[ 57.018540] audit: type=1800 audit(1538566315.062:27): pid=6062 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.489532] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 62.124658] random: sshd: uninitialized urandom read (32 bytes read) [ 62.628268] random: sshd: uninitialized urandom read (32 bytes read) [ 64.967053] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. [ 70.869451] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/03 11:32:10 fuzzer started [ 75.474024] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/03 11:32:16 dialing manager at 10.128.0.26:45967 2018/10/03 11:32:16 syscalls: 1 2018/10/03 11:32:16 code coverage: enabled 2018/10/03 11:32:16 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/03 11:32:16 setuid sandbox: enabled 2018/10/03 11:32:16 namespace sandbox: enabled 2018/10/03 11:32:16 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/03 11:32:16 fault injection: enabled 2018/10/03 11:32:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/03 11:32:16 net packed injection: enabled 2018/10/03 11:32:16 net device setup: enabled [ 80.891585] random: crng init done 11:34:17 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket(0x11, 0x80002, 0x3) bind(r1, &(0x7f0000000200)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) recvmsg(r1, &(0x7f0000000380)={&(0x7f0000000100)=@can, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000280)=""/205, 0xcd}, {&(0x7f0000001500)=""/188, 0xbc}, {&(0x7f00000015c0)=""/149, 0x95}, {&(0x7f0000001680)=""/251, 0xfb}, {&(0x7f0000000080)=""/52, 0x34}, {&(0x7f0000000180)=""/41, 0x29}], 0x7, &(0x7f0000001780)=""/133, 0x85, 0x6}, 0x10000) [ 200.289103] IPVS: ftp: loaded support on port[0] = 21 [ 202.650089] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.656719] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.665756] device bridge_slave_0 entered promiscuous mode [ 202.823774] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.830240] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.838784] device bridge_slave_1 entered promiscuous mode [ 202.979360] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.117676] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.544137] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.688953] bond0: Enslaving bond_slave_1 as an active interface with an up link 11:34:21 executing program 1: openat$zero(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/zero\x00', 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000140)={@local, @empty, @mcast2}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000cc0)=@abs, 0x6e) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x20000000006}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) epoll_wait(r2, &(0x7f00000000c0)=[{}], 0x3ca, 0x0) recvmmsg(r0, &(0x7f000030efc4)=[{{&(0x7f0000413ffa)=@hci, 0x6, &(0x7f0000b60000), 0x0, &(0x7f00004f9000)}}], 0x1, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) [ 204.541644] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.550096] team0: Port device team_slave_0 added [ 204.598571] IPVS: ftp: loaded support on port[0] = 21 [ 204.788643] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.797051] team0: Port device team_slave_1 added [ 205.018547] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.180276] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 205.187420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.196519] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.505878] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 205.514148] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.523336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.799962] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 205.807735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.817083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.251198] ip (6351) used greatest stack depth: 53056 bytes left [ 208.433011] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.439512] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.448266] device bridge_slave_0 entered promiscuous mode [ 208.535905] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.542541] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.549493] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.556110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.565084] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 208.745040] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.751516] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.760246] device bridge_slave_1 entered promiscuous mode [ 208.954968] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.211906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.532494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 11:34:27 executing program 2: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000440)="585ccbe4ed83b8361f000000000000002206297b6897b66147b3c7218a9169a85ea0bdc9e1587a050000000000f1ff42e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d25500200000035c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5a7d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40000e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539a19930", 0xc3, 0xfffffffffffffffe) socketpair$inet6(0xa, 0xb, 0xf32f, &(0x7f0000000540)={0xffffffffffffffff}) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000580)={'vlan0\x00', {0x2, 0x0, @rand_addr=0x4}}) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dsp\x00', 0x101000, 0x0) ioctl$RTC_PIE_OFF(r2, 0x7006) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0x74, 0x0, [0x5, 0x6, 0x9, 0x71]}) r3 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x0, 0x800) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000ffc000/0x3000)=nil) timerfd_settime(r3, 0x0, &(0x7f00000001c0)={{r4, r5+30000000}, {0x77359400}}, &(0x7f0000000340)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) r6 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x9a, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r6, r0, r0}, &(0x7f0000000240)=""/240, 0xf0, 0x0) [ 210.183300] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.467839] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.679559] IPVS: ftp: loaded support on port[0] = 21 [ 210.831905] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.839336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.131644] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.139647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.034999] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.043282] team0: Port device team_slave_0 added [ 212.331723] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.340259] team0: Port device team_slave_1 added [ 212.618305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.627212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.636206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.945375] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.952519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.961193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.246787] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.254589] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.263754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.586766] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 213.594587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.603826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.888690] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.895302] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.903908] device bridge_slave_0 entered promiscuous mode [ 215.174624] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.181123] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.189800] device bridge_slave_1 entered promiscuous mode [ 215.490928] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.775981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.442713] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.672984] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.878485] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 216.885677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 216.897519] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.904103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.911013] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.917613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.926516] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.086127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 217.093388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 217.725305] ip (6547) used greatest stack depth: 53040 bytes left [ 217.772785] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.042134] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.050263] team0: Port device team_slave_0 added [ 218.358781] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.367024] team0: Port device team_slave_1 added 11:34:36 executing program 3: syz_open_procfs(0x0, &(0x7f0000000680)='uid_map\x00') [ 218.594686] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.601747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.610854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.978544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 218.985793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.995014] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.416800] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.424603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.433724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.726769] IPVS: ftp: loaded support on port[0] = 21 [ 219.870409] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.878246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.887661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.861101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.129445] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 223.518805] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 223.525334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.534010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.017471] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.024055] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.030962] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.037613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.046683] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 224.573480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.918898] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.684929] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.691411] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.700384] device bridge_slave_0 entered promiscuous mode [ 226.029618] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.036381] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.044912] device bridge_slave_1 entered promiscuous mode [ 226.384890] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 226.730385] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 227.766165] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 228.161506] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 228.502684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 228.509833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 228.719937] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 228.727129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:34:47 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001f80)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f00000004c0)=""/5, 0x5}], 0x1, &(0x7f0000000900)=""/52, 0x34}}], 0x1, 0x0, &(0x7f0000002140)={0x0, 0x989680}) recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) [ 229.716563] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 229.724730] team0: Port device team_slave_0 added [ 230.149900] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 230.158096] team0: Port device team_slave_1 added [ 230.570916] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 230.578244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 230.587345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.881253] IPVS: ftp: loaded support on port[0] = 21 [ 231.058028] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 231.065253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.074474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.484878] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.492812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.502221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 231.928950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 231.936859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.946042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 232.139883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.779070] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 11:34:52 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket(0x11, 0x80002, 0x3) bind(r1, &(0x7f0000000200)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) recvmsg(r1, &(0x7f0000000380)={&(0x7f0000000100)=@can, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000280)=""/205, 0xcd}, {&(0x7f0000001500)=""/188, 0xbc}, {&(0x7f00000015c0)=""/149, 0x95}, {&(0x7f0000001680)=""/251, 0xfb}, {&(0x7f0000000080)=""/52, 0x34}, {&(0x7f0000000180)=""/41, 0x29}], 0x7, &(0x7f0000001780)=""/133, 0x85, 0x6}, 0x10000) 11:34:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf"}], 0xaaaaaaaaaaaac60, 0x0, &(0x7f0000000100), 0x330) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 235.197153] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 235.258270] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 235.264964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 235.272961] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 235.314935] ================================================================== [ 235.322607] BUG: KMSAN: uninit-value in __vmx_flush_tlb+0x755/0x790 [ 235.329224] CPU: 0 PID: 6954 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63 [ 235.336426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.345799] Call Trace: [ 235.348419] dump_stack+0x306/0x460 [ 235.352090] ? __vmx_flush_tlb+0x755/0x790 [ 235.356378] kmsan_report+0x1a3/0x2d0 [ 235.360229] __msan_warning+0x7c/0xe0 [ 235.364077] __vmx_flush_tlb+0x755/0x790 [ 235.368194] vmx_flush_tlb+0x94/0xb0 [ 235.371944] ? vmx_set_rflags+0x740/0x740 [ 235.376124] kvm_mmu_load+0x1656/0x3460 [ 235.380150] ? vmx_set_cr0+0x3510/0x3510 [ 235.384276] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 235.389479] ? futex_wait+0x745/0xa40 [ 235.393333] ? task_kmsan_context_state+0x6b/0x120 [ 235.398319] ? __msan_get_context_state+0x9/0x30 [ 235.403109] ? INIT_INT+0xc/0x30 [ 235.406507] ? task_kmsan_context_state+0x6b/0x120 [ 235.411493] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 235.416980] ? kmsan_set_origin_inline+0x6b/0x120 [ 235.421873] ? __msan_poison_alloca+0x17a/0x210 [ 235.426599] ? put_pid+0x71/0x410 [ 235.430096] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 235.434463] ? put_pid+0x1a9/0x410 [ 235.438053] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 235.443456] ? get_task_pid+0x17b/0x270 [ 235.447472] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 235.451669] ? do_vfs_ioctl+0x18a/0x2810 [ 235.455759] ? __se_sys_ioctl+0x1da/0x270 [ 235.459937] ? kvm_vm_release+0x90/0x90 [ 235.463939] do_vfs_ioctl+0xcf3/0x2810 [ 235.467878] ? security_file_ioctl+0x92/0x200 [ 235.472418] __se_sys_ioctl+0x1da/0x270 [ 235.476470] __x64_sys_ioctl+0x4a/0x70 [ 235.480409] do_syscall_64+0xbe/0x100 [ 235.484321] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 235.489552] RIP: 0033:0x457579 [ 235.492780] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 235.511706] RSP: 002b:00007f58d8443c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 235.519438] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 235.526738] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 235.534039] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 235.541334] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58d84446d4 [ 235.548623] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 235.555927] [ 235.557569] Local variable description: ----error.i.i.i@__vmx_flush_tlb [ 235.564330] Variable was created at: [ 235.568071] __vmx_flush_tlb+0x103/0x790 [ 235.572168] vmx_flush_tlb+0x94/0xb0 [ 235.575899] ================================================================== [ 235.583291] Disabling lock debugging due to kernel taint [ 235.588759] Kernel panic - not syncing: panic_on_warn set ... [ 235.588759] [ 235.596165] CPU: 0 PID: 6954 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #63 [ 235.604760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.614132] Call Trace: [ 235.616757] dump_stack+0x306/0x460 [ 235.620437] panic+0x54c/0xafa [ 235.623717] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 235.629200] kmsan_report+0x2cd/0x2d0 [ 235.633048] __msan_warning+0x7c/0xe0 [ 235.636903] __vmx_flush_tlb+0x755/0x790 [ 235.641020] vmx_flush_tlb+0x94/0xb0 [ 235.644815] ? vmx_set_rflags+0x740/0x740 [ 235.649004] kvm_mmu_load+0x1656/0x3460 [ 235.653021] ? vmx_set_cr0+0x3510/0x3510 [ 235.657132] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 235.662323] ? futex_wait+0x745/0xa40 [ 235.666203] ? task_kmsan_context_state+0x6b/0x120 [ 235.671171] ? __msan_get_context_state+0x9/0x30 [ 235.675962] ? INIT_INT+0xc/0x30 [ 235.679352] ? task_kmsan_context_state+0x6b/0x120 [ 235.684311] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 235.689796] ? kmsan_set_origin_inline+0x6b/0x120 [ 235.694702] ? __msan_poison_alloca+0x17a/0x210 [ 235.699422] ? put_pid+0x71/0x410 [ 235.702936] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 235.707296] ? put_pid+0x1a9/0x410 [ 235.710867] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 235.716266] ? get_task_pid+0x17b/0x270 [ 235.720279] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 235.724487] ? do_vfs_ioctl+0x18a/0x2810 [ 235.728571] ? __se_sys_ioctl+0x1da/0x270 [ 235.732746] ? kvm_vm_release+0x90/0x90 [ 235.736747] do_vfs_ioctl+0xcf3/0x2810 [ 235.740679] ? security_file_ioctl+0x92/0x200 [ 235.745230] __se_sys_ioctl+0x1da/0x270 [ 235.749255] __x64_sys_ioctl+0x4a/0x70 [ 235.753173] do_syscall_64+0xbe/0x100 [ 235.757008] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 235.762216] RIP: 0033:0x457579 [ 235.765436] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 235.784372] RSP: 002b:00007f58d8443c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 235.792109] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 235.799422] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 235.806721] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 235.814010] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58d84446d4 [ 235.821311] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 235.829673] Kernel Offset: disabled [ 235.833316] Rebooting in 86400 seconds..