[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 49.854232] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 50.199024] audit: type=1800 audit(1538973621.245:29): pid=5998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 54.099824] random: sshd: uninitialized urandom read (32 bytes read) [ 54.540233] random: sshd: uninitialized urandom read (32 bytes read) [ 56.211278] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. [ 62.048852] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 04:40:34 fuzzer started [ 66.183759] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 04:40:39 dialing manager at 10.128.0.26:36867 2018/10/08 04:40:39 syscalls: 1 2018/10/08 04:40:39 code coverage: enabled 2018/10/08 04:40:39 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 04:40:39 setuid sandbox: enabled 2018/10/08 04:40:39 namespace sandbox: enabled 2018/10/08 04:40:39 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 04:40:39 fault injection: enabled 2018/10/08 04:40:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 04:40:39 net packed injection: enabled 2018/10/08 04:40:39 net device setup: enabled [ 70.816885] random: crng init done 04:42:22 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000003540)={'ip6gre0\x00', {0x2, 0x0, @multicast1}}) [ 172.193879] IPVS: ftp: loaded support on port[0] = 21 [ 174.226834] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.233304] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.241618] device bridge_slave_0 entered promiscuous mode [ 174.379274] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.385991] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.394206] device bridge_slave_1 entered promiscuous mode [ 174.514983] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.635572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.009393] bond0: Enslaving bond_slave_0 as an active interface with an up link 04:42:26 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000000500)='./file0/file0\x00', 0x0) read$FUSE(r0, &(0x7f00000030c0), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90) lstat(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000000340)) [ 175.138886] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.890743] IPVS: ftp: loaded support on port[0] = 21 [ 176.112127] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.120188] team0: Port device team_slave_0 added [ 176.316080] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.324119] team0: Port device team_slave_1 added [ 176.547673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.778937] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.786100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.794904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.923104] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.930844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.939763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.120789] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.128513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.137603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.279430] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.286063] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.294468] device bridge_slave_0 entered promiscuous mode [ 179.322471] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.329001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.335970] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.342388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.350914] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.594698] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.601204] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.609636] device bridge_slave_1 entered promiscuous mode [ 179.861828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.024344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:42:31 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0x5) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f00000002c0), 0x4cc, 0x20007ffc) [ 180.343954] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.686784] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.936755] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.999154] IPVS: ftp: loaded support on port[0] = 21 [ 181.192201] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.200837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.440467] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.447751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.121886] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.129864] team0: Port device team_slave_0 added [ 182.427971] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.435975] team0: Port device team_slave_1 added [ 182.714151] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.721209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.729904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.933161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.940631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.949381] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.235348] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.242926] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.251953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.503302] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.510988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.519954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.003043] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.009681] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.017999] device bridge_slave_0 entered promiscuous mode [ 185.261486] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.268168] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.276382] device bridge_slave_1 entered promiscuous mode [ 185.502758] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.749334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.240755] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.247292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.254230] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.260663] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.269169] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.475960] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.598952] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.874402] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.037762] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.045018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.314227] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.321284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:42:38 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000100)={0x77, 0x0, [0x40000105]}) [ 188.169583] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.177606] team0: Port device team_slave_0 added [ 188.450226] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.458252] team0: Port device team_slave_1 added [ 188.598598] IPVS: ftp: loaded support on port[0] = 21 [ 188.711334] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.718611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.727387] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.047193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.054430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.063118] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.415364] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.422905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.431773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.698494] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.706084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.714919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.422347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.677306] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.815005] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.821382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.829588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.193892] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.200348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.207339] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.213831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.222148] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.718260] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.724826] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.732995] device bridge_slave_0 entered promiscuous mode [ 194.024564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.042389] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.049002] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.057378] device bridge_slave_1 entered promiscuous mode [ 194.152447] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.394984] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 194.643804] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 195.468231] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.768545] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 196.092726] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 196.107228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.402512] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 196.409743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:42:47 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl(r1, 0x4000800c0884113, &(0x7f0000000240)) [ 197.487995] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 197.496072] team0: Port device team_slave_0 added [ 197.864950] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 197.872895] team0: Port device team_slave_1 added [ 198.060585] IPVS: ftp: loaded support on port[0] = 21 [ 198.312858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 198.320333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.329088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.624061] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 198.631119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.639830] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.055294] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 199.062873] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.071957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.192969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.427687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 199.435292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.444185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.639214] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.864766] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.871117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.879127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:42:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae0a, &(0x7f0000000100)=ANY=[@ANYBLOB='y']) 04:42:54 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00004c0000)={0xa, 0x3, 0x0, @ipv4}, 0x1c) listen(r1, 0x43) r2 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg(r2, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f00007ed000)=[{&(0x7f0000000140)='u', 0x1}], 0x1, &(0x7f00000002c0)}}], 0x1, 0x0) [ 203.353393] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.616710] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.623177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.630156] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.636688] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.645422] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 04:42:54 executing program 0: r0 = socket(0x10, 0x802, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="cc000000", @ANYRES16=r1, @ANYBLOB="10002abd7000ffdbdf25070000002400030008000100020000000800030002000000080005000000000008000500ac1414aa28000300080007004e2000000800010002000000140006000000000000000000000000000000000154000300080007004e24000008000500000000001400060000000000000000000000000000000000080007004e0800d5000000080004009308000014000600fe8000000000000000000000000000bb080005000000000008000500050000000800060036ffffff6f482ad8a08a3d0f9f5ec5bfc73b56b8ab5b62d0025895b3d93b901e339dcce77c813d696d211e85ff7b275f570f771dfe6235ee43c7c3b23582a2f59241f4fd2dd12c119bef2f6ac02df830c97be5669c1305a0a82dfd8cc45796204908fccbcbef712a27b76e6ba656bfeebfabf6156e08db5134b8f7a6ca946846ff5678240fcbf1e6efc5cd59dd4eb5eb591555c2386c8746216fbdf133d5335182a04646a71f93a7999f11b3fea650071609c5b67e42492b4d9b0d043f517a354b1e38e3e9d246a490237a05c3c68c3cdb032fd73fc5f8c4bbd11bc48071747f6757ab73ac1b381b109f092ddb930d"], 0xcc}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000012c0)={&(0x7f00000000c0), 0xc, &(0x7f0000001280)={&(0x7f0000000100)=ANY=[@ANYBLOB="170000001600010000000000000000000a000000", @ANYRES32=0x0, @ANYBLOB="5c8eee398c33ba210018cb03fc3f1652c2440000b0d88161f786b2db43678d3b2c37071f62acde59f3c98c835c01876d0385eca9662b6c8f13737b1e8382f84861a935fbdd6500f67a03636db5d0525e08602169ec6748300ed142656308c22b67526c65c46ee2fad4b4a9ce3bc21fb5c7d4d57d208ecffc3136ff1617c8ff58fb09b97d226ca4cf55b1d99b046e9e561e3daddc0308cd3a2de6ca49"], 0x2c}}, 0x0) [ 203.884654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 04:42:55 executing program 0: r0 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x100082) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000600)=ANY=[@ANYBLOB="b6a3f3458c7011c0838242b312620de6e5b6da1273e02857a73d79096fc8d6e5db83a846594d67a5afc3a5f8db36a46a5a238f3e71eb6e519512d90df190ed60148eae538ef41357c686f090cf259affd4ea67f3a43c21e8f4b1d03c01aa49bc8fc7484e7413623b7e5c68c501ae75cf85a1b38fbe68eef1c4ff05c44400000000000009ac46b8245d6a072c72c64fb28c43eef4c300970edc355a3c25d39f3f059dc3e46060e37b7d81250b6cf0b04391e94b8e45555b"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) r2 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000280), 0x12) set_mempolicy(0x1, &(0x7f0000000440)=0x4, 0x7) r4 = memfd_create(&(0x7f0000000740)='GPLem1self\x00', 0x0) pwritev(r4, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r4) sendfile(r0, r4, &(0x7f0000000240), 0x20000102000007) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000180)=0x10000000000062) ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffffffffff46}) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f00000002c0)={0x0, 0xc, "59f86539c359bd0cfdea0f68"}, &(0x7f00000004c0)=0x14) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000500)=@assoc_value={r6, 0x7}, 0x8) ioctl$TIOCSSOFTCAR(r5, 0x541a, &(0x7f0000000040)) io_setup(0x2, &(0x7f0000000080)=0x0) getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, &(0x7f0000000480), &(0x7f0000000540)=0x30) ioctl$KDGETKEYCODE(r4, 0x4b4c, &(0x7f0000000400)={0x4, 0x80000000}) io_cancel(r7, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3, 0xffffffffffffa47c, r0, &(0x7f0000000300)="a8d86ae1bfb2c4c2abd4727d5a572d5967ed696ed9519a8ec241533106970c2083de5627315a321eb90dca084b9226a2086e5d916bba7255504daea271d192f2c8a0906e58e84e7c5fb9238a980f6aa5a03a1b23e79f80691a78455f50a08ae739daa25bea98723414bdc1567dddcafb63434060b8ffefdbbb8af84b3007ac4e175e7c5876593a5f38c67a4be1327846084b72a126be71c6e69451e784af8eb8f5c99435661a57093c6959b87cef55f507d9a8d7a1b9999dfa1179bade9063a7d5468520a2351204aa0f4766afc17947b38c7c511b9c04a2505d", 0xda, 0x0, 0x0, 0x1, 0xffffffffffffff9c}, &(0x7f0000000200)) [ 204.569143] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.575884] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.584170] device bridge_slave_0 entered promiscuous mode 04:42:55 executing program 0: r0 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x401, 0x80000) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000100)={0x8001, 0x6}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x18}]}}}]}, 0x3c}}, 0x0) [ 205.034740] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.041213] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.049552] device bridge_slave_1 entered promiscuous mode [ 205.068084] netlink: 'syz-executor0': attribute type 24 has an invalid length. [ 205.075848] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) 04:42:56 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f00000000c0)={'veth1_to_team\x00', 0x80000001}) getsockopt$inet6_udp_int(r1, 0x11, 0x6f, &(0x7f0000000000), &(0x7f0000000080)=0x4) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) close(r2) socket(0x10, 0x3, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001400)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000d7c000)={0x0, r2}) [ 205.441983] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 205.827714] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:42:57 executing program 0: io_setup(0x0, &(0x7f0000000740)=0x0) io_pgetevents(r0, 0x200, 0x189, &(0x7f0000000140), &(0x7f00000001c0)={0x77359400}, &(0x7f0000000700)={&(0x7f0000000280)={0xffffffffffffffff}, 0x8}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x20601, 0x0) clock_gettime(0x8, &(0x7f0000000200)) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x221d, 0xffffffffffffffff, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snapshot\x00', 0x8000, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/rfkill\x00', 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000380), 0x80800) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f00000004c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000440)={&(0x7f0000000500)=ANY=[@ANYBLOB="000528bd7000fbdbdf250300cb10b8716bf7ff9c142c62f7fe6aed0104000c000300940c000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x15}, 0x20000084) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_DISCONNECT(r1, &(0x7f0000000180)={0xa, 0x4}, 0xc) mlock2(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0) ioctl$TIOCSBRK(r1, 0x5427) [ 206.437221] hrtimer: interrupt took 42759 ns 04:42:57 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) unshare(0x24020400) write$binfmt_elf32(r0, &(0x7f0000000340)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x10000, 0x8, 0x5, 0x4, 0x0, 0x3, 0x4, 0x384, 0x38, 0x1ad, 0x100000000, 0xa503, 0x20, 0x2, 0x4, 0x23fe, 0x1}, [{0x5, 0x56, 0x0, 0x2, 0x6, 0x400, 0xfffffffffffffffc, 0x3ff}], "355d865ce6159287a5ab70e7548bacd8262d8ec9fdf4a4fa66742d683722b9e754dfa52e05ef8be3e50705ad0c27949576dc64ee2bf8c9f7c0d14aa67ea4d0bd29602729be501755f683594f30b2ba9d3af10391c6f494464ec726e8e8451298939f5533839104ad441f47d42358d696c50981ef2a91341031c2787609edb55ad0aadf2025a542b7c4e7fff79612d4b7f91edd43676498b37fcdf21c1d63968ac7890e4f7d79af7c9b79d9caa27372292f1c204c249a40d3494595d1f3e053d24a0311cef8f4f4c2ce53ce039d77efa789f9381f2d08483bf27e32a65a3ab13ef85fc640fc3173e38e640ae5eb516c52529f7866", [[], []]}, 0x34c) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x8}, &(0x7f0000000200), &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) [ 207.033926] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 207.410179] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.707320] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 207.714482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.015055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.029800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 208.037328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.953018] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.975194] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.983024] team0: Port device team_slave_0 added [ 209.225961] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.234138] team0: Port device team_slave_1 added [ 209.499423] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 209.506700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.515418] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.724771] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.731132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.738936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.819407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 209.826624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.835278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.096153] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.104400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.113034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.397850] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.433936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.442677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.584011] 8021q: adding VLAN 0 to HW filter on device team0 04:43:03 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) mmap(&(0x7f00006ff000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000080)="776c616e31776c616e316d696d655f74797065ac706f7369785f61636c5f61636365737327747275737465649b00") [ 213.022089] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.028669] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.035669] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.042153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.050532] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.057407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.830017] 8021q: adding VLAN 0 to HW filter on device bond0 04:43:06 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) stat(&(0x7f0000004100)='./file0/file0\x00', &(0x7f0000004140)) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000000500)='./file0/file0\x00', 0x0) read$FUSE(r0, &(0x7f00000030c0), 0x1000) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000000640)={0x90, 0x0, 0x2, {0x0, 0x1, 0x200000000000000, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffefffffffffd}}}, 0x90) read$FUSE(r0, &(0x7f0000001000), 0x7) write$FUSE_ENTRY(r0, &(0x7f0000003000)={0x90, 0x0, 0x3, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001}}}, 0x90) [ 215.605549] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 216.111764] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 216.118223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.126017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.685561] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.275496] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.626567] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 219.655790] ================================================================== [ 219.663209] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 219.669809] CPU: 1 PID: 7440 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63 [ 219.676994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.686350] Call Trace: [ 219.688955] dump_stack+0x306/0x460 [ 219.692594] ? _raw_spin_lock_irqsave+0x227/0x340 [ 219.697459] ? vmx_create_vcpu+0x10df/0x7920 [ 219.701891] kmsan_report+0x1a3/0x2d0 [ 219.705721] __msan_warning+0x7c/0xe0 [ 219.709543] vmx_create_vcpu+0x10df/0x7920 [ 219.713793] ? kmsan_set_origin_inline+0x6b/0x120 [ 219.718655] ? __msan_poison_alloca+0x17a/0x210 [ 219.723353] ? vmx_vm_init+0x340/0x340 [ 219.727262] kvm_arch_vcpu_create+0x25d/0x2f0 [ 219.729947] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.731786] kvm_vm_ioctl+0x13fd/0x33d0 [ 219.741815] ? __msan_poison_alloca+0x17a/0x210 [ 219.746515] ? do_vfs_ioctl+0x18a/0x2810 [ 219.750588] ? __se_sys_ioctl+0x1da/0x270 [ 219.754754] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 219.759612] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 219.764481] do_vfs_ioctl+0xcf3/0x2810 [ 219.768397] ? security_file_ioctl+0x92/0x200 [ 219.772919] __se_sys_ioctl+0x1da/0x270 [ 219.776936] __x64_sys_ioctl+0x4a/0x70 [ 219.780853] do_syscall_64+0xbe/0x100 [ 219.784671] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 219.789867] RIP: 0033:0x457579 [ 219.793066] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 219.811985] RSP: 002b:00007fb99232ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 219.819713] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 219.827000] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 219.834290] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 219.841580] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb99232b6d4 [ 219.848867] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 219.856159] [ 219.857791] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 219.864717] Variable was created at: [ 219.868457] vmx_create_vcpu+0xd5/0x7920 [ 219.872536] kvm_arch_vcpu_create+0x25d/0x2f0 [ 219.877037] ================================================================== [ 219.884393] Disabling lock debugging due to kernel taint [ 219.889847] Kernel panic - not syncing: panic_on_warn set ... [ 219.889847] [ 219.897225] CPU: 1 PID: 7440 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #63 [ 219.905801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.915157] Call Trace: [ 219.917757] dump_stack+0x306/0x460 [ 219.921411] panic+0x54c/0xafa [ 219.924655] kmsan_report+0x2cd/0x2d0 [ 219.928486] __msan_warning+0x7c/0xe0 [ 219.932305] vmx_create_vcpu+0x10df/0x7920 [ 219.936557] ? kmsan_set_origin_inline+0x6b/0x120 [ 219.941422] ? __msan_poison_alloca+0x17a/0x210 [ 219.946129] ? vmx_vm_init+0x340/0x340 [ 219.950051] kvm_arch_vcpu_create+0x25d/0x2f0 [ 219.954567] kvm_vm_ioctl+0x13fd/0x33d0 [ 219.958572] ? __msan_poison_alloca+0x17a/0x210 [ 219.963260] ? do_vfs_ioctl+0x18a/0x2810 [ 219.967335] ? __se_sys_ioctl+0x1da/0x270 [ 219.971585] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 219.976451] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 219.981310] do_vfs_ioctl+0xcf3/0x2810 [ 219.985224] ? security_file_ioctl+0x92/0x200 [ 219.989739] __se_sys_ioctl+0x1da/0x270 [ 219.993737] __x64_sys_ioctl+0x4a/0x70 [ 219.997633] do_syscall_64+0xbe/0x100 [ 220.001454] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 220.006650] RIP: 0033:0x457579 [ 220.009852] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.028849] RSP: 002b:00007fb99232ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.036569] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 220.043851] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 220.051132] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 220.058521] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb99232b6d4 [ 220.065801] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 220.074264] Kernel Offset: disabled [ 220.077893] Rebooting in 86400 seconds..