[ 56.935924] audit: type=1800 audit(1538586758.983:27): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.459608] random: sshd: uninitialized urandom read (32 bytes read) [ 58.657121] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 59.479249] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.719314] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. [ 67.480565] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/03 17:12:51 fuzzer started [ 72.264114] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/03 17:12:56 dialing manager at 10.128.0.26:36867 2018/10/03 17:12:56 syscalls: 1 2018/10/03 17:12:56 code coverage: enabled 2018/10/03 17:12:56 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/03 17:12:56 setuid sandbox: enabled 2018/10/03 17:12:56 namespace sandbox: enabled 2018/10/03 17:12:56 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/03 17:12:56 fault injection: enabled 2018/10/03 17:12:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/03 17:12:56 net packed injection: enabled 2018/10/03 17:12:56 net device setup: enabled [ 77.237672] random: crng init done 17:14:49 executing program 0: creat(&(0x7f0000000700)='./bus\x00', 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000100)) [ 188.012619] IPVS: ftp: loaded support on port[0] = 21 [ 190.311834] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.318318] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.327017] device bridge_slave_0 entered promiscuous mode [ 190.488104] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.494727] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.503372] device bridge_slave_1 entered promiscuous mode [ 190.640596] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.776944] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 191.204453] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.346259] bond0: Enslaving bond_slave_1 as an active interface with an up link 17:14:53 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x28, 0xb01, 0x0, 0x0, {0x12}}, 0x14}}, 0x0) add_key(&(0x7f0000000280)='pkcs7_test\x00', &(0x7f00000002c0)={'syz'}, &(0x7f0000000440), 0x0, 0xfffffffffffffffd) [ 191.720513] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 191.727667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.294958] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 192.303150] team0: Port device team_slave_0 added [ 192.430098] IPVS: ftp: loaded support on port[0] = 21 [ 192.535951] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 192.544007] team0: Port device team_slave_1 added [ 192.686566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.918947] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.926280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.935463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.248062] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 193.255919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.265285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.449968] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 193.457732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.466962] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.113127] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.119629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.126736] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.133249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.142152] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 196.213776] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.220287] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.229008] device bridge_slave_0 entered promiscuous mode [ 196.500093] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.506849] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.515688] device bridge_slave_1 entered promiscuous mode [ 196.654813] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 196.900052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 17:14:59 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x0, 0x2}, 0x10}}, 0x0) sendmsg$key(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x2, 0x101, 0x0, 0x0, 0x2}, 0x10}}, 0x0) [ 197.052088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 197.677877] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 197.987178] IPVS: ftp: loaded support on port[0] = 21 [ 198.053009] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.348463] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 198.355811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.726818] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 198.734167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.604112] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.612375] team0: Port device team_slave_0 added [ 199.850698] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 199.858949] team0: Port device team_slave_1 added [ 200.176878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.184065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.193127] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.451032] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.458377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.467337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.654981] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 200.662807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.672082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.997321] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.005054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.014499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.921229] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.927910] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.936552] device bridge_slave_0 entered promiscuous mode [ 203.218049] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.224764] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.233381] device bridge_slave_1 entered promiscuous mode [ 203.604712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.865984] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.208431] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.215028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.222095] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.228560] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.237495] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 204.292240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.724930] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 205.085214] bond0: Enslaving bond_slave_1 as an active interface with an up link 17:15:07 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f00000000c0), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="0fc75af38f49189b26440f00d6c441cb5cc00fc71bc442f932d10f225c0f01cb66baf80cb8a4d35b8bef66bafc0c66edb805000000b9020000000f01c1", 0x3d}], 0x1, 0x40, &(0x7f0000000180), 0x0) r3 = socket$inet6(0xa, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) recvmsg$kcm(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000500)=@ax25, 0x80, &(0x7f0000000680)=[{&(0x7f0000000400)=""/4, 0x4}], 0x1, &(0x7f00000006c0)=""/246, 0xf6}, 0x0) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000840)={0x9, 0x8, 0x8203, 0x1, 0x0, 0xff, 0x0, 0x95, 0x0}, &(0x7f0000000880)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000008c0)={r4, 0x3, 0x80000001}, 0x8) [ 205.341555] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 205.353102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.673696] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.680739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 206.627617] IPVS: ftp: loaded support on port[0] = 21 [ 206.639865] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 206.648001] team0: Port device team_slave_0 added [ 206.985828] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 206.994242] team0: Port device team_slave_1 added [ 207.349045] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 207.360370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.369637] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.636504] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 207.643763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.652835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.038668] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.046443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.055628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.383231] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 208.390769] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.399900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.723895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.062188] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 211.247392] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 211.253985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.262177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.440881] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.447440] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.454450] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.460903] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.469803] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 212.527200] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.533773] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.542414] device bridge_slave_0 entered promiscuous mode [ 212.616705] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.802079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.954340] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.960868] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.969622] device bridge_slave_1 entered promiscuous mode [ 213.329134] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.685577] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 214.859832] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 215.238479] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 215.621272] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 215.628720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 216.006242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 216.013539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 17:15:18 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind(r0, &(0x7f0000000080)=@in={0x2, 0x4e20}, 0x7c) sendto$inet(r0, &(0x7f0000000200)='X', 0x1, 0x0, &(0x7f0000000280)={0x2, 0x8004e20}, 0x10) recvmmsg(r0, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f00000001c0)=0x8000, 0x4) setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0x6, 0x4) [ 217.222465] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 217.230478] team0: Port device team_slave_0 added [ 217.600852] IPVS: ftp: loaded support on port[0] = 21 [ 217.749668] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 217.758018] team0: Port device team_slave_1 added [ 218.280851] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.288375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.297452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.577275] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 218.584522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.593477] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.957961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.016527] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.024232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.033260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.499299] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.507276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.516439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.652223] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 222.315615] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 222.322172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.330013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 17:15:24 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r1 = accept(r0, 0x0, &(0x7f0000000000)) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="153f62354801005d766070") recvfrom$packet(r1, &(0x7f00000001c0)=""/122, 0x7a, 0x0, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x705000) 17:15:24 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000005e80)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x8, 0x101a03) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000040)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r2 = accept$alg(r0, 0x0, 0x0) recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0xb003}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0) 17:15:25 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000005e80)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x8, 0x101a03) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000040)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r2 = accept$alg(r0, 0x0, 0x0) recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000013c0)=""/4096, 0xb003}], 0x1, &(0x7f0000000100)=""/123, 0x7b}, 0x0) 17:15:26 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) setxattr$system_posix_acl(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000480)='system.posix_acl_access\x00', &(0x7f00000004c0), 0x24, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x4, 0x400) getsockname$packet(0xffffffffffffff9c, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000640)=0x14) setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000680)={r2, @empty, @broadcast}, 0xc) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50}, 0x50) [ 223.876977] 8021q: adding VLAN 0 to HW filter on device team0 17:15:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast2, @loopback}, 0xc) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x91) [ 224.649543] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.656124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.663177] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.669644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.678291] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 17:15:27 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000440)='/dev/snd/controlC#\x00', 0x4000007, 0x0) perf_event_open(&(0x7f0000001000)={0x10, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000005000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xffffffffffffffff) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0xc4c85512, &(0x7f0000001000)) [ 225.059459] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.066048] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.074742] device bridge_slave_0 entered promiscuous mode 17:15:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000140)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r2 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x7, 0x200) ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x7da) r3 = dup2(r0, r1) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) write$FUSE_DIRENT(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="a00000000000000007000000000000000500000000000000892800000000000009000000010000007d7365637572697479000000000000000400000000000000020b00000000000003000000e1000000656d3000000000000100000000000000b10100000000000009000000080000002c7070703073656c66000000000000000400000000000000070000000000000006000000ff7fff7f5c656d30232d0000"], 0xa0) [ 225.452121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.640476] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.647235] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.655820] device bridge_slave_1 entered promiscuous mode 17:15:28 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000140)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r2 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x7, 0x200) ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x7da) r3 = dup2(r0, r1) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) write$FUSE_DIRENT(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="a00000000000000007000000000000000500000000000000892800000000000009000000010000007d7365637572697479000000000000000400000000000000020b00000000000003000000e1000000656d3000000000000100000000000000b10100000000000009000000080000002c7070703073656c66000000000000000400000000000000070000000000000006000000ff7fff7f5c656d30232d0000"], 0xa0) [ 226.044018] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 226.411878] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 227.553763] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 227.930345] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 228.319413] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 228.326864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 228.656765] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 228.664022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.322606] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.343979] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 229.352147] team0: Port device team_slave_0 added [ 229.608458] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 229.616713] team0: Port device team_slave_1 added [ 229.944771] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 229.953794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.962730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.197521] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 230.204773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.213460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.442533] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 230.566418] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 230.574199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.583177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.927400] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 230.935201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.944359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.475079] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 231.481442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 231.489344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 232.183814] hrtimer: interrupt took 68714 ns 17:15:34 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x28, 0xb01, 0x0, 0x0, {0x12}}, 0x14}}, 0x0) add_key(&(0x7f0000000280)='pkcs7_test\x00', &(0x7f00000002c0)={'syz'}, &(0x7f0000000440), 0x0, 0xfffffffffffffffd) [ 232.565763] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.760926] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.767567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.774699] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.781175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.790226] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 233.797074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.944221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.727809] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.456269] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 238.462829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.470636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 17:15:41 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x0, 0x2}, 0x10}}, 0x0) sendmsg$key(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x2, 0x101, 0x0, 0x0, 0x2}, 0x10}}, 0x0) [ 239.587905] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.237692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.788542] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 243.324244] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 243.352809] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.359172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.367237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.393189] ================================================================== [ 243.400607] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590 [ 243.407123] CPU: 0 PID: 6824 Comm: syz-executor4 Not tainted 4.19.0-rc4+ #63 [ 243.414319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 243.423690] Call Trace: [ 243.426289] [ 243.428467] dump_stack+0x306/0x460 [ 243.432120] ? loaded_vmcs_init+0x343/0x590 [ 243.436480] kmsan_report+0x1a3/0x2d0 [ 243.440319] __msan_warning+0x7c/0xe0 [ 243.444154] loaded_vmcs_init+0x343/0x590 [ 243.448340] __loaded_vmcs_clear+0x2fb/0x3c0 [ 243.452785] flush_smp_call_function_queue+0x404/0x770 [ 243.458083] ? vmx_get_msr_feature+0x180/0x180 [ 243.462704] generic_smp_call_function_single_interrupt+0x1f/0x30 [ 243.468986] smp_call_function_single_interrupt+0x2f7/0x530 [ 243.474731] call_function_single_interrupt+0xf/0x20 [ 243.479850] [ 243.482139] RIP: 0010:msan_get_shadow_origin_ptr+0xa/0x300 [ 243.487786] Code: eb fe e8 89 b8 50 ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 31 d2 e8 05 00 00 00 5d c3 0f 1f 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 30 65 48 8b 04 25 28 00 00 00 48 89 45 d0 48 c7 [ 243.506717] RSP: 0018:ffff88014d57f7e8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff04 [ 243.514456] RAX: 000000ffffffffff RBX: 000000000021ffff RCX: 000000ffffffffff [ 243.521744] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8bd782a8 [ 243.529031] RBP: ffff88014d57f800 R08: 0000000000000000 R09: ffffffff8c2d9000 [ 243.536318] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 243.543602] R13: 80000001516ef007 R14: 80000001516ef007 R15: 00000000001516ef [ 243.550936] __msan_metadata_ptr_for_load_8+0x10/0x20 [ 243.556150] copy_page_range+0x1d94/0x3d00 [ 243.560507] copy_process+0x702f/0xbc70 [ 243.564587] _do_fork+0x3d4/0x1330 [ 243.568182] __se_sys_clone+0xf6/0x110 [ 243.572117] __x64_sys_clone+0x62/0x80 [ 243.576035] do_syscall_64+0xbe/0x100 [ 243.579864] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 243.585070] RIP: 0033:0x421299 [ 243.588284] Code: 01 00 00 48 8d 54 24 0c 48 8d 7c 24 10 be 60 10 42 00 e8 7a ed bd ff 48 8d 54 24 0c 31 f6 bf 11 00 10 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 6b 01 00 00 85 c0 89 c7 89 44 24 0c 0f 84 [ 243.607210] RSP: 002b:0000000000a3fad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 243.614941] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000421299 [ 243.622232] RDX: 0000000000a3fadc RSI: 0000000000000000 RDI: 0000000000100011 [ 243.629537] RBP: 0000000000a3fc80 R08: 0000000000a44a80 R09: 0000000000000028 [ 243.636822] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000a3fee8 [ 243.644105] R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000 [ 243.651405] [ 243.653044] Local variable description: ----error.i@loaded_vmcs_init [ 243.659560] Variable was created at: [ 243.663296] loaded_vmcs_init+0x8a/0x590 [ 243.667370] __loaded_vmcs_clear+0x2fb/0x3c0 [ 243.671781] ================================================================== [ 243.679167] Disabling lock debugging due to kernel taint [ 243.684635] Kernel panic - not syncing: panic_on_warn set ... [ 243.684635] [ 243.692024] CPU: 0 PID: 6824 Comm: syz-executor4 Tainted: G B 4.19.0-rc4+ #63 [ 243.700609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 243.709973] Call Trace: [ 243.712567] [ 243.714742] dump_stack+0x306/0x460 [ 243.718409] panic+0x54c/0xafa [ 243.721665] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 243.727153] kmsan_report+0x2cd/0x2d0 [ 243.730985] __msan_warning+0x7c/0xe0 [ 243.734815] loaded_vmcs_init+0x343/0x590 [ 243.739011] __loaded_vmcs_clear+0x2fb/0x3c0 [ 243.743456] flush_smp_call_function_queue+0x404/0x770 [ 243.748753] ? vmx_get_msr_feature+0x180/0x180 [ 243.753370] generic_smp_call_function_single_interrupt+0x1f/0x30 [ 243.759624] smp_call_function_single_interrupt+0x2f7/0x530 [ 243.765361] call_function_single_interrupt+0xf/0x20 [ 243.770472] [ 243.772735] RIP: 0010:msan_get_shadow_origin_ptr+0xa/0x300 [ 243.778381] Code: eb fe e8 89 b8 50 ff 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 31 d2 e8 05 00 00 00 5d c3 0f 1f 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 30 65 48 8b 04 25 28 00 00 00 48 89 45 d0 48 c7 [ 243.797316] RSP: 0018:ffff88014d57f7e8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff04 [ 243.805054] RAX: 000000ffffffffff RBX: 000000000021ffff RCX: 000000ffffffffff [ 243.812357] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8bd782a8 [ 243.819644] RBP: ffff88014d57f800 R08: 0000000000000000 R09: ffffffff8c2d9000 [ 243.826953] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 243.834238] R13: 80000001516ef007 R14: 80000001516ef007 R15: 00000000001516ef [ 243.841566] __msan_metadata_ptr_for_load_8+0x10/0x20 [ 243.846781] copy_page_range+0x1d94/0x3d00 [ 243.851139] copy_process+0x702f/0xbc70 [ 243.855227] _do_fork+0x3d4/0x1330 [ 243.858825] __se_sys_clone+0xf6/0x110 [ 243.862794] __x64_sys_clone+0x62/0x80 [ 243.866708] do_syscall_64+0xbe/0x100 [ 243.870539] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 243.875746] RIP: 0033:0x421299 [ 243.878954] Code: 01 00 00 48 8d 54 24 0c 48 8d 7c 24 10 be 60 10 42 00 e8 7a ed bd ff 48 8d 54 24 0c 31 f6 bf 11 00 10 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 6b 01 00 00 85 c0 89 c7 89 44 24 0c 0f 84 [ 243.897870] RSP: 002b:0000000000a3fad0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 243.905602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000421299 [ 243.912885] RDX: 0000000000a3fadc RSI: 0000000000000000 RDI: 0000000000100011 [ 243.920169] RBP: 0000000000a3fc80 R08: 0000000000a44a80 R09: 0000000000000028 [ 243.927481] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000a3fee8 [ 243.934769] R13: 0000000000a3fe28 R14: 0000000000000000 R15: 0000000000000000 [ 243.943073] Kernel Offset: disabled [ 243.946719] Rebooting in 86400 seconds..