[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 59.247674] sshd (6230) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 59.435127] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 63.535822] random: sshd: uninitialized urandom read (32 bytes read) [ 64.043518] random: sshd: uninitialized urandom read (32 bytes read) [ 66.681134] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. [ 72.555728] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 04:12:58 fuzzer started [ 77.174473] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 04:13:03 dialing manager at 10.128.0.26:44001 2018/10/10 04:13:03 syscalls: 1 2018/10/10 04:13:03 code coverage: enabled 2018/10/10 04:13:03 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 04:13:03 setuid sandbox: enabled 2018/10/10 04:13:03 namespace sandbox: enabled 2018/10/10 04:13:03 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 04:13:03 fault injection: enabled 2018/10/10 04:13:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 04:13:03 net packed injection: enabled 2018/10/10 04:13:03 net device setup: enabled [ 81.702902] random: crng init done 04:14:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2}) r3 = eventfd(0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000340)={r3}) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r2}) [ 190.131354] IPVS: ftp: loaded support on port[0] = 21 [ 192.268686] ip (6356) used greatest stack depth: 53056 bytes left [ 192.571369] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.578051] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.586722] device bridge_slave_0 entered promiscuous mode [ 192.728763] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.735399] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.744014] device bridge_slave_1 entered promiscuous mode [ 192.885220] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 193.026631] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:14:57 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000440)) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x1d0, [0x20000080, 0x0, 0x0, 0x200000b0, 0x20000220], 0x0, &(0x7f0000000000), &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x3, 0x0, 0x0, 'rose0\x00', 'ip_vti0\x00', 'ipddp0\x00', 'teql0\x00', @dev, [], @remote, [], 0x108, 0x108, 0x140, [@limit={'limit\x00', 0x20, {{0x0, 0xde}}}, @nfacct={'nfacct\x00', 0x28, {{'syz1\x00'}}}]}}, @common=@mark={'mark\x00', 0x10}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x248) [ 193.565291] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.765034] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 194.099238] IPVS: ftp: loaded support on port[0] = 21 [ 194.178758] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 194.185963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.937684] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 194.945794] team0: Port device team_slave_0 added [ 195.209714] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 195.217857] team0: Port device team_slave_1 added [ 195.433883] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 195.440934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.450033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.666532] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 195.673730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.682666] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.914615] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 195.922373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.931374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.145844] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 196.153641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.162896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 197.667891] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.674658] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.683229] device bridge_slave_0 entered promiscuous mode [ 197.994625] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.001107] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.009719] device bridge_slave_1 entered promiscuous mode [ 198.243087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 198.441079] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 198.707655] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.714238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.721187] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.727802] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.736834] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 04:15:03 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r1, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x93) [ 199.023220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 199.249851] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.597600] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.887963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 199.895201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.053650] IPVS: ftp: loaded support on port[0] = 21 [ 200.182927] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 200.190006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.021010] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 201.029454] team0: Port device team_slave_0 added [ 201.217396] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 201.225572] team0: Port device team_slave_1 added [ 201.487621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 201.494887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.504012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.846555] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 201.854469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.863545] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.153867] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 202.161493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.170853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.487393] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 202.495069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.504028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.910265] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.916912] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.925542] device bridge_slave_0 entered promiscuous mode [ 205.266766] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.273347] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.281920] device bridge_slave_1 entered promiscuous mode [ 205.565274] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.572099] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.579061] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.585725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.594435] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.625374] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 205.904762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 206.573187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.809783] bond0: Enslaving bond_slave_0 as an active interface with an up link 04:15:10 executing program 3: r0 = socket$inet(0x2, 0x3, 0x2f) sendto$inet(r0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000040), 0x10) [ 207.158955] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.535462] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 207.542619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.855734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.862934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.938530] IPVS: ftp: loaded support on port[0] = 21 [ 208.969457] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.977831] team0: Port device team_slave_0 added [ 209.329380] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.337597] team0: Port device team_slave_1 added [ 209.728728] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 209.737129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.746031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.081866] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.088963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.097968] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.406791] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.414968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.424182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.767565] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.775298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.784503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.574381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.003091] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 213.971227] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.977916] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.986506] device bridge_slave_0 entered promiscuous mode [ 214.311756] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.318236] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.326733] device bridge_slave_1 entered promiscuous mode [ 214.385185] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 214.391534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.399747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.763715] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 214.841303] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.847861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.854870] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.861323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.870317] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 215.216507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 215.272623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 215.896602] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.368405] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.791639] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:15:21 executing program 4: pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write$nbd(r1, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x1) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r3, 0x0) sendto$inet6(r2, &(0x7f00004e8000), 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e22}, 0x1c) close(r3) splice(r0, 0x0, r1, 0x0, 0x3, 0x0) [ 217.232137] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 217.239214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.683782] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 217.690875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.178212] ip (6883) used greatest stack depth: 53040 bytes left [ 218.208665] IPVS: ftp: loaded support on port[0] = 21 [ 219.080979] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.089258] team0: Port device team_slave_0 added [ 219.459022] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.467245] team0: Port device team_slave_1 added [ 219.919083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 219.926828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.935944] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.329018] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 220.336264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.345343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.791479] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.799289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.808523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.217261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.308457] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 221.316330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.325494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.888118] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 224.612976] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 224.619325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.627266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.235534] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 225.504945] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.511401] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.552441] irq bypass consumer (token 00000000097cd47d) registration fails: -16 [ 225.561077] device bridge_slave_0 entered promiscuous mode [ 225.896499] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.903196] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.911767] device bridge_slave_1 entered promiscuous mode 04:15:30 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) ioctl(r0, 0x8912, &(0x7f0000000200)="0a5cc80700315f") syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00') setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e20}], 0x10) vmsplice(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x8) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000001000)=ANY=[@ANYBLOB="7a0af8ff75257009bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r1, 0x2800000003000000, 0xe, 0x55, &(0x7f0000000200)="a06ad876d56a0e64d082778c3938", &(0x7f0000000380)=""/85, 0xb4b}, 0x28) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000300), 0xffffff3e) [ 226.275613] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.282189] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.289117] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.295710] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.304166] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 226.344406] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.350972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 226.360641] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 226.739497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:15:30 executing program 0: r0 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) mknodat(r0, &(0x7f0000000040)='./bus\x00', 0xe000, 0x10001) ftruncate(r0, 0x8200) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) lseek(r0, 0x0, 0x2) sendfile(r0, r1, &(0x7f0000d83ff8), 0x3ff) lseek(r1, 0x0, 0x4) 04:15:31 executing program 0: socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_ima(r0, &(0x7f00000000c0)='security.ima\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="040d1533748f60159edc47f7f8caeb21f716ba"], 0x13, 0x3) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000580)='cpuacct.usage\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000040), 0x12) 04:15:31 executing program 0: r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x4, 0x0) ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f0000000040)=""/4096) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000001040)={0x2000000000000000, 0x0, 0x1, 0x8, 0x9, 0x8, 0x4, 0x9, 0x0, 0x0, 0x2}, 0xb) r1 = socket$inet(0x2, 0x3, 0x100000001) chroot(&(0x7f0000001080)='./file0\x00') sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff5c, 0x0, &(0x7f0000e68000)={0x2, 0x0, @dev}, 0x10) [ 228.004389] bond0: Enslaving bond_slave_0 as an active interface with an up link 04:15:32 executing program 0: mq_timedreceive(0xffffffffffffffff, &(0x7f0000000200)=""/133, 0x85, 0x3, 0xfffffffffffffffd) r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x100, 0x10000) syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x801) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) 04:15:32 executing program 5: socketpair(0x0, 0x80000, 0xf2b5, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCCBRK(r1, 0x5428) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000040)={0x52, 0xfffffffffffffffa, 0x400, "dd0c91089fd06af6e6dac55bc9c7cdb8111a6680ce6b2a9940a4a6882ef6882d3fba2b468f39296a3f2cac4f391e2949691c1f1f1019675c01816bd8ecf68e7e83bb12f5f201abd56bd25f3d6cb640e42ab2"}) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, &(0x7f00000000c0)=""/110, &(0x7f0000000140)=0x6e) r2 = syz_open_dev$sndtimer(&(0x7f0000000180)='/dev/snd/timer\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000001c0)=0x7a5, 0x4) io_setup(0x7, &(0x7f0000000200)=0x0) io_pgetevents(r3, 0x100, 0x7, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000340), &(0x7f00000003c0)={&(0x7f0000000380)={0x80000000}, 0x8}) ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f0000000400)=0x1) lgetxattr(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)=@random={'trusted.', '/dev/snd/timer\x00'}, &(0x7f00000004c0)=""/216, 0xd8) ioctl$TCGETS(r1, 0x5401, &(0x7f00000005c0)) r4 = socket$inet6(0xa, 0x6, 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000640)={{{@in=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@rand_addr}}, &(0x7f0000000740)=0xe8) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000780)={@remote, @empty, @mcast2, 0x7, 0x7, 0x9, 0x0, 0x5, 0x40000000, r5}) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000800)='/dev/vga_arbiter\x00', 0x40000, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r4, 0x84, 0x7, &(0x7f0000000840), 0x4) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000880)={0x0, 0x4, 0x6, 'queue0\x00', 0x3}) splice(r1, &(0x7f0000000940), r6, &(0x7f0000000980)=0x3a, 0x6, 0x9) write$UHID_INPUT2(r0, 0xfffffffffffffffd, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f00000009c0), &(0x7f0000000a00)=0x4) ioctl$TIOCLINUX2(r6, 0x541c, &(0x7f0000000a40)={0x2, 0x0, 0x9, 0x1, 0x7, 0xc77}) connect$netlink(r1, &(0x7f0000000a80)=@kern={0x10, 0x0, 0x0, 0x1000000}, 0xc) syz_open_dev$sndtimer(&(0x7f0000000ac0)='/dev/snd/timer\x00', 0x0, 0x101000) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000b00)=0x2000, 0x4) clock_gettime(0x0, &(0x7f0000000b40)={0x0, 0x0}) clock_settime(0x7, &(0x7f0000000b80)={r7, r8+30000000}) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x40106614, &(0x7f0000000bc0)) r9 = semget(0x1, 0x3, 0x0) semctl$GETALL(r9, 0x0, 0xd, &(0x7f0000000c00)=""/203) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000d00)={0x10001, 0xaa8b, 0x9, {0x77359400}, 0x554f, 0x8000}) [ 228.523709] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:15:32 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f000000affc)) openat$audio(0xffffffffffffff9c, &(0x7f00006a3000)='/dev/audio\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f00006a6fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x40400) ppoll(&(0x7f0000000100)=[{}], 0x1, &(0x7f0000000180), &(0x7f00000001c0), 0x8) read$eventfd(r1, &(0x7f00000002c0), 0x3f) [ 228.958224] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 228.965683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 04:15:33 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x1ff, 0x0) dup3(r0, r1, 0x0) [ 229.343930] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 229.351001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.726895] IPVS: ftp: loaded support on port[0] = 21 [ 230.518675] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 230.526860] team0: Port device team_slave_0 added [ 230.917673] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 230.925943] team0: Port device team_slave_1 added [ 231.309542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 231.316745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.325532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.699712] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 231.706989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.715882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.923498] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.068495] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.076217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.085149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.512365] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.519887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.529157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.273134] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 234.541027] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.547715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.555498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 235.361018] xt_nfacct: accounting object `syz1' does not exists 04:15:39 executing program 1: socket$nl_route(0x10, 0x3, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) prctl$intptr(0x1a, 0x2) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 235.537919] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.544565] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.553208] device bridge_slave_0 entered promiscuous mode [ 235.735189] ================================================================== [ 235.742628] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 235.750283] CPU: 0 PID: 7360 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #65 [ 235.757484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.766861] Call Trace: [ 235.769477] dump_stack+0x306/0x460 [ 235.773146] ? vmx_set_constant_host_state+0x1778/0x1830 [ 235.778648] kmsan_report+0x1a2/0x2e0 [ 235.782497] __msan_warning+0x7c/0xe0 [ 235.786336] vmx_set_constant_host_state+0x1778/0x1830 [ 235.791659] vmx_create_vcpu+0x3e6f/0x7870 [ 235.795930] ? kmsan_set_origin_inline+0x6b/0x120 [ 235.800804] ? __msan_poison_alloca+0x17a/0x210 [ 235.805530] ? vmx_vm_init+0x340/0x340 [ 235.809459] kvm_arch_vcpu_create+0x25d/0x2f0 [ 235.813997] kvm_vm_ioctl+0x13fd/0x33d0 [ 235.818016] ? __msan_poison_alloca+0x17a/0x210 [ 235.822758] ? do_vfs_ioctl+0x18a/0x2810 [ 235.826865] ? __se_sys_ioctl+0x1da/0x270 [ 235.831055] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 235.836021] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 235.840894] do_vfs_ioctl+0xcf3/0x2810 [ 235.844838] ? security_file_ioctl+0x92/0x200 [ 235.849379] __se_sys_ioctl+0x1da/0x270 [ 235.853413] __x64_sys_ioctl+0x4a/0x70 [ 235.857331] do_syscall_64+0xbe/0x100 [ 235.861171] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 235.866379] RIP: 0033:0x457579 [ 235.869605] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 235.888534] RSP: 002b:00007f00c63f3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 235.896277] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 235.903572] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000007 [ 235.910866] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 235.918167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00c63f46d4 [ 235.925461] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 235.932772] [ 235.934428] Local variable description: ----dt@vmx_set_constant_host_state [ 235.941454] Variable was created at: [ 235.945201] vmx_set_constant_host_state+0x2b0/0x1830 [ 235.950416] vmx_create_vcpu+0x3e6f/0x7870 [ 235.954671] ================================================================== [ 235.962047] Disabling lock debugging due to kernel taint [ 235.967519] Kernel panic - not syncing: panic_on_warn set ... [ 235.967519] [ 235.974920] CPU: 0 PID: 7360 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #65 [ 235.983513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.986505] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.992883] Call Trace: [ 235.992920] dump_stack+0x306/0x460 [ 235.992970] panic+0x54c/0xafa [ 235.993043] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 236.013802] kmsan_report+0x2d3/0x2e0 [ 236.017652] __msan_warning+0x7c/0xe0 [ 236.021493] vmx_set_constant_host_state+0x1778/0x1830 [ 236.026816] vmx_create_vcpu+0x3e6f/0x7870 [ 236.031085] ? kmsan_set_origin_inline+0x6b/0x120 [ 236.035962] ? __msan_poison_alloca+0x17a/0x210 [ 236.040683] ? vmx_vm_init+0x340/0x340 [ 236.044602] kvm_arch_vcpu_create+0x25d/0x2f0 [ 236.049135] kvm_vm_ioctl+0x13fd/0x33d0 [ 236.053166] ? __msan_poison_alloca+0x17a/0x210 [ 236.057885] ? do_vfs_ioctl+0x18a/0x2810 [ 236.061999] ? __se_sys_ioctl+0x1da/0x270 [ 236.066189] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 236.071063] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 236.075939] do_vfs_ioctl+0xcf3/0x2810 [ 236.079890] ? security_file_ioctl+0x92/0x200 [ 236.084440] __se_sys_ioctl+0x1da/0x270 [ 236.088454] __x64_sys_ioctl+0x4a/0x70 [ 236.092718] do_syscall_64+0xbe/0x100 [ 236.096556] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 236.101772] RIP: 0033:0x457579 [ 236.104989] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 236.113789] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.123909] RSP: 002b:00007f00c63f3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 236.123934] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 236.123949] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000007 [ 236.123963] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 236.123977] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00c63f46d4 [ 236.123992] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 236.124990] Kernel Offset: disabled [ 236.178876] Rebooting in 86400 seconds..