[....] Starting OpenBSD Secure Shell server: sshd[ 50.979868] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 51.309001] audit: type=1800 audit(1538989576.351:29): pid=5842 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 51.328793] audit: type=1800 audit(1538989576.361:30): pid=5842 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 54.906150] random: sshd: uninitialized urandom read (32 bytes read) [ 55.394329] random: sshd: uninitialized urandom read (32 bytes read) [ 57.371346] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. [ 63.243098] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 09:06:30 fuzzer started [ 67.318955] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 09:06:34 dialing manager at 10.128.0.26:36867 2018/10/08 09:06:34 syscalls: 1 2018/10/08 09:06:34 code coverage: enabled 2018/10/08 09:06:34 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 09:06:34 setuid sandbox: enabled 2018/10/08 09:06:34 namespace sandbox: enabled 2018/10/08 09:06:34 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 09:06:34 fault injection: enabled 2018/10/08 09:06:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 09:06:34 net packed injection: enabled 2018/10/08 09:06:34 net device setup: enabled [ 71.485349] random: crng init done 09:08:17 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="020600000a000000000000ec00000800080081000000e64dd73b1594cb849aec8e0005001c00004d7b005fffffa60300000000000000000040000020000000001dfa9e"], 0x43}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x33ab0eaa68c8dfc, 0x0) [ 173.327964] IPVS: ftp: loaded support on port[0] = 21 [ 175.393944] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.400414] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.408767] device bridge_slave_0 entered promiscuous mode [ 175.533518] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.539997] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.548322] device bridge_slave_1 entered promiscuous mode [ 175.671175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 175.797409] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 176.173755] bond0: Enslaving bond_slave_0 as an active interface with an up link 09:08:21 executing program 1: r0 = socket$inet6(0xa, 0x21000000000002, 0x0) ioctl(r0, 0x800008912, &(0x7f0000000040)="153f6234488dd25d766070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0x4148, &(0x7f0000001f64)) [ 176.325548] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 176.927149] IPVS: ftp: loaded support on port[0] = 21 [ 177.300331] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 177.308296] team0: Port device team_slave_0 added [ 177.505604] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 177.513732] team0: Port device team_slave_1 added [ 177.736242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.964508] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 177.971575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.980419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 178.130895] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 178.138713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 178.147614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 178.400052] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 178.407739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 178.416854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.897013] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.903579] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.911809] device bridge_slave_0 entered promiscuous mode [ 180.158103] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.164637] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.172814] device bridge_slave_1 entered promiscuous mode [ 180.385105] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.626975] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.824127] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.830598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.837579] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.844177] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.852686] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 181.035051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 09:08:26 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x200000001, 0xa, 0x2000000000000009, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000000), &(0x7f0000000080)}, 0x20) [ 181.337877] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.596769] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.884136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.897115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.965289] IPVS: ftp: loaded support on port[0] = 21 [ 182.154817] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 182.161888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.950987] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.959038] team0: Port device team_slave_0 added [ 183.170146] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 183.178098] team0: Port device team_slave_1 added [ 183.387275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.394488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.403239] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.595641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.602690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.611488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.742367] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.750299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.759060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.014621] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.022129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.030965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.332636] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.339229] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.347597] device bridge_slave_0 entered promiscuous mode [ 186.540775] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.547541] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.555861] device bridge_slave_1 entered promiscuous mode [ 186.861444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.910235] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.916778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.923709] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.930142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.938473] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.184400] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 187.223442] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.938943] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.216092] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:08:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000000)="153f5734488dd25d766070") r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000140)="b805000000b9008000000f01c1f080a4b000600000000fc3180f09c744240000000000c744240200080000c7442406000000000f0114240f08f3a5650f050f20da0f01cf", 0x44}], 0x1, 0x0, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000020000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000000)="f2a766ba610066ed48b813c4830f000000000f23d00f21f835300000000f23f866ba2000edc441175d392e67450f01cb0fc72cbe67400f001066ba4100b0a8ee36420f015900", 0x46}], 0x1, 0x0, &(0x7f0000000100), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 188.475938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.483674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.812384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.819768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.299961] IPVS: ftp: loaded support on port[0] = 21 [ 189.791368] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.799647] team0: Port device team_slave_0 added [ 190.059019] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.067099] team0: Port device team_slave_1 added [ 190.406724] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 190.414052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.422698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.670071] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.677322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.686096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.998412] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.006047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.014828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.352111] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.359991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.368767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.384959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.690431] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 194.287505] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.294093] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.302196] device bridge_slave_0 entered promiscuous mode [ 194.628080] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.634627] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.642739] device bridge_slave_1 entered promiscuous mode [ 194.795749] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.802156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.810212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.008098] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 195.202485] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.209034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.216009] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.222432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.231169] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 195.305381] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 195.753949] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.052451] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.285347] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 196.660848] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 197.017104] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 197.024330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 197.346434] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 197.353573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:08:43 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_INFO(0xffffffffffffffff, 0x80386433, &(0x7f00000004c0)=""/215) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)) [ 198.275218] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 198.283156] team0: Port device team_slave_0 added [ 198.645979] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 198.654462] team0: Port device team_slave_1 added [ 199.022828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 199.029985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.038826] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.094977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.158519] IPVS: ftp: loaded support on port[0] = 21 [ 199.399038] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 199.406312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 199.415093] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.673212] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 199.680713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.689595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.092596] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 200.100288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.109134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.480142] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.848103] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.854632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.862481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.237285] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.256118] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.262635] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.269591] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.276096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.339003] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 204.424065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 09:08:49 executing program 0: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000140)=@l2={0x1f, 0x0, {0x6}}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="08010000000000001d010000ffffff7f966eb51fd2ff7cb03ced7ed59e2992a6da2b53ef2cb987c30e2c9fb8e3b2ff8704536abc1a2ce5d94f33b074c1480a60ef8d962ff04b228cb5c510bd562c38b918b7dd79c9129ee7c588bbffc8523cd0828f97f3f5a603b2753ad49e26f42fc4b44f3a84760ba6c9bac3d8e0392c6f78dc1bf5d4bb25ea000e75f7db9b06b23e42d97a01762303234e0fdc55204fef7c656b37c899d305b8716dc01e24575d4dbd8d4b7c736ebf6807b06c482404a55a99004c46a8b35d34317774df9d0193e3042bedc1965654ad9554da1f2d713c18aac9384529ebad36cf4489bdc634e2e0a10e591227605d2824ba82ad3784ac6c127929aa3ea20000b0000000000000000000000009000000306fff076cac41f710c28fc3d2e699828eafab9ad086671338430ef41e3635fab3502a1c0d64707d43bd41380488fe02c044ac7dda0641ad126218bcf9500ccfba5885e914dce1f0beb6a51bf78fac77175b87b98b4254e652b8e857afc73c339a58117f8644331c0309a4f850adc7aa5295cf5b0d2c7d11533066d4fb5b4adefe2906f45528bebfc9acc0163cfee2ac00cb92495516fe73ee21350000000000a8000000000000001f01000081000000951c1325c43ce7355c0ca0b349484f6ff00d96458889b85c70cc7680ea28e44ced7705d9a8d66d1ae1ace1adca3c449e1e4ffa0909bdffcb7d7302b65fb7cf2af01aa50f1d55b8e653510da80e32c91225aed2ad4cf6315b5373257f3f17c9399823fa29ce5a67872b467a9c4d5fb1313ec3ba1f17651761e63341887f3dae499cac51a2ceb582249ff6002b5415a7443379420139dd513ab8000000000000000a01000080000000a7b177a4f41c3b3a3368844332d0472d90d08cb1a30e8610a78b8bbe04224037bef5d859e20dc5ac01ac3fccf62b2fa95ddc02ac4eafa5008c763a11566086e1db954465aace8cbf35e5a14b4a748ebd7e6c69369bc5b8a80c1368b4e53877dc34a9b0619805289472ad3142910dcff1b14bb96baceaac46242a55ee1829b4e5777fb4f831398bc14b3c0f13e45b626fe075ae89ac5dba26e223ed3f68ed2d2b502958ac7c30e8aa"], 0x318}, 0x0) [ 205.212439] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.219034] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.227882] device bridge_slave_0 entered promiscuous mode 09:08:50 executing program 0: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil) r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1000, 0x101000) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000040)=""/223) mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000) [ 205.673800] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.680426] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.688862] device bridge_slave_1 entered promiscuous mode 09:08:50 executing program 0: mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil) r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1000, 0x101000) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000040)=""/223) mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000) [ 206.074234] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 09:08:51 executing program 0: r0 = timerfd_create(0x0, 0x800) timerfd_settime(r0, 0x4000000003, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000000000)) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000080)=""/46, 0x2e}], 0x1) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) [ 206.448772] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 09:08:51 executing program 0: r0 = timerfd_create(0x0, 0x800) timerfd_settime(r0, 0x4000000003, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000000000)) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000080)=""/46, 0x2e}], 0x1) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) 09:08:52 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x0) r1 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x2, 0x41) fanotify_mark(r0, 0x10, 0x1, r1, &(0x7f0000000100)='./file0\x00') getuid() rseq(&(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xa30000, 0xa30000}}, 0x20, 0x0, 0x0) 09:08:52 executing program 0: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x800000000044031, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000200)={0x2, 'veth0_to_bond\x00', 0x1}, 0x18) io_getevents(0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f0000000140)={0x0, 0x989680}) r1 = memfd_create(&(0x7f0000000100)='md5sumuserem1', 0x3) write$P9_RLOPEN(r1, &(0x7f0000000180)={0x18, 0xd, 0x1, {{0x5b, 0x3, 0x1}, 0x100000000}}, 0x18) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0xb82113ad494672fb, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000040)={0x0, 0xfff, 0x101, 0xa}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000001c0)={0x5, 0x4, 0x4, 0xfffffffffffffffc, r3}, 0x164) [ 207.644121] bond0: Enslaving bond_slave_0 as an active interface with an up link 09:08:52 executing program 0: unshare(0x2000400) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$netlink(r0, 0x10e, 0x7, &(0x7f0000000000)=""/50, &(0x7f0000000080)=0x7) [ 208.035570] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.404292] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 208.411344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.704492] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 208.711553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.495328] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.503405] team0: Port device team_slave_0 added [ 209.618916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.771798] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.779942] team0: Port device team_slave_1 added [ 210.049496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.056711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.065339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.234642] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.241681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.250303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.511371] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.518997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.527776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.588232] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 210.763470] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.771042] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.779858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 09:08:56 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000001340)=ANY=[], &(0x7f0000000340)=""/4096, 0x0, 0x1000, 0x1}, 0x20) [ 211.424402] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 211.430779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.438601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.175285] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.204620] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.211100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.218289] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.224806] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.232867] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.239616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 215.146784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.900547] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 216.557780] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 216.564316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.571998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 09:09:01 executing program 2: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000002000)=@ethernet, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f000000ffd8)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000000)={&(0x7f0000007ff0)={0x1d, r1}, 0x10, &(0x7f0000002ff0)={&(0x7f000000afb8)=ANY=[@ANYBLOB="000000000100000000000000000000008e15adecfc04aba1"], 0x1}}, 0x0) [ 217.149994] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.768381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.070786] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 220.100632] ================================================================== [ 220.108052] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 220.114653] CPU: 1 PID: 7268 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63 [ 220.121842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.131206] Call Trace: [ 220.133813] dump_stack+0x306/0x460 [ 220.137457] ? _raw_spin_lock_irqsave+0x227/0x340 [ 220.142317] ? vmx_create_vcpu+0x10df/0x7920 [ 220.146746] kmsan_report+0x1a3/0x2d0 [ 220.150569] __msan_warning+0x7c/0xe0 [ 220.154388] vmx_create_vcpu+0x10df/0x7920 [ 220.158636] ? kmsan_set_origin_inline+0x6b/0x120 [ 220.163489] ? __msan_poison_alloca+0x17a/0x210 [ 220.168180] ? vmx_vm_init+0x340/0x340 [ 220.172087] kvm_arch_vcpu_create+0x25d/0x2f0 [ 220.176592] kvm_vm_ioctl+0x13fd/0x33d0 [ 220.180587] ? __msan_poison_alloca+0x17a/0x210 [ 220.185278] ? do_vfs_ioctl+0x18a/0x2810 [ 220.189345] ? __se_sys_ioctl+0x1da/0x270 [ 220.193508] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.198360] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.203218] do_vfs_ioctl+0xcf3/0x2810 [ 220.207137] ? security_file_ioctl+0x92/0x200 [ 220.211656] __se_sys_ioctl+0x1da/0x270 [ 220.215655] __x64_sys_ioctl+0x4a/0x70 [ 220.219559] do_syscall_64+0xbe/0x100 [ 220.223383] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 220.228592] RIP: 0033:0x457579 [ 220.231797] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.232315] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 220.250702] RSP: 002b:00007f444ca78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.250720] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 220.250730] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 220.250739] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 220.250749] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f444ca796d4 [ 220.250759] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 220.250779] [ 220.250787] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 220.250792] Variable was created at: [ 220.250814] vmx_create_vcpu+0xd5/0x7920 [ 220.250836] kvm_arch_vcpu_create+0x25d/0x2f0 [ 220.250841] ================================================================== [ 220.250848] Disabling lock debugging due to kernel taint [ 220.250859] Kernel panic - not syncing: panic_on_warn set ... [ 220.250859] [ 220.250880] CPU: 1 PID: 7268 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #63 [ 220.250899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.250905] Call Trace: [ 220.250928] dump_stack+0x306/0x460 [ 220.250962] panic+0x54c/0xafa [ 220.369377] kmsan_report+0x2cd/0x2d0 [ 220.373211] __msan_warning+0x7c/0xe0 [ 220.377032] vmx_create_vcpu+0x10df/0x7920 [ 220.381282] ? kmsan_set_origin_inline+0x6b/0x120 [ 220.386139] ? __msan_poison_alloca+0x17a/0x210 [ 220.390824] ? vmx_vm_init+0x340/0x340 [ 220.394726] kvm_arch_vcpu_create+0x25d/0x2f0 [ 220.399235] kvm_vm_ioctl+0x13fd/0x33d0 [ 220.403228] ? __msan_poison_alloca+0x17a/0x210 [ 220.407914] ? do_vfs_ioctl+0x18a/0x2810 [ 220.411980] ? __se_sys_ioctl+0x1da/0x270 [ 220.416141] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.420989] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.425843] do_vfs_ioctl+0xcf3/0x2810 [ 220.429750] ? security_file_ioctl+0x92/0x200 [ 220.434262] __se_sys_ioctl+0x1da/0x270 [ 220.438252] __x64_sys_ioctl+0x4a/0x70 [ 220.442151] do_syscall_64+0xbe/0x100 [ 220.445974] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 220.451175] RIP: 0033:0x457579 [ 220.454392] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.473311] RSP: 002b:00007f444ca78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.481023] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 220.488298] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 220.495574] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 220.502849] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f444ca796d4 [ 220.510122] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 220.518543] Kernel Offset: disabled [ 220.522169] Rebooting in 86400 seconds..