={'syz'}) [ 201.511378] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.519082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.527804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 02:05:23 executing program 0: r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x10}, 0x10) fsetxattr$security_evm(r0, &(0x7f0000000400)='security.evm\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="030209000000a9e00096a8fe1c6df29b2e4f71b9438aa51f00e76a9704aeb9e440d61eb14209e37d1d977ba80254feee1e12cdbc00114d77fec5c96cce332ce6e96c05213581d37556f392071a360fbf52d4be9b07a87f652683c8ae7e24df41c0ddb486aef26b73f1b5d99b73b0eac95328ddfe6a905e90dcca0a18fed0344da229abdc4f5eb98c5f04af34fe26b28b2292200a5f76473d874c78a546355237a11d4cc24d7e40aca0b8fe923fd476f80b6d3d614b179ca383dfd6fbe0bb383f981e4ee626784bcf3cb5c7f3fec0149f7482cc3605f46d065382b3577a78e4c18d0d28ce40a4c43deab0a87f812714ff5b9c2eb188d3422132e260663ced566c1f24ee59ca1d88eda9ddabf2718e3092027f480b45e29c1bef8b8d7722219dccc519f4878cbabedabe9f6f7832d3d199a6017a4a4777f8fc5a42c3ab5a3d39e1b8b37aecac04f90b65d4"], 0xa0, 0x1) r1 = socket$packet(0x11, 0x3, 0x300) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)) sendto(r1, &(0x7f0000000480)="c9", 0x1, 0x4000, &(0x7f00000004c0)=@ipx={0x4, 0x9, 0x13e02ed0, "9c088df22766", 0x54}, 0x80) r2 = epoll_create(0x6) r3 = epoll_create(0x4) epoll_create(0x8) r4 = epoll_create(0x100000001) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000001c0)={0x2}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f000000dff4)) r5 = epoll_create(0x3) r6 = epoll_create(0x3) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f00000000c0)="8651c4cb817fda116beae8d048f9fe625f395a23353afc836ca9f00144e1f006b5bab7325046c10b211b8146725bc4487c771eca45cd5b129cddc54214448915516edfcef83834a1f5329d574027bf1a5a3e88479e97cdcf1c10dffa6cd066658a5e12b10fc4bc878a1488db346ab20f104b4ae62274cf4739fb59245a70a434af7df891bcbaa39ee3d7543cf00832faca9fe9275663ce99e9037adb19aab34daa354702d20320b6622e1446cda879e8bb0c5d6594b5b53a1efdfe264b5859e62e9d42b15de23e73184ce546bfc51a8d06439e76d865bf2393dca60b559d6b242fb654dc2b3c6422c8b1559c92552f8d56711ab13247374beff967320f3a466e") epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r2, &(0x7f0000000300)={0x8000000000}) r7 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x0, 0x42080) ioctl$DRM_IOCTL_AGP_ALLOC(r6, 0xc0206434, &(0x7f0000000200)={0x9, 0x0, 0x10000, 0x3}) ioctl$DRM_IOCTL_SG_FREE(r7, 0x40106439, &(0x7f0000000240)={0x2, r8}) getsockopt$bt_BT_CHANNEL_POLICY(r7, 0x112, 0xa, &(0x7f0000000280)=0x20, &(0x7f00000002c0)=0x4) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000d5dff4)) ioctl$PIO_FONTX(r7, 0x4b6c, &(0x7f0000000540)="c2fda623f1ad4bd17ed3") epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r7, &(0x7f0000000340)={0x2000}) ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f0000000440)=0x2) [ 202.585795] 8021q: adding VLAN 0 to HW filter on device team0 02:05:24 executing program 0: r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000003c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x10}, 0x10) fsetxattr$security_evm(r0, &(0x7f0000000400)='security.evm\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="030209000000a9e00096a8fe1c6df29b2e4f71b9438aa51f00e76a9704aeb9e440d61eb14209e37d1d977ba80254feee1e12cdbc00114d77fec5c96cce332ce6e96c05213581d37556f392071a360fbf52d4be9b07a87f652683c8ae7e24df41c0ddb486aef26b73f1b5d99b73b0eac95328ddfe6a905e90dcca0a18fed0344da229abdc4f5eb98c5f04af34fe26b28b2292200a5f76473d874c78a546355237a11d4cc24d7e40aca0b8fe923fd476f80b6d3d614b179ca383dfd6fbe0bb383f981e4ee626784bcf3cb5c7f3fec0149f7482cc3605f46d065382b3577a78e4c18d0d28ce40a4c43deab0a87f812714ff5b9c2eb188d3422132e260663ced566c1f24ee59ca1d88eda9ddabf2718e3092027f480b45e29c1bef8b8d7722219dccc519f4878cbabedabe9f6f7832d3d199a6017a4a4777f8fc5a42c3ab5a3d39e1b8b37aecac04f90b65d4"], 0xa0, 0x1) r1 = socket$packet(0x11, 0x3, 0x300) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)) sendto(r1, &(0x7f0000000480)="c9", 0x1, 0x4000, &(0x7f00000004c0)=@ipx={0x4, 0x9, 0x13e02ed0, "9c088df22766", 0x54}, 0x80) r2 = epoll_create(0x6) r3 = epoll_create(0x4) epoll_create(0x8) r4 = epoll_create(0x100000001) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000001c0)={0x2}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f000000dff4)) r5 = epoll_create(0x3) r6 = epoll_create(0x3) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f00000000c0)="8651c4cb817fda116beae8d048f9fe625f395a23353afc836ca9f00144e1f006b5bab7325046c10b211b8146725bc4487c771eca45cd5b129cddc54214448915516edfcef83834a1f5329d574027bf1a5a3e88479e97cdcf1c10dffa6cd066658a5e12b10fc4bc878a1488db346ab20f104b4ae62274cf4739fb59245a70a434af7df891bcbaa39ee3d7543cf00832faca9fe9275663ce99e9037adb19aab34daa354702d20320b6622e1446cda879e8bb0c5d6594b5b53a1efdfe264b5859e62e9d42b15de23e73184ce546bfc51a8d06439e76d865bf2393dca60b559d6b242fb654dc2b3c6422c8b1559c92552f8d56711ab13247374beff967320f3a466e") epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r2, &(0x7f0000000300)={0x8000000000}) r7 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x0, 0x42080) ioctl$DRM_IOCTL_AGP_ALLOC(r6, 0xc0206434, &(0x7f0000000200)={0x9, 0x0, 0x10000, 0x3}) ioctl$DRM_IOCTL_SG_FREE(r7, 0x40106439, &(0x7f0000000240)={0x2, r8}) getsockopt$bt_BT_CHANNEL_POLICY(r7, 0x112, 0xa, &(0x7f0000000280)=0x20, &(0x7f00000002c0)=0x4) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000d5dff4)) ioctl$PIO_FONTX(r7, 0x4b6c, &(0x7f0000000540)="c2fda623f1ad4bd17ed3") epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r7, &(0x7f0000000340)={0x2000}) ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f0000000440)=0x2) 02:05:24 executing program 0: syz_extract_tcp_res$synack(&(0x7f00000000c0), 0x1, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x16}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pkey_free(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/qat_adf_ctl\x00', 0x200, 0x0) r4 = dup3(r0, r2, 0x80000) ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000440)={0x0, r4}) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x141003, 0x0) ioctl$TUNSETVNETLE(r5, 0x400454dc, &(0x7f00000006c0)) r6 = socket$inet_tcp(0x2, 0x1, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x2, 0x0) gettid() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000700)={{{@in=@remote, @in6}}, {{@in6=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000000800)=0xe8) bind$inet(0xffffffffffffffff, &(0x7f0000b9bff0)={0x2, 0x2004e21}, 0x10) r7 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r7, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000cc0)=ANY=[@ANYBLOB="0000000e1effcb82d77c3f005d878df3f84a0c910312008c43680ffb92774b1e288e4592ae046066ac3958f6ec34d8609c908034be05d2b3b0acd76e9fdf210339e7cd0da5c0e24ea74351d2c5d2ad9ec9826cf437d2ff661fe553a521b3558c03b535286edb04e2c3885dfdbfda559556eb2c2825edf51baf2afbcc288900488eb208f8f8613c57f4f43f31f324bf932176647acf0eed9001e2b84283141b93d75b70b4ce773b79f77a86920b22ab3e19b80247b5a1ad15db46c13536d0031d94c9010cd1569792592b3a2ef96d8d303fe74caeb3be3e0fc69cbc0d88ff9e1feadcacbf58c768d862e903bd84d8775c3d3df2c445dd6f546f66e5b051d5750010000055bfb33d1fc4014564340ed5d1d77c9320ea873dab81e3b4719f2983c348323ad25c817d57fd7060f987bc0c6ff54c513ffa1338f726dedd3d21ecbd98128727a4e3dbdc416d1bd58b50ec7cbcc20adf83eaf114b9d4171551a8a9fec5fe2627eee95a8071bc89ab21337f5ba849ea0be7a8953a1b2817d9ce6d7643c3295669563b881bd1d33bda59c879444a615e5670e29a827a408103bdb7ca3bf454467315179adce2a15251ea66c6066f9ca72fd8e8c433a045bc068f5f4d8453799507d0760598df107904cdb1d95505857767db2641ab2b9451a7bf2412077276d324aee45a62c5117b222ea0ca70874d4bff58c7ac235b9aacefe46f24e1dbaeec46a7052e5260e94ae856819193f5d1567eaf50202743474526bb4fe71dab811d221b32c8368b5a7570e8def9fbbda76fbd961d"]}) getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x100000000000000, &(0x7f00000004c0)={@remote, 0x0}, &(0x7f0000000200)=0x14) r9 = dup2(r0, r1) setsockopt$inet_pktinfo(r7, 0x0, 0x8, &(0x7f0000000400)={r8, @loopback, @rand_addr=0x1cb}, 0xc) r10 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') connect$inet6(r9, &(0x7f0000000640)={0xa, 0x4e24, 0x595e, @local, 0x2d3}, 0x1c) fcntl$notify(r7, 0x402, 0x4) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000000c0), &(0x7f00000001c0)=0x4) exit(0x1) openat$nullb(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nullb0\x00', 0x200000, 0x0) close(r10) r11 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000009c0)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r11, 0x84, 0xf, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e20, 0x1ff, @local, 0x1}}, 0x9, 0x7, 0x100000000000008, 0x5, 0x4}, &(0x7f0000000340)=0x98) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r11, 0x84, 0x7b, &(0x7f0000000140)={r12, 0x4693af02}, 0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x9, 0x20}, &(0x7f00000000c0)=0xc) sendto$inet(r6, &(0x7f0000fa0fff), 0x0, 0x20020006, &(0x7f0000385ff0)={0x2, 0x4e21, @loopback}, 0x10) [ 203.694272] QAT: Invalid ioctl [ 204.392615] QAT: Invalid ioctl 02:05:25 executing program 0: mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000280)={0x0, 0x0}) recvmsg(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)=@l2, 0x80, &(0x7f0000000180)=[{&(0x7f0000000340)=""/233, 0xfffffde4}], 0x1004, &(0x7f0000002200)=""/4096, 0x1000}, 0x0) sendmsg(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100), 0x49, &(0x7f0000000200)}, 0x0) write$FUSE_POLL(r0, &(0x7f0000000080)={0x18, 0x0, 0x8, {0x5}}, 0x18) 02:05:26 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000400), 0x8) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f00000000c0)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000140)={0x1, 0xffffffff836551ec, 0x6, 0xa0}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000040)=0xffffffff, &(0x7f0000000080)=0x4) [ 205.575935] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.582568] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.590667] device bridge_slave_0 entered promiscuous mode [ 205.608342] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.614859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.621812] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.628266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.636498] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 02:05:26 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='loginuid\x00') sendfile(r0, r0, &(0x7f0000000000), 0x7) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0xc0000, 0x0) [ 205.932109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.052847] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.059366] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.067708] device bridge_slave_1 entered promiscuous mode [ 206.492532] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 206.858343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 207.745462] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.034968] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.369615] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 208.376797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.658172] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 208.665354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.704379] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.407737] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.471353] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.479469] team0: Port device team_slave_0 added [ 209.751168] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.759740] team0: Port device team_slave_1 added [ 209.945739] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 209.958510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.967405] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.192772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 02:05:31 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x77, 0x0, [0x4b564d03, 0x1, 0x47f]}) [ 210.483625] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 210.486819] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 210.504804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.512730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.534358] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.542529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.551476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.604924] ================================================================== [ 210.612335] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590 [ 210.618824] CPU: 1 PID: 6968 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #63 [ 210.625998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.635367] Call Trace: [ 210.637940] [ 210.640093] dump_stack+0x306/0x460 [ 210.643718] ? loaded_vmcs_init+0x343/0x590 [ 210.648045] kmsan_report+0x1a3/0x2d0 [ 210.651847] __msan_warning+0x7c/0xe0 [ 210.655644] loaded_vmcs_init+0x343/0x590 [ 210.659793] __loaded_vmcs_clear+0x2fb/0x3c0 [ 210.664200] flush_smp_call_function_queue+0x404/0x770 [ 210.669492] ? vmx_get_msr_feature+0x180/0x180 [ 210.674094] generic_smp_call_function_single_interrupt+0x1f/0x30 [ 210.680319] smp_call_function_single_interrupt+0x2f7/0x530 [ 210.686026] call_function_single_interrupt+0xf/0x20 [ 210.691117] [ 210.693349] RIP: 0010:kmsan_set_origin_inline+0x8/0x120 [ 210.698705] Code: 0f 0b eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 41 54 53 41 89 f7 49 89 fe 44 89 f0 83 e0 03 41 01 c7 45 85 [ 210.717602] RSP: 0018:ffff88014a6ef0f0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff04 [ 210.725304] RAX: 00000000800000bc RBX: 00000000800000bc RCX: ffff88014a6ef150 [ 210.732565] RDX: 00000000800000bc RSI: 0000000000000001 RDI: ffff88014a6ef20f [ 210.739825] RBP: ffff88014a6ef100 R08: 0000000000480020 R09: 0000000000000002 [ 210.747087] R10: 000000ffffffffff R11: 0000000000000000 R12: 0000000000000246 [ 210.754348] R13: ffff88014a6ef210 R14: ffff880170973c00 R15: 0000000000000001 [ 210.762200] __msan_poison_alloca+0x17a/0x210 [ 210.766698] ? page_remove_rmap+0x70/0x1760 [ 210.771017] ? unmap_page_range+0x203d/0x3db0 [ 210.775512] page_remove_rmap+0x70/0x1760 [ 210.779665] unmap_page_range+0x203d/0x3db0 [ 210.784458] unmap_single_vma+0x445/0x5e0 [ 210.788609] unmap_vmas+0x251/0x380 [ 210.792241] exit_mmap+0x50e/0xa00 [ 210.795791] __mmput+0x16d/0x700 [ 210.799148] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 210.804526] mmput+0x178/0x1f0 [ 210.807717] flush_old_exec+0x174d/0x2930 [ 210.811865] ? kernel_read+0x13b/0x1a0 [ 210.815753] load_elf_binary+0x151b/0x9230 [ 210.819998] ? kmsan_set_origin+0x83/0x140 [ 210.824238] ? kmsan_set_origin_inline+0x6b/0x120 [ 210.829076] ? __msan_poison_alloca+0x17a/0x210 [ 210.833760] ? load_elf_binary+0x4ea1/0x9230 [ 210.838169] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 210.843529] ? load_script+0xd30/0xd30 [ 210.847410] search_binary_handler+0x49e/0x1030 [ 210.852088] __do_execve_file+0x22c5/0x3340 [ 210.856435] __se_sys_execve+0xec/0x110 [ 210.860407] __x64_sys_execve+0x4a/0x70 [ 210.864385] do_syscall_64+0xbe/0x100 [ 210.868282] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 210.873466] RIP: 0033:0x455e27 [ 210.876660] Code: Bad RIP value. [ 210.880016] RSP: 002b:0000000000a3fac8 EFLAGS: 00000207 ORIG_RAX: 000000000000003b [ 210.887719] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455e27 [ 210.894984] RDX: 00007fff2e0f3958 RSI: 0000000000a3fb00 RDI: 00000000004dac7b [ 210.902250] RBP: 0000000000a3fc80 R08: 0000000000000000 R09: 0000000000000028 [ 210.909511] R10: 0000000000000008 R11: 0000000000000207 R12: 0000000000a3fee8 [ 210.916772] R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000 [ 210.924039] [ 210.925656] Local variable description: ----error.i@loaded_vmcs_init [ 210.932137] Variable was created at: [ 210.935847] loaded_vmcs_init+0x8a/0x590 [ 210.939902] __loaded_vmcs_clear+0x2fb/0x3c0 [ 210.944296] ================================================================== [ 210.951642] Disabling lock debugging due to kernel taint [ 210.957107] Kernel panic - not syncing: panic_on_warn set ... [ 210.957107] [ 210.964465] CPU: 1 PID: 6968 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #63 [ 210.973028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.982384] Call Trace: [ 210.984956] [ 210.987100] dump_stack+0x306/0x460 [ 210.990730] panic+0x54c/0xafa [ 210.993937] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 210.999386] kmsan_report+0x2cd/0x2d0 [ 211.003182] __msan_warning+0x7c/0xe0 [ 211.006980] loaded_vmcs_init+0x343/0x590 [ 211.011128] __loaded_vmcs_clear+0x2fb/0x3c0 [ 211.015535] flush_smp_call_function_queue+0x404/0x770 [ 211.020805] ? vmx_get_msr_feature+0x180/0x180 [ 211.025388] generic_smp_call_function_single_interrupt+0x1f/0x30 [ 211.031618] smp_call_function_single_interrupt+0x2f7/0x530 [ 211.037328] call_function_single_interrupt+0xf/0x20 [ 211.042419] [ 211.044759] RIP: 0010:kmsan_set_origin_inline+0x8/0x120 [ 211.050113] Code: 0f 0b eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 41 54 53 41 89 f7 49 89 fe 44 89 f0 83 e0 03 41 01 c7 45 85 [ 211.069008] RSP: 0018:ffff88014a6ef0f0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff04 [ 211.076726] RAX: 00000000800000bc RBX: 00000000800000bc RCX: ffff88014a6ef150 [ 211.084000] RDX: 00000000800000bc RSI: 0000000000000001 RDI: ffff88014a6ef20f [ 211.091267] RBP: ffff88014a6ef100 R08: 0000000000480020 R09: 0000000000000002 [ 211.098530] R10: 000000ffffffffff R11: 0000000000000000 R12: 0000000000000246 [ 211.105794] R13: ffff88014a6ef210 R14: ffff880170973c00 R15: 0000000000000001 [ 211.113077] __msan_poison_alloca+0x17a/0x210 [ 211.117571] ? page_remove_rmap+0x70/0x1760 [ 211.121897] ? unmap_page_range+0x203d/0x3db0 [ 211.126389] page_remove_rmap+0x70/0x1760 [ 211.130537] unmap_page_range+0x203d/0x3db0 [ 211.134909] unmap_single_vma+0x445/0x5e0 [ 211.139064] unmap_vmas+0x251/0x380 [ 211.142691] exit_mmap+0x50e/0xa00 [ 211.146243] __mmput+0x16d/0x700 [ 211.149600] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 211.154963] mmput+0x178/0x1f0 [ 211.158153] flush_old_exec+0x174d/0x2930 [ 211.162313] ? kernel_read+0x13b/0x1a0 [ 211.166235] load_elf_binary+0x151b/0x9230 [ 211.170478] ? kmsan_set_origin+0x83/0x140 [ 211.174724] ? kmsan_set_origin_inline+0x6b/0x120 [ 211.179561] ? __msan_poison_alloca+0x17a/0x210 [ 211.184230] ? load_elf_binary+0x4ea1/0x9230 [ 211.188635] ? kmsan_internal_unpoison_shadow+0x83/0xe0 [ 211.193998] ? load_script+0xd30/0xd30 [ 211.197893] search_binary_handler+0x49e/0x1030 [ 211.202576] __do_execve_file+0x22c5/0x3340 [ 211.206910] __se_sys_execve+0xec/0x110 [ 211.210877] __x64_sys_execve+0x4a/0x70 [ 211.214843] do_syscall_64+0xbe/0x100 [ 211.218637] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 211.223815] RIP: 0033:0x455e27 [ 211.226997] Code: Bad RIP value. [ 211.230345] RSP: 002b:0000000000a3fac8 EFLAGS: 00000207 ORIG_RAX: 000000000000003b [ 211.238046] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000455e27 [ 211.245459] RDX: 00007fff2e0f3958 RSI: 0000000000a3fb00 RDI: 00000000004dac7b [ 211.252719] RBP: 0000000000a3fc80 R08: 0000000000000000 R09: 0000000000000028 [ 211.259979] R10: 0000000000000008 R11: 0000000000000207 R12: 0000000000a3fee8 [ 211.267243] R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000 [ 211.275667] Kernel Offset: disabled [ 211.279299] Rebooting in 86400 seconds..