[ 57.325010] audit: type=1800 audit(1538714223.371:27): pid=6066 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.683455] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 62.303267] random: sshd: uninitialized urandom read (32 bytes read) [ 62.692485] random: sshd: uninitialized urandom read (32 bytes read) [ 64.205866] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. [ 70.008150] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/05 04:37:18 fuzzer started [ 74.632137] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/05 04:37:22 dialing manager at 10.128.0.26:36867 2018/10/05 04:37:22 syscalls: 1 2018/10/05 04:37:22 code coverage: enabled 2018/10/05 04:37:22 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/05 04:37:22 setuid sandbox: enabled 2018/10/05 04:37:22 namespace sandbox: enabled 2018/10/05 04:37:22 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/05 04:37:22 fault injection: enabled 2018/10/05 04:37:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/05 04:37:22 net packed injection: enabled 2018/10/05 04:37:22 net device setup: enabled [ 80.657531] random: crng init done 04:39:30 executing program 0: socket$inet_udp(0x2, 0x2, 0x0) io_setup(0x1, &(0x7f0000000080)=0x0) openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000900)=[&(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000780)}]) [ 205.204444] IPVS: ftp: loaded support on port[0] = 21 [ 207.604585] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.611716] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.620432] device bridge_slave_0 entered promiscuous mode [ 207.763634] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.770105] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.778706] device bridge_slave_1 entered promiscuous mode [ 207.919237] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 208.059440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:39:34 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000337ff2)='timers\x00') close(r0) [ 208.487409] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.690871] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.038207] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.045351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.489311] IPVS: ftp: loaded support on port[0] = 21 [ 209.709915] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.718127] team0: Port device team_slave_0 added [ 209.858838] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.866984] team0: Port device team_slave_1 added [ 210.079399] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.086541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.095677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.304009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.311069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.320052] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.530744] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.538478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.547974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.838743] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.846828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.855878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.798278] ip (6352) used greatest stack depth: 53056 bytes left [ 212.948608] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.955170] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.963729] device bridge_slave_0 entered promiscuous mode [ 213.131003] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.137623] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.146189] device bridge_slave_1 entered promiscuous mode [ 213.334095] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.340606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.347679] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.354206] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.363208] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.423004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.614048] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 214.093395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.333998] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 214.569232] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:39:40 executing program 2: r0 = socket(0x1e, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) close(r1) [ 214.795161] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.802460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 215.134157] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 215.141212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 215.548330] IPVS: ftp: loaded support on port[0] = 21 [ 215.884744] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 215.892840] team0: Port device team_slave_0 added [ 216.054208] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 216.062458] team0: Port device team_slave_1 added [ 216.242858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 216.249907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.258991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 216.558257] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 216.565494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 216.574414] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 216.851274] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 216.859174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.868556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.211008] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 217.219455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.228746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.283399] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.289886] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.298654] device bridge_slave_0 entered promiscuous mode [ 220.428501] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.435046] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.442075] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.448537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.457384] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.545953] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.552545] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.561056] device bridge_slave_1 entered promiscuous mode [ 220.748079] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 220.891895] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.935027] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 221.909120] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.224183] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.499052] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.506271] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.793414] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 222.800452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:39:49 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, "6e72300000000000000000001d00", 0x4}, 0x95) ioctl(r1, 0x8916, &(0x7f0000000000)) [ 223.751369] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.759654] team0: Port device team_slave_0 added [ 224.137750] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.146063] team0: Port device team_slave_1 added [ 224.298478] IPVS: ftp: loaded support on port[0] = 21 [ 224.487974] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.495280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.504563] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.945261] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.952480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.961259] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.299615] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.307676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.316568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.441817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.717098] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.724775] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.733998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 226.809735] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 228.301446] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.307970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.316169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.633053] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.744095] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.750564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.758392] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.764968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.773983] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 230.142479] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.148967] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.157436] device bridge_slave_0 entered promiscuous mode [ 230.421895] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.507147] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.513841] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.522381] device bridge_slave_1 entered promiscuous mode [ 230.948657] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 231.280640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 232.300941] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 232.687034] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 233.079864] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 233.087101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 233.435408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 233.442595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:39:59 executing program 4: prctl$seccomp(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x40000000006, 0x0, 0x0, 0xffffffffffff7fff}]}) tkill(0x0, 0x3b) [ 234.479336] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 234.487582] team0: Port device team_slave_0 added [ 234.768611] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.890799] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 234.899060] team0: Port device team_slave_1 added [ 235.299093] IPVS: ftp: loaded support on port[0] = 21 [ 235.434558] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 235.441751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.450647] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.878989] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 235.886187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 235.894870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.202423] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 236.258022] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 236.265748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.274826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.725297] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.733430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.742593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.752924] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 237.759396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.767576] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:40:05 executing program 0: semop(0x0, &(0x7f0000000080)=[{}], 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x8020400) [ 239.457539] 8021q: adding VLAN 0 to HW filter on device team0 04:40:06 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f0000000000)={0x4, 0x9, 0x100, @broadcast, 'rose0\x00'}) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x8, 0x200000) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000080)=0x18, 0x4) read(r0, &(0x7f0000000200)=""/146, 0x92) 04:40:06 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x100082) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) lsetxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.origin\x00', &(0x7f0000000100)='y\x00', 0x2, 0x3) r3 = memfd_create(&(0x7f0000000380)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0) pwritev(r3, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r3) sendfile(r2, r1, &(0x7f0000000240)=0x8000000004800, 0x8) 04:40:07 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x2, 0x2, 0x1, 0x1, r1}) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x19, 0x5, 0x90, [0x200002c0, 0x0, 0x0, 0x200002f0, 0x20000550], 0x0, &(0x7f00000000c0), &(0x7f00000002c0)=[{}, {}, {0x0, '\x00', 0x2}]}, 0x108) [ 241.164532] kernel msg: ebtables bug: please report to author: Valid hook without chain 04:40:07 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000500)=""/246) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x1bacf914c1bafb2, &(0x7f0000000300)=[{}]}) write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0x0, 0x3, {0x7, 0x1b, 0x400, 0x10080, 0x1000, 0x8001, 0x5, 0x1}}, 0x50) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000140)={0x0, 0x0, 0x8, &(0x7f0000000100)=0x1000}) ioctl$EVIOCGREP(r0, 0x40107447, &(0x7f0000000000)=""/174) [ 241.638027] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.644614] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.651627] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.658080] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.666456] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 04:40:08 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x0, &(0x7f0000000000)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'bond_slave_0\x00', &(0x7f00000000c0)=@ethtool_cmd={0x17, 0x3, 0x6b32, 0x85, 0x4, 0x7, 0x6, 0x2b84, 0xfffffffffffff6ba, 0x7, 0x2, 0xfffffffffffff1cf, 0x9337, 0x1, 0x1b9, 0x7, [0x100, 0x7f]}}) recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) [ 242.413215] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.715267] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.721824] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.730200] device bridge_slave_0 entered promiscuous mode 04:40:09 executing program 0: r0 = socket$inet6(0xa, 0x800, 0x3) bind$inet6(r0, &(0x7f0000f13000)={0xa, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYRESHEX=r0], &(0x7f0000000040)={0x0, 0x0, [0x0, 0x0, 0x261]}) [ 243.258939] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.265574] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.274116] device bridge_slave_1 entered promiscuous mode 04:40:09 executing program 0: socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000004100), 0x2a37, 0x10102, 0x0) sendto$unix(r1, &(0x7f0000000100)="d8", 0x1, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) [ 243.734476] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 244.180767] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 245.337750] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 245.682449] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 246.125037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 246.132276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 246.503357] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 246.510441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 246.804248] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.535972] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 247.544090] team0: Port device team_slave_0 added [ 247.847891] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 247.881810] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 247.889958] team0: Port device team_slave_1 added [ 248.259098] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 248.266294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 248.275109] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.629567] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 248.636830] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 248.645768] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 04:40:14 executing program 1: timer_create(0x2, &(0x7f00000011c0)={0x0, 0x33, 0x0, @thr={&(0x7f0000000040), &(0x7f00000001c0)}}, &(0x7f0000001200)) [ 248.887733] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 248.895579] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 248.904550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 248.957527] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 248.965101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 248.972959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 249.146759] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 249.154470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 249.163466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.867025] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.493154] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.499642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.506964] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.513486] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.522199] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.528769] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 253.679174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.606085] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 04:40:20 executing program 2: r0 = socket(0x1e, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) close(r1) [ 255.328786] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 255.335254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 255.343234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 255.879044] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.700936] 8021q: adding VLAN 0 to HW filter on device bond0 04:40:25 executing program 3: [ 259.209951] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 259.628924] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.635307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.643261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.940811] 8021q: adding VLAN 0 to HW filter on device team0 [ 261.786084] kauditd_printk_skb: 3 callbacks suppressed [ 261.786117] audit: type=1326 audit(1538714427.841:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7571 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 262.571989] audit: type=1326 audit(1538714428.621:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7571 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 04:40:28 executing program 4: 04:40:28 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000002c0)='/dev/snd/controlC#\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000000)={0x2}) r1 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x1, 0x1, 0x8, 0xb61a, 0x0, 0x8000, 0x200, 0x4, 0x8, 0x0, 0xffffffff, 0x5, 0x54a1, 0x2, 0x7, 0x1, 0xffffffff, 0x8, 0x7, 0x9, 0x7ff, 0x1000, 0x4, 0x1, 0x2, 0x7fff, 0x3, 0x8, 0x1ff, 0xfff, 0x1, 0x2, 0x8, 0x5, 0x200, 0x5, 0x0, 0x5e1, 0x3, @perf_config_ext={0x9, 0x7fffffff}, 0x440, 0x0, 0xff, 0x5, 0x100000000, 0x20, 0x75f}, 0xffffffffffffffff, 0x3, 0xffffffffffffff9c, 0xa) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000100)={0x0, 0x70, 0x800, 0x4d9, 0x100000001, 0x5, 0x0, 0x0, 0x40, 0x2, 0x80000000, 0x9, 0xaa8, 0x5, 0x1, 0x3, 0x100000000, 0x5, 0x9, 0x7f, 0x9aaf, 0x5, 0xaa4, 0x3, 0x0, 0x800, 0x9, 0xc8c8, 0x4, 0x1, 0x1, 0x5, 0x9b, 0x6, 0x5, 0x7, 0x3, 0x9, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000000c0), 0xb}, 0x200, 0xc24a, 0x86, 0x4, 0x7, 0x5949, 0x401}) 04:40:28 executing program 5: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x4000, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f0000000040)={'security\x00', 0x94, "7c5e3fe384b44176df12a2b14b921de2adefb234798d5633b646494d2ae10edaaf7b09f14ed298810aa130b192524aae8f906e1a1c9e9d2eecd3165a8eea7faf3f6c9e5b763c1491480bc23665dedc989e21bae6edc09927c926b7bd5df5b154cb115b23ba782b7c7e60bf599068e87ab43f20e35614b9e546841ec29ffc5ff4a8b7a3b523a8c7ab4ed56b2b2a7f710d49027519"}, &(0x7f0000000100)=0xb8) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000140)={0x9, 0x0, 0x2}) ioctl$DRM_IOCTL_AGP_FREE(r0, 0x40206435, &(0x7f0000000180)={0xba1, r1, 0x10000}) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, &(0x7f00000001c0)={'raw\x00', 0x84, "938873494e565b6c90c2bdf5171a9d70aa1cc429c651aa7df568f19c3fedf20d7e36514f65b39c710493528a6ab170cff8a959b01f2b3c7d0f88f730f5e3622ffe1c0363815c858e769346454d92e316f3dbed26840d06acf32c8c3d0e648d485d420442b449e219a0f3ac6bcff475f6e744ccd0b617fba7a8dd3cf20b34a9c15e358f18"}, &(0x7f0000000280)=0xa8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000002c0)={0x0, 0x87, "298f32d45c92b6ee983ab91420ebe9207c6f4f1d1548e6af7e4f013391961db3667a01f33fca7693c4fb8f08e21a75007cf48ccf64398596cbb5f9fd8281f7e36d1adf8f3f2cc2caab7f69c4504bc807c2bc45a8a8861496ef7e6469c03690d28fc8d126e33c4703f9429a628b6df99519cb5d6fc7cc99d6a07f37181dfaee6f66c438fa7343be"}, &(0x7f0000000380)=0x8f) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000003c0)={r2, 0xffffffff7fffffff}, 0x8) r3 = socket$bt_bnep(0x1f, 0x3, 0x4) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000400), &(0x7f0000000440)=0x4) write$binfmt_misc(r0, &(0x7f0000000480)={'syz1', "c349cc7209f51e9bd2eb9ae277a9848f08357bcaab5400fbefea7a7edbf66ed71e2550482df8b80dad9629371119a9b28ee617577ad1bec1f428199b80f2b72af230b978928161a12d0d32cf60a9c745c3f2358a37ac88a3a2e6c5c15ff80171eb249079f50eebc79eda45147fc2e81b"}, 0x74) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x8) lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r3, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000006c0)=0x0, &(0x7f0000000700), &(0x7f0000000740)) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000780)={0x158, 0x0, 0x2, [{{0x0, 0x0, 0x7, 0x4, 0x3, 0x80, {0x3, 0x269, 0x10000, 0x78, 0x9, 0x0, 0x2, 0x9, 0x8, 0xe581, 0x5, r4, r5, 0x8, 0x8}}, {0x6, 0x5, 0xb, 0x778, '/dev/mixer\x00'}}, {{0x5, 0x1, 0x800, 0x8001, 0x100000000, 0x2e3, {0x1, 0x101, 0xfffffffffffffffb, 0x7, 0x7ff, 0x9, 0x8, 0x40, 0x1f, 0x47a, 0x6, r6, r7, 0x8001, 0x101}}, {0x0, 0x4, 0x7, 0x7, '\\md5sum'}}]}, 0x158) r8 = socket$pptp(0x18, 0x1, 0x2) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000900)={0x3}) ioctl$sock_bt_bnep_BNEPCONNDEL(r8, 0x400442c9, &(0x7f0000000940)={0x101, @broadcast}) write$FUSE_DIRENT(r0, &(0x7f0000000980)={0x1b0, 0xffffffffffffffda, 0x3, [{0x6, 0x8, 0x9, 0x375, 'security\x00'}, {0x5, 0x10000, 0xb, 0x5, '/dev/mixer\x00'}, {0x4, 0xfffffffffffffffd, 0xb, 0x97b, '/dev/mixer\x00'}, {0x4, 0x0, 0x2, 0x3, "25c7"}, {0x3, 0x81, 0x2, 0x80000000, '\']'}, {0x1, 0xfffffffffffffffd, 0x51, 0x4, 'posix_acl_access-}trustedcpusetmime_type}ppp0mime_type:ppp0em0]$vboxnet1*bdevppp1'}, {0x4, 0x3, 0x4, 0x5, 'raw\x00'}, {0x5, 0x6, 0x0, 0x8}, {0x1, 0x81, 0x0, 0x5}, {0x4, 0x2c, 0x9, 0xffff, 'security\x00'}]}, 0x1b0) ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000b40)=""/23) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f0000000b80)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000cc0), &(0x7f0000000d00)=0x4) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000d40)={{0xa, 0x4e20, 0xb871, @local, 0xfffffffffffffffd}, {0xa, 0x4e20, 0xffffffffffff0000, @mcast1, 0x100}, 0x3, [0x2, 0x100000001, 0x8, 0xffff, 0x1000, 0x8, 0x8cbd, 0x81]}, 0x5c) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000dc0)) write$cgroup_int(r0, &(0x7f0000000e00)=0x60ffc12a, 0x12) ioctl$KVM_SMI(r0, 0xaeb7) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000e40)=0x7fffffff, 0x8) ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f0000000e80)) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000ec0)={[{0x3a0, 0xc9e0, 0x3, 0xae, 0x6b, 0x9, 0x480000, 0x8, 0x7, 0x9aa, 0x7fffffff, 0xbc73, 0xfa4}, {0xfffffffffffff001, 0x5, 0x4, 0x7fffffff, 0xf1e, 0x6, 0x8, 0x6, 0x9, 0x7, 0x20, 0x200, 0x4}, {0x38a, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x1, 0x40, 0x5, 0x6, 0x45a7, 0x950, 0x0, 0x6}], 0x3}) 04:40:28 executing program 2: 04:40:28 executing program 1: 04:40:28 executing program 3: 04:40:28 executing program 3: 04:40:29 executing program 4: 04:40:29 executing program 2: 04:40:29 executing program 0: 04:40:29 executing program 1: 04:40:29 executing program 3: 04:40:29 executing program 4: 04:40:29 executing program 2: [ 263.987535] IPVS: ftp: loaded support on port[0] = 21 [ 265.255501] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.261991] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.269506] device bridge_slave_0 entered promiscuous mode [ 265.358472] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.364975] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.373364] device bridge_slave_1 entered promiscuous mode [ 265.524107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 265.656614] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 265.892114] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 265.977132] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 266.058850] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 266.065929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 266.144776] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 266.151831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 266.387269] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 266.394881] team0: Port device team_slave_0 added [ 266.473062] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 266.480738] team0: Port device team_slave_1 added [ 266.559912] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 266.642863] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 266.724955] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 266.732410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 266.741333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 266.819908] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 266.827353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 266.836455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 267.688379] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.694932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.701951] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.708360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.716826] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 267.961898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 270.875114] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.166987] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 271.451338] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 271.457652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 271.465860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 271.747312] 8021q: adding VLAN 0 to HW filter on device team0 04:40:39 executing program 5: 04:40:39 executing program 0: 04:40:39 executing program 3: 04:40:39 executing program 1: 04:40:39 executing program 2: 04:40:39 executing program 4: 04:40:40 executing program 1: 04:40:40 executing program 4: 04:40:40 executing program 0: 04:40:40 executing program 5: 04:40:40 executing program 3: 04:40:40 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7e228e36d99e2f0265df5dc7b581280cd556138d5f0e0658d18fb7c", 0x1c) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000008e80)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x34010}], 0x1, &(0x7f0000001680)=""/72, 0x48}}], 0x1, 0x0, &(0x7f0000002240)) 04:40:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x17}}}, 0x1c) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000200)=ANY=[@ANYBLOB="0000000000000000924986a47522ed5cee2d6a0eafd4f0eff226b4a1fbc8fc1e2cbb321e3f97e0dcf14e67b16e0e3e27c0024016004a729baf650eebf49050732e7dc9cae27af40dff63058a16f14b8a7a94b24d37cc182de31f0ac70fed74a5927c2f25076e39169b274176acba2b0d6d427ef36c763bdf4366a63ef5b52fea9191964a4da96642f68d23112aca04c2b35c00531ae42a2a84f0e6bb821ddd48c6ec8abc7549fad61c4ad43796f51c50ce17cfb6291c2b4a2e8fc5"], 0x1) connect(r0, &(0x7f0000000500)=@llc={0x1a, 0x217, 0x20, 0x9, 0x9, 0x10001, @dev={[], 0x18}}, 0x80) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000002c40), 0x4) 04:40:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f00000000c0)="c744240006000000c744240200000080c7442406000000000f01142466b8c2008ec80f070f0f369a0f2002674669f9c12c000026660f38157e0f660f0dbead00000066baf80cb8bcecb281ef66bafc0cb80b000000ef0f20d835080000000f22d8", 0x61}], 0x1, 0x0, &(0x7f0000000040), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000c000/0x18000)=nil, &(0x7f00000001c0)=[@text32={0x20, &(0x7f0000000040)="2e652603bd4a925bcfb9c30900000f32b805000000b930e49d370f01d966b8b7000f00d81a7af10f08f30f5ecf660f38816e200f060faebf00000000", 0x3c}], 0x1, 0x0, &(0x7f00000002c0), 0x0) ioctl$KVM_NMI(r2, 0xae9a) add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f0000001080), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:40:40 executing program 3: socket$inet(0x2, 0x0, 0x0) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000140)={0x2, 0x0, @dev}, 0x10) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, &(0x7f00000002c0)) getpgrp(0xffffffffffffffff) add_key(&(0x7f0000000440)='pkcs7_test\x00', &(0x7f0000000480)={'syz'}, &(0x7f00000004c0), 0x0, 0xfffffffffffffffb) tgkill(0x0, 0x0, 0x0) 04:40:40 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080), 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup(r0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r0, 0x5) ioctl$TCSETS(r2, 0x5402, &(0x7f00000000c0)={0x0, 0x7417}) ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f0000000000)) r3 = dup3(r2, r0, 0x0) write$UHID_INPUT(r3, &(0x7f0000001640)={0x8, "e52aac313baccb9b551156a2d7c12b7711c32a17d3c4c9ceef08c2046fe288a7036e513019e5e114cc4ae935d23a9990952824f5d0c1f52e2eb94e5301ba9dc9a02818038eaef46fc2c3ebbe46e4a6024c93823f66462ba3d68913fdeadd1087b06846aa3ddf6ed3dc2b61b4960f48c2edf5cdf23c7e8d3f2e6daa71e66b29bc19e377d7df4637d735194a52da503a0ac44383ba5b3da867da41344e207ca706dc37592abdb685e4b80eb6dc2b1dc550a1d16166d163a4a220a54d7844facbbb2648ee90aa05c3c03ee447d79e517df8ffe70c215bd0bf69e86a5f48d571b9337590d05e9947727c0d77d18a117f110252735ca6700a55fd26838935808cbe7b7c222a75339e44230bdeb99bc39c0c1cc20de74fcb9744f4c4a988f3874a846d31abcf5504d78a3e14f35f6cbd123fcff22890cc17c730c3ea9f74616dfe60064552ec25568a6211bdc39483a28bed0df0afc7d7c6d13d301e080c8846eab1a9d914b0695b16dd3009feaf204d22e32c5ecc333e616159d55328d375e59194c5c9a0b3843afb283d1d26f59e03105e91aa552386468432a09be73220e942394f34c559797b74bfe7c5c2c639a40e4d2e81e1004b127540a0bdd6be2f95698e75e4f1203a47d61f506ac9364be9d98ae46536f74afe08c450ecb902e00f188c9f32aed0677455e10bbe82c763a464f10f64c403c35376b7a675546835209f0e2809e9c2bd191f784dda4b727bfac512497a07474e6d3e13233601df81abcdb6fbfb152483ec61baaee45a5d733c62107f63c55a046401a5ddef70cef8d52cb4784e3efc34de554c8ff48f7ae3d6dc1ed4eb70fe1e610355fd66ce1a375b63b6641fb3dadfab8a9b0b1f26ca11f7287258ad4766e08340f8f2fd53e7e5f287bb73c186f0290f225687040c762776a02e5e65f1b9b713e8ef98ffe111b3e4e7b761dd3ed763ed8dafd67625fb300ac752c0ff9c0c04b75be292c3f0247bd0b3560f1c76aff38791037fcf2b812f1601934a8fc769f7198e0df685841489263a1495a8a8bab1a63cb12b3089a3e30aab15ae872437e52a6f0dbc4df2d0e8df4c6bcd47beefc179d85b70b42b319453e6efaff96a509420bec299f227c4b676c58038916897f15430ff52087dd97dd329c6b6e207378053accaa31843a333e4f69586103424f44bd67eb355c1fbe078e62f07ebaae46c3e335372127dc5fa70a4579af715e531bda52761dc206aded4678079720603a577ef7e5fb5a81a525b7c96a4047d9d6bb80d7e0ce55cc0a4f73256ae9c515307f13fe54126786de425d7a674b05116104176faac5b9365b33fd2f5a710a5159d342abecede83ad421bbb712cd5b006671a958cec907311719eb3e0b5dc4fb51054e06656a7a2a066c0aac65ceb434ca3f242cb2b1d7a22179a85cbbeeacc2f0135d8dd4d1363a98d2543fa4973e19eb359e956d27f142c75f62c7aecaf47090236b9791847725bc6fde15cd4a119a4976a3f0f2d622973ad9000aae56f88b396fa1881ec0b0a5de9955fc8f864b36eacd635b88826e0a64897d605fa4a14f7786b037cf308bef61c7f860e38f1ae67fe8cb7802dbe85f9c0c082eed1a13e645370d0c95d63bba215ac8a637b8f968aef06329d62ba131b56b46bfcfa6a5e82016d5eeb6e7db45595d1acaaa5ec9886315d3dced9d0a15c44c043ac91e4bb6077139774607b76cbc017f636145beb84c128cf35ddf4a895a56b8d141f743c9189a71387893f785804f85927a23ccd79c432ab686b621ec91706ef082b4ea4fa608ce2daca0d2e2e07ff51e6a8fdc22f1c8ee5ae53720f93b4547704fae580e5560e3c7b1ac2a38ffc294d3c96635e3b919339394843c8a171c7912ceb9c0a11be25783694b177b399e7a495538e293a59d3ab44b176afed6894aa0e501d9b98981be3f2057bf6c9869403a34cb83ad57150c674301f39524a026f3608a3414287bc4e507355823c6f8640bb803a392fb8847023d1db3c39753e72414682c617de9bd0d5b6a55d46004d49f20d2f8f53cdd8eb11402f7895cd7c01b4964fd005c564b0b0e156969ccde818dda3a7cae02d1d3af95081e6549f28976fa81b5e90fbb0a62fea850ffaf0220132189c11a74996261f6de6001c50364f08c4f48fd46a0417ec8ee4d003efeead64b87d64b43cd6868f365e72e26dd9f5f9f74d135f64464cb38dd62051ae70c5a4daabebe700eb9b290b8ed4142db0090219e6186f8f71fa8fe1ebe42f621b8eed182ee8ad0401f0a3530fd48e4d1eb2637f1fbd2a7032b0f85715203c12ab8ff48131bc4ff28272b57119a76bc0b30fef5294c23c0b2bcadfbba37a00502b5e43d72148d9acc7cb7cb39dc830cd6f30262a09eecf29d1055c2edc3926cfd5076aa5f9f172ed145359fc974ca5ded652433d212607bed155df1aff269414548a39a644b6ce927de5de6e6750575c4fd7ea7fe10b1e51fde6975c0c23fc012a8b12fe3fa64e972e4e09eafea165ae5c1ffc9d761e1314a781959c223b96eefde0f4f45c7ac032a8d3f1bd304114c3329a3e4966eddcc8d44ae70bad2932f963100955e2d2d487347c2aa8356bc6bc3c84e418163c758f1372246884e6d80d87d7ab3fe660dda13ada65f200b4fb365223b93bbc29493ae6dbbbb1823edb8e9f045b60414edab955e1046b67a8d4908ab08ad90216125d2ffd8c7814a9a4940df0a653b1cf53cf456412228445ebc8e1584adfe13207ff24fe602e2a506218710483b5544347a3d515b7d2ddcaa1bb7ae3578841918a8ed00659d5f260d23ae17a9ffc77f79758844586fe53517097838a92dde8873e8be1cd5934f1a4bfdd9d0b5725b811c4a2c121b7729946993a736bd195c55684ea680304af4844a1b2f74e2c2b2ccaeceb00b9c2c515b70912efb27643c5624025e358b44853cc0efddc103ee514471af902cd9b68f102c95a91d2b825b473ce842e6367b0b7305ce8be6f9c812abe860bb632e00b69a0370e5c8f9ba0cebbcbe1b9276949c303a4e9e3b6db37a0716520c07512192364abb58399fca973a1b32106096eda8bb85745562e8a35c5e917fdf858091a4c29d6549e10098d6b205fc5cad546fe07b3a70756cf7079c88f3708f0c8527002b99e80cbd584a3737fb37953cd6dccf21add4d4b6e65894490840c008578737d5e208649d1cd34beb403c2226300297853a29cf6c661b426c13306575d81f6fd21712e0ec4366013883b95a71d5094acbf156e42de11cb873744983ec1ff9cfbee2278053b8b4e523388bd41dfd3c2ecaacc5d9d2958bbfa94f4bd0ac1c61c98ab295dd5c69020f1329818df9a2aa88ced03f4e6a4d1f8cb020afcd2384e65511ddeb908ba0c13a03dd32e8d4ccf0246008f35ef5184f81b8fed73b4aae4998bd8c7d784210042247d39396ba881bf43555d0ec58deede7b4729e79d31b2a346527594ca3a47a1723a792a701dc18d0124365e2c4a4fefed48c29a9f2fc747b302eaf92a100b2da211c91de4ab79d4aede483d852635c6f14d38095a5739d475c7aa67fdd54767a056eeb3098dfd8d1c21f32e76f0247f04118448273586856e641b83f540a643e72dc15804b78bac475f39e23291798aa45a2c10aa5fef2d5e4d7b8f529a66535d11c6149e9797f2fcce2804f2a5370345e98b0c02c7dd27135d414fe72f0740423920d68b64f6b8c05788c6692ceb4831b5d4593a970dc3ee2528765fb739964f4fed7200d7e796a9f3d0d60834e638dd8c29d4e85011e4ba4f127fe765954a5b5bb5d1cc69f2376599d5a3e8c30714893f763c06061072c10cb0eee17eb2a2514acc584b04e169d4a33a330367bb725ff9462f5d50282a2e393293eec8ea1eaab8297cc108798a4a57eccdb00647ab9f07318993f7c59c395a93cbd681d0a967a56e3f13c832c48dcc0d0096870b0d51b754e70b12a849b6f376923f7f7d909f64d64e1d6e338d39166b725265b96ed21e36b12057288d66e5df04b7b734ed0957d47fde172be2473b9ac6fdb823abe3e11ec69a170a14511d5572d6c0d9f6b749acad7003f0567bb6f9381649e42d02764077330d5af3d93185968a9f8dfed16c4a7c768a2bb98304946a557182c0ce93e82b340074e384cc6bd6129483386c654a6ab3bb12fe8e86adafa93f218fdf5019c09292858ae38ef7aa6a78e3f846215856d630ae9c5fc4009693b2767ea55c469f9099693287b35d43ee0f7a5baf3328d37b2c536f2abd6e21e472c105ae982cdd26a5a20562122e71efb1486c28d9409c3114b608f297695958c5604cf0918c0c70c56c79170260d73bde297e47cae1c404cca0a96eed51a2dc8f6f6ad862fe767ee5b5e68f231096825d935b809b3c1b5d9a2cd76cae22652bed7d263b42612ed717eba0aaf2a3989c4520c402d294285497a42736454ccb62fb3fdd073b91d4e2f6895fba9639ee78bd8ccb5bc3ce442fbeb9a1521314b82804293159fd7df4db66b78a06fe93e705bbc4e0d294a787c3cbf271b2acd15e7b4998c822f7724d3191e2265bd0d694dfb08063c9ff26a424884b46e26b5560d756c114ad1a7b92eee3f49dc2883b604ecc49c5ce92ce467778301326588a6577d44758e8d90710248d110dbf3d3d568779bd1c616369f84619dd089e38b51634f7c5d2ac9f1547a342877815a3864ad70b68b196bde9d810512f411d5235633ef65088788dfa3f152df7cee3a0803f6ac7ae192301dec07ff870ff3d7cf1c09cc9093263b225d01222376531007af9e6fb96e5ccaa8274f70adc786db7f33a20a752717b56b9a03bfce15a1aacd78c4adf8bdf41de8aaf421684c27526088c54322b5eea9175ef9c574c1f873218cc6f5df233892d7d5b0b0649ffc5a1c4909f2967a8c1f15b419ecde0448f071fa71e553f4f12cfa5e35022e75ddc5509edddc3de82d9097759b27f7c24776702e0ff64559281f796f11c1a9c77a156f390d2d18d1759b6be0347eb5bb4df912e9cfafa0db3be3243bacb378ca0946cece695a8099d6d7a24fc8bcca4c09695e3208f17f00bf404f6eb7852dfe73c163a19fd4e890e0edd5c7a727984b6f47a952373b95200bba061756c699c218b52c265b22bcd5cb24fdf056621fdd2126cede171e435320ca34e56e4c82a2afc9a59d3bf4647877658b6f23a6484f37acd8e2e184926993b5d1bbe6cdba64f486b4fb41bb94a644140540894f8fc14e585bc8beae88eabf926add289c82eb8cea99743baed842d76eb5c5573f7a7f3f2693960d6bfed697b5619afd942f41689dbd281a35e32478ba3a388dada82a2f4164481aa6a8f3946a84ea6186b20ce388c202be42996ae90feec7258d4a4a276353df84c96b160ac003d81cf395c0e61b0f0a9e692c32fab307f754cae5de7716a00cb96160cd39c931f4885d612862cecf6ba76502c9d266f97e4cf6cf0a16f787788e5471458a0dc24d3f2a28caa0f7ee00cf8bb113bd9c2b086037d765b5ec9a849df6f482fc01b48261e44299b0bc88321d837b6e2d221ebf2996b4140cd82e531de27f8de445f31c64469a5a145b031cd2569d19e27369c31ec63a989f0c9aaba7cc9d36d652001d40004f83a90d6465854f31bf15d1ef6bff4c02d60b948a37e3f50d250d7f85f545f507014aae5a35908283168c034f654acbb9d0fc261671d612e3d74261653e69e5e9cf7c8fda298b4d6c879cbbb97eafe648ba70150599089d65c1fdc0d5af879a2d46a443ac6dd21b33f72510742db4faf7eeb1580580ffe26e2d5ff00", 0xfffffffffffffec8}, 0x1006) 04:40:40 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x120) write$UHID_DESTROY(r0, &(0x7f00000003c0), 0x4) [ 274.817462] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 275.003409] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 275.010237] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 275.017243] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 275.024121] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 275.030901] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 275.037871] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 275.044759] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 04:40:41 executing program 1: 04:40:41 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x1, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200001c0], 0x0, &(0x7f0000000080), &(0x7f00000001c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {}]}, 0x108) [ 275.051903] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 275.058691] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 275.065570] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 275.072465] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 04:40:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000300)={{0x2, 0x0, @multicast2}, {0x306, @local}, 0x8, {0x2, 0x4e20}, 'ip_vti0\x00'}) 04:40:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000300)={{0x2, 0x0, @multicast2}, {0x0, @local}, 0x8, {}, 'ip_vti0\x00'}) tgkill(0x0, 0x0, 0x0) [ 275.316259] kernel msg: ebtables bug: please report to author: bad policy 04:40:41 executing program 1: add_key(&(0x7f0000000440)='pkcs7_test\x00', &(0x7f0000000480)={'syz'}, &(0x7f00000004c0), 0x0, 0xfffffffffffffffb) [ 275.381263] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 [ 275.426941] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.433842] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.440621] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.447572] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.454459] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.461238] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.468154] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.475025] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.481949] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.488724] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.495660] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 275.506316] ================================================================== [ 275.513749] BUG: KMSAN: uninit-value in __vmx_flush_tlb+0x755/0x790 [ 275.520185] CPU: 1 PID: 7909 Comm: syz-executor5 Not tainted 4.19.0-rc4+ #63 [ 275.527417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.536803] Call Trace: [ 275.539427] dump_stack+0x306/0x460 [ 275.543106] ? __vmx_flush_tlb+0x755/0x790 [ 275.547400] kmsan_report+0x1a3/0x2d0 [ 275.551257] __msan_warning+0x7c/0xe0 [ 275.555104] __vmx_flush_tlb+0x755/0x790 [ 275.559220] vmx_flush_tlb+0x94/0xb0 [ 275.562981] ? vmx_set_rflags+0x740/0x740 [ 275.567243] kvm_mmu_load+0x1656/0x3460 [ 275.571268] ? vmx_set_cr0+0x3510/0x3510 [ 275.575384] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 275.580594] ? task_kmsan_context_state+0x6b/0x120 [ 275.585564] ? __msan_get_context_state+0x9/0x30 [ 275.590352] ? INIT_INT+0xc/0x30 [ 275.594665] ? task_kmsan_context_state+0x6b/0x120 [ 275.600744] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 275.606245] ? kmsan_set_origin_inline+0x6b/0x120 [ 275.611690] ? __msan_poison_alloca+0x17a/0x210 [ 275.616751] ? put_pid+0x71/0x410 [ 275.620287] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 275.624655] ? put_pid+0x1a9/0x410 [ 275.628235] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 275.633629] ? get_task_pid+0x17b/0x270 [ 275.637666] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 275.641882] ? do_vfs_ioctl+0x18a/0x2810 [ 275.645982] ? __se_sys_ioctl+0x1da/0x270 [ 275.650170] ? kvm_vm_release+0x90/0x90 [ 275.654194] do_vfs_ioctl+0xcf3/0x2810 [ 275.658147] ? security_file_ioctl+0x92/0x200 [ 275.662693] __se_sys_ioctl+0x1da/0x270 [ 275.666730] __x64_sys_ioctl+0x4a/0x70 [ 275.670658] do_syscall_64+0xbe/0x100 [ 275.674498] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 275.679713] RIP: 0033:0x457579 [ 275.682955] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 275.701897] RSP: 002b:00007fbd329f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 275.709675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 275.716983] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 275.724436] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 275.732679] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd329f86d4 [ 275.739971] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 275.747312] [ 275.748956] Local variable description: ----error.i.i.i@__vmx_flush_tlb [ 275.755713] Variable was created at: [ 275.759472] __vmx_flush_tlb+0x103/0x790 [ 275.763557] vmx_flush_tlb+0x94/0xb0 [ 275.767279] ================================================================== [ 275.774644] Disabling lock debugging due to kernel taint [ 275.780107] Kernel panic - not syncing: panic_on_warn set ... [ 275.780107] [ 275.787508] CPU: 1 PID: 7909 Comm: syz-executor5 Tainted: G B 4.19.0-rc4+ #63 [ 275.790620] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz1 [ 275.796096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.796105] Call Trace: [ 275.796143] dump_stack+0x306/0x460 [ 275.796190] panic+0x54c/0xafa [ 275.796271] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 275.796302] kmsan_report+0x2cd/0x2d0 [ 275.796350] __msan_warning+0x7c/0xe0 [ 275.796385] __vmx_flush_tlb+0x755/0x790 [ 275.796440] vmx_flush_tlb+0x94/0xb0 [ 275.844888] ? vmx_set_rflags+0x740/0x740 [ 275.849086] kvm_mmu_load+0x1656/0x3460 [ 275.853101] ? vmx_set_cr0+0x3510/0x3510 [ 275.857213] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 275.862423] ? task_kmsan_context_state+0x6b/0x120 [ 275.867394] ? __msan_get_context_state+0x9/0x30 [ 275.872191] ? INIT_INT+0xc/0x30 04:40:41 executing program 3: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000180)={&(0x7f0000000440)=@ipv6_getroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0) [ 275.875604] ? task_kmsan_context_state+0x6b/0x120 [ 275.880574] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 275.886065] ? kmsan_set_origin_inline+0x6b/0x120 [ 275.890943] ? __msan_poison_alloca+0x17a/0x210 [ 275.895647] ? put_pid+0x71/0x410 [ 275.899122] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 275.903474] ? put_pid+0x1a9/0x410 [ 275.907070] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 275.912481] ? get_task_pid+0x17b/0x270 [ 275.916526] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 275.920734] ? do_vfs_ioctl+0x18a/0x2810 [ 275.924824] ? __se_sys_ioctl+0x1da/0x270 04:40:42 executing program 4: 04:40:42 executing program 0: [ 275.929005] ? kvm_vm_release+0x90/0x90 [ 275.933009] do_vfs_ioctl+0xcf3/0x2810 [ 275.936950] ? security_file_ioctl+0x92/0x200 [ 275.941480] __se_sys_ioctl+0x1da/0x270 [ 275.945509] __x64_sys_ioctl+0x4a/0x70 [ 275.949437] do_syscall_64+0xbe/0x100 [ 275.953274] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 275.958496] RIP: 0033:0x457579 [ 275.961724] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 275.980652] RSP: 002b:00007fbd329f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 275.988419] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 275.995711] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 276.003002] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 276.010309] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd329f86d4 [ 276.017596] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 276.025877] Kernel Offset: disabled [ 276.029540] Rebooting in 86400 seconds..