[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 58.192758] sshd (6054) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 58.403795] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.103368] random: sshd: uninitialized urandom read (32 bytes read) [ 61.547619] random: sshd: uninitialized urandom read (32 bytes read) [ 63.972513] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts. [ 69.742415] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 06:43:09 fuzzer started [ 74.500083] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 06:43:14 dialing manager at 10.128.0.26:36867 2018/10/08 06:43:14 syscalls: 1 2018/10/08 06:43:14 code coverage: enabled 2018/10/08 06:43:14 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 06:43:14 setuid sandbox: enabled 2018/10/08 06:43:14 namespace sandbox: enabled 2018/10/08 06:43:14 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 06:43:14 fault injection: enabled 2018/10/08 06:43:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 06:43:14 net packed injection: enabled 2018/10/08 06:43:14 net device setup: enabled [ 79.607034] random: crng init done 06:45:16 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0xbd, 0x4, 0x400000000078}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) [ 199.493493] IPVS: ftp: loaded support on port[0] = 21 [ 202.006082] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.012760] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.022012] device bridge_slave_0 entered promiscuous mode [ 202.169867] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.176563] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.185246] device bridge_slave_1 entered promiscuous mode [ 202.339167] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 202.480864] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 06:45:20 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000140)=@md0='/dev/md0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='gfs2meta\x00', 0x0, &(0x7f0000000100)) [ 203.047767] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 203.252120] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.451015] IPVS: ftp: loaded support on port[0] = 21 [ 203.465227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.472394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.736054] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 203.743198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.458373] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.466564] team0: Port device team_slave_0 added [ 204.726045] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.734388] team0: Port device team_slave_1 added [ 204.934192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.941361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.950478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.123230] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 205.130331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.139561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.393049] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 205.400668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.410043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.628772] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 205.636658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.645957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 206.894039] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.900542] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.909781] device bridge_slave_0 entered promiscuous mode [ 207.115002] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.121517] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.130131] device bridge_slave_1 entered promiscuous mode [ 207.327420] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 207.573940] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 208.144027] bond0: Enslaving bond_slave_0 as an active interface with an up link 06:45:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="cf"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000240)={0x20001, 0x0, [0x0, 0x100000000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7]}) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f0000000000)="0f01c8f20f35ba2000b000ee0f2336360fc76df20f2054440f20c0663504000000440f22c064f3e10a660f3a63a63c6700baf80c66b8bd08428766efbafc0cb066ee", 0x42}], 0x1, 0x0, &(0x7f0000000400), 0x100000000000000c) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 208.385738] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.706058] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 208.713196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.759313] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.765895] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.772985] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.779448] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.789175] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 209.045399] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.052737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.291021] IPVS: ftp: loaded support on port[0] = 21 [ 209.514796] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.896163] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.904430] team0: Port device team_slave_0 added [ 210.227895] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.236007] team0: Port device team_slave_1 added [ 210.509986] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.519537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.528546] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.817689] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.825204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.835116] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.178626] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.186232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.195336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.491483] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.499456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.509146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.233911] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.240554] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.249107] device bridge_slave_0 entered promiscuous mode [ 214.593980] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.600456] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.609056] device bridge_slave_1 entered promiscuous mode [ 214.684754] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.691235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.698260] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.704773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.713483] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 214.742099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 215.006853] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.292078] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.182370] bond0: Enslaving bond_slave_0 as an active interface with an up link 06:45:34 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0xed, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x4cd2f0b6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}, 0x0, 0x7fffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x80000, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000480)="2f67726f75702e7374619fd474002b044a7b09ab0b0274e10985a6fa15b35ba69421f204dec5668a06000000b90ff860e01f262bafac750a6d5ce259cb61ea0cd94458583eef2fc597ea93a7dec9b4168e468be0576d1d0ebf8bc4478f8ed85b547c6924880400000000000000901e428b98add1375f51e135848fea98c6e3574511e0c61ff22ff61f", 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffd9f, &(0x7f0000000100), 0x0, &(0x7f0000001580), 0xfcdb}, 0x0) socket$vsock_dgram(0x28, 0x2, 0x0) r2 = gettid() waitid(0x0, r2, 0x0, 0x8000000a, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000000)=0x803) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000240)={0x0, 0x0, 0x3}) [ 216.431154] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.707100] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 216.720323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.085766] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 217.092923] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 217.689878] IPVS: ftp: loaded support on port[0] = 21 [ 218.213653] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.222052] team0: Port device team_slave_0 added [ 218.529886] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.538167] team0: Port device team_slave_1 added [ 218.933991] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.941120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.950280] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.272293] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.280572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.291135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.627468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.635212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.644341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.049799] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 220.057659] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.066864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.214047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.674101] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 223.794667] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.801179] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.809972] device bridge_slave_0 entered promiscuous mode [ 223.982724] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.989244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.996327] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.002859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.011476] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 224.169766] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.176322] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.184943] device bridge_slave_1 entered promiscuous mode [ 224.595075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 224.822349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.972334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 225.059535] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 225.066926] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.075028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.888728] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 226.218956] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 226.571219] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.589721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 226.596871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 226.942196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 226.949254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 06:45:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) [ 228.290536] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 228.300710] team0: Port device team_slave_0 added [ 228.746605] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 228.767417] team0: Port device team_slave_1 added [ 228.789879] IPVS: ftp: loaded support on port[0] = 21 [ 229.116191] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 229.123392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.132403] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.514304] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 229.521363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.530541] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.000377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 230.008668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.017928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.168145] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.488546] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 230.496457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.505838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.746519] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 233.478396] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 233.484898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 233.492991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 235.318509] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.758539] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.765602] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.774441] device bridge_slave_0 entered promiscuous mode [ 236.028440] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.035024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.042137] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.048683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.057486] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 236.182869] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.189324] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.197883] device bridge_slave_1 entered promiscuous mode [ 236.592836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.678032] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 237.128787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 06:45:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="cf"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000240)={0x20001, 0x0, [0x4, 0x100000000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7]}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f0000000000)="0f01c8f20f35ba2000b000ee0f2336360fc76df20f2054440f20c0663504000000440f22c064f3e10a660f3a63a63c6700baf80c66b8bd08428766efbafc0cb066ee", 0x42}], 0x1, 0x0, &(0x7f0000000400), 0x100000000000000c) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 237.512806] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 237.741505] ================================================================== [ 237.748952] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 237.764866] CPU: 1 PID: 6942 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63 [ 237.773848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 237.783704] Call Trace: [ 237.786332] dump_stack+0x306/0x460 [ 237.790006] ? _raw_spin_lock_irqsave+0x227/0x340 [ 237.795384] ? vmx_create_vcpu+0x10df/0x7920 [ 237.799866] kmsan_report+0x1a3/0x2d0 [ 237.803714] __msan_warning+0x7c/0xe0 [ 237.807571] vmx_create_vcpu+0x10df/0x7920 [ 237.811850] ? kmsan_set_origin_inline+0x6b/0x120 [ 237.816759] ? __msan_poison_alloca+0x17a/0x210 [ 237.821501] ? vmx_vm_init+0x340/0x340 [ 237.825463] kvm_arch_vcpu_create+0x25d/0x2f0 [ 237.830010] kvm_vm_ioctl+0x13fd/0x33d0 [ 237.834036] ? __msan_poison_alloca+0x17a/0x210 [ 237.838750] ? do_vfs_ioctl+0x18a/0x2810 [ 237.842849] ? __se_sys_ioctl+0x1da/0x270 [ 237.847035] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 237.851917] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 237.856804] do_vfs_ioctl+0xcf3/0x2810 [ 237.860741] ? security_file_ioctl+0x92/0x200 [ 237.865285] __se_sys_ioctl+0x1da/0x270 [ 237.869309] __x64_sys_ioctl+0x4a/0x70 [ 237.873234] do_syscall_64+0xbe/0x100 [ 237.877080] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 237.882823] RIP: 0033:0x457579 [ 237.886063] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 237.904990] RSP: 002b:00007f651376ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 237.912742] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 237.927587] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 237.938148] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 237.945441] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f651376f6d4 [ 237.952740] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 237.960569] [ 237.962220] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 237.969161] Variable was created at: [ 237.972909] vmx_create_vcpu+0xd5/0x7920 [ 237.977000] kvm_arch_vcpu_create+0x25d/0x2f0 [ 237.981509] ================================================================== [ 237.988883] Disabling lock debugging due to kernel taint [ 237.994377] Kernel panic - not syncing: panic_on_warn set ... [ 237.994377] [ 238.001779] CPU: 1 PID: 6942 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #63 [ 238.010386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.019757] Call Trace: [ 238.022410] dump_stack+0x306/0x460 [ 238.026098] panic+0x54c/0xafa [ 238.029380] kmsan_report+0x2cd/0x2d0 [ 238.033226] __msan_warning+0x7c/0xe0 [ 238.037071] vmx_create_vcpu+0x10df/0x7920 [ 238.041342] ? kmsan_set_origin_inline+0x6b/0x120 [ 238.046225] ? __msan_poison_alloca+0x17a/0x210 [ 238.050964] ? vmx_vm_init+0x340/0x340 [ 238.054894] kvm_arch_vcpu_create+0x25d/0x2f0 [ 238.059433] kvm_vm_ioctl+0x13fd/0x33d0 [ 238.063455] ? __msan_poison_alloca+0x17a/0x210 [ 238.068164] ? do_vfs_ioctl+0x18a/0x2810 [ 238.072256] ? __se_sys_ioctl+0x1da/0x270 [ 238.076440] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 238.081319] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 238.086675] do_vfs_ioctl+0xcf3/0x2810 [ 238.100007] ? security_file_ioctl+0x92/0x200 [ 238.104550] __se_sys_ioctl+0x1da/0x270 [ 238.108616] __x64_sys_ioctl+0x4a/0x70 [ 238.112531] do_syscall_64+0xbe/0x100 [ 238.116376] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 238.121613] RIP: 0033:0x457579 [ 238.125338] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 238.144273] RSP: 002b:00007f651376ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 238.152563] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 238.159904] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 238.167190] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 238.174497] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f651376f6d4 [ 238.181804] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 238.190095] Kernel Offset: disabled [ 238.193761] Rebooting in 86400 seconds..