[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 58.030805] sshd (6060) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 58.254729] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 63.293455] random: sshd: uninitialized urandom read (32 bytes read) [ 63.898507] random: sshd: uninitialized urandom read (32 bytes read) [ 65.975999] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts. [ 71.803636] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/09 19:12:04 fuzzer started [ 76.539078] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/09 19:12:10 dialing manager at 10.128.0.26:44001 2018/10/09 19:12:10 syscalls: 1 2018/10/09 19:12:10 code coverage: enabled 2018/10/09 19:12:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/09 19:12:10 setuid sandbox: enabled 2018/10/09 19:12:10 namespace sandbox: enabled 2018/10/09 19:12:10 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/09 19:12:10 fault injection: enabled 2018/10/09 19:12:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/09 19:12:10 net packed injection: enabled 2018/10/09 19:12:10 net device setup: enabled [ 81.486870] random: crng init done 19:14:01 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x100008912, &(0x7f0000000040)="153f6234488dd25d766070") syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x8921, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) [ 191.437204] IPVS: ftp: loaded support on port[0] = 21 [ 193.839200] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.845835] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.854518] device bridge_slave_0 entered promiscuous mode [ 193.999340] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.006077] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.014734] device bridge_slave_1 entered promiscuous mode [ 194.161264] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 194.308943] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 194.746788] bond0: Enslaving bond_slave_0 as an active interface with an up link 19:14:05 executing program 1: ioctl$sock_bt_bnep_BNEPGETCONNINFO(0xffffffffffffffff, 0x800442d3, &(0x7f00000001c0)={0x0, 0x8, 0x1, @dev={[], 0x1c}, 'bridge0\x00'}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x0, 0x0, 0x59d, 0x0, 'syz1\x00', 0xffffffffffffffc0}) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) r1 = request_key(&(0x7f0000000080)='encrypted\x00', &(0x7f0000000100)={'syz'}, &(0x7f0000000140)='asymmetric\x00', 0xfffffffffffffffb) request_key(&(0x7f0000000180)='asymmetric\x00', &(0x7f0000001ffb)={"006c06"}, &(0x7f0000001fee)="693d21157374e363807367725669643a4465", r1) [ 195.011443] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.228745] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 195.236016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.441494] IPVS: ftp: loaded support on port[0] = 21 [ 195.483912] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 195.491003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.146962] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 196.155133] team0: Port device team_slave_0 added [ 196.353975] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 196.362070] team0: Port device team_slave_1 added [ 196.514925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 196.522494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.531465] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.743334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 196.750411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.759479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.943493] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 196.951123] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.960375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.152012] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 197.159644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.168855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.299602] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.306153] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.314681] device bridge_slave_0 entered promiscuous mode [ 199.488628] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.495183] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.503817] device bridge_slave_1 entered promiscuous mode [ 199.663223] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.669694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.676716] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.683259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.692016] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 199.759216] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 200.019869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 200.324417] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.768522] bond0: Enslaving bond_slave_0 as an active interface with an up link 19:14:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000300)="f9164d42292ea8fe451e44428e9105d5", 0x10) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, &(0x7f0000000080)=""/179, &(0x7f0000000140)=0xb3) [ 201.006644] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.329465] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 201.337596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.598423] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 201.605595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.811041] IPVS: ftp: loaded support on port[0] = 21 [ 202.443536] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 202.451538] team0: Port device team_slave_0 added [ 202.648943] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 202.657125] team0: Port device team_slave_1 added [ 202.958059] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 202.965254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.974243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.269504] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 203.276738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.285876] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.557384] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 203.565092] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.574245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.861312] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 203.868966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.877980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.988299] ip (6413) used greatest stack depth: 53056 bytes left [ 206.594378] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.600856] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.609431] device bridge_slave_0 entered promiscuous mode [ 206.846286] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.853038] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.861462] device bridge_slave_1 entered promiscuous mode [ 207.186385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 207.355481] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.361996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.369009] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.375534] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.384340] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 207.517620] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 208.242518] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.392433] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.690756] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.896042] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 208.903185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 19:14:20 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x72}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000002fe0)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1}) mremap(&(0x7f000090a000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) [ 209.229578] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.236825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.221310] IPVS: ftp: loaded support on port[0] = 21 [ 210.398462] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.406717] team0: Port device team_slave_0 added [ 210.742683] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.750732] team0: Port device team_slave_1 added [ 211.170952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.178131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.187232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.599520] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.606968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.616066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.868210] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.876047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.885360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.207261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.327694] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.335418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.344375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.658396] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 214.933034] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 214.939429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.947614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.334095] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.340579] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.349144] device bridge_slave_0 entered promiscuous mode [ 216.393300] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.463852] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.470360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.477378] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.483926] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.493102] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 216.562668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.824643] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.831177] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.839992] device bridge_slave_1 entered promiscuous mode [ 217.218333] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 217.585662] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 218.554064] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 218.903662] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 219.287117] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 219.294322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 219.589493] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 219.596728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 19:14:30 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.cpu_exclusive\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040), 0x12) [ 220.953721] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 220.961886] team0: Port device team_slave_0 added [ 221.160393] IPVS: ftp: loaded support on port[0] = 21 [ 221.350596] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 221.358851] team0: Port device team_slave_1 added [ 221.859753] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 221.866969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.875941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.289385] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 222.297098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.306151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.653468] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.811666] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 222.819538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.828664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 223.254159] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 223.261837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 223.271009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.184139] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 226.000120] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 226.007735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 226.015919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 226.305411] dccp_invalid_packet: P.Data Offset(0) too small [ 226.379835] dccp_invalid_packet: P.Data Offset(0) too small 19:14:37 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x100008912, &(0x7f0000000040)="153f6234488dd25d766070") syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x8921, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) [ 226.994715] dccp_invalid_packet: P.Data Offset(0) too small 19:14:38 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x100008912, &(0x7f0000000040)="153f6234488dd25d766070") syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x8921, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) [ 227.373606] dccp_invalid_packet: P.Data Offset(0) too small 19:14:38 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x100008912, &(0x7f0000000040)="153f6234488dd25d766070") syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x8921, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) [ 227.803624] dccp_invalid_packet: P.Data Offset(0) too small [ 227.910764] 8021q: adding VLAN 0 to HW filter on device team0 19:14:39 executing program 0: socket$inet6(0xa, 0x80003, 0x800000000000006) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x8921, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) [ 228.112681] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.119200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.126428] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.132952] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.141436] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 228.199653] dccp_invalid_packet: P.Data Offset(0) too small 19:14:39 executing program 0: socket$inet6(0xa, 0x80003, 0x800000000000006) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x8921, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) [ 228.676009] dccp_invalid_packet: P.Data Offset(0) too small [ 228.677101] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.688536] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.697008] device bridge_slave_0 entered promiscuous mode 19:14:40 executing program 0: socket$inet6(0xa, 0x80003, 0x800000000000006) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x8921, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) [ 229.122477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.150979] dccp_invalid_packet: P.Data Offset(0) too small [ 229.244130] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.250652] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.259292] device bridge_slave_1 entered promiscuous mode 19:14:40 executing program 0: ioctl(0xffffffffffffffff, 0x100008912, &(0x7f0000000040)="153f6234488dd25d766070") syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x8921, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) [ 229.746417] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 229.768373] dccp_invalid_packet: P.Data Offset(0) too small 19:14:41 executing program 0: ioctl(0xffffffffffffffff, 0x100008912, &(0x7f0000000040)="153f6234488dd25d766070") syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x8921, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x3, 0x6, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) [ 230.222082] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 230.274249] dccp_invalid_packet: P.Data Offset(0) too small [ 231.418322] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.834231] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.168852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 232.176034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 232.495489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 232.502802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 233.190335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.411698] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 233.420024] team0: Port device team_slave_0 added [ 233.622462] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 233.630521] team0: Port device team_slave_1 added [ 233.982414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 233.989492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.998274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 234.240394] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 234.270698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 234.277966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 234.286861] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.552789] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 234.560713] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 234.569751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 234.921314] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 234.929051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 234.938012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 235.446005] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 235.452498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 235.460206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 236.294331] hrtimer: interrupt took 54511 ns 19:14:47 executing program 1: ioctl$sock_bt_bnep_BNEPGETCONNINFO(0xffffffffffffffff, 0x800442d3, &(0x7f00000001c0)={0x0, 0x8, 0x1, @dev={[], 0x1c}, 'bridge0\x00'}) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f0000000040)={0x0, 0x0, 0x59d, 0x0, 'syz1\x00', 0xffffffffffffffc0}) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) r1 = request_key(&(0x7f0000000080)='encrypted\x00', &(0x7f0000000100)={'syz'}, &(0x7f0000000140)='asymmetric\x00', 0xfffffffffffffffb) request_key(&(0x7f0000000180)='asymmetric\x00', &(0x7f0000001ffb)={"006c06"}, &(0x7f0000001fee)="693d21157374e363807367725669643a4465", r1) [ 236.643281] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.946913] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.953488] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.960416] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.967013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.975799] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.982478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.761731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.531554] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 19:14:52 executing program 2: ptrace$setregset(0x4205, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)="655b688c2b13c07b1509e59c14244d22c7c97393", 0x14}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 242.002505] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 242.064352] ================================================================== [ 242.071790] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 242.079450] CPU: 1 PID: 7298 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #65 [ 242.086651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.096018] Call Trace: [ 242.098637] dump_stack+0x306/0x460 [ 242.102294] ? vmx_set_constant_host_state+0x1778/0x1830 [ 242.107856] kmsan_report+0x1a2/0x2e0 [ 242.111709] __msan_warning+0x7c/0xe0 [ 242.115551] vmx_set_constant_host_state+0x1778/0x1830 [ 242.120869] vmx_create_vcpu+0x3e6f/0x7870 [ 242.125135] ? kmsan_set_origin_inline+0x6b/0x120 [ 242.130022] ? __msan_poison_alloca+0x17a/0x210 [ 242.134727] ? vmx_vm_init+0x340/0x340 [ 242.138643] kvm_arch_vcpu_create+0x25d/0x2f0 [ 242.143173] kvm_vm_ioctl+0x13fd/0x33d0 [ 242.147184] ? __msan_poison_alloca+0x17a/0x210 [ 242.151884] ? do_vfs_ioctl+0x18a/0x2810 [ 242.155967] ? __se_sys_ioctl+0x1da/0x270 [ 242.160139] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 242.165001] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 242.169877] do_vfs_ioctl+0xcf3/0x2810 [ 242.173819] ? security_file_ioctl+0x92/0x200 [ 242.178356] __se_sys_ioctl+0x1da/0x270 [ 242.182375] __x64_sys_ioctl+0x4a/0x70 [ 242.186283] do_syscall_64+0xbe/0x100 [ 242.190118] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 242.195329] RIP: 0033:0x457579 [ 242.198538] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 242.217641] RSP: 002b:00007fd6346bec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 242.225374] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 242.232675] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 242.239957] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 242.247240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6346bf6d4 [ 242.254554] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 242.261850] [ 242.263486] Local variable description: ----dt@vmx_set_constant_host_state [ 242.270498] Variable was created at: [ 242.274229] vmx_set_constant_host_state+0x2b0/0x1830 [ 242.279432] vmx_create_vcpu+0x3e6f/0x7870 [ 242.283665] ================================================================== [ 242.291032] Disabling lock debugging due to kernel taint [ 242.296489] Kernel panic - not syncing: panic_on_warn set ... [ 242.296489] [ 242.303889] CPU: 1 PID: 7298 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #65 [ 242.312485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.321847] Call Trace: [ 242.324462] dump_stack+0x306/0x460 [ 242.328129] panic+0x54c/0xafa [ 242.331395] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 242.336873] kmsan_report+0x2d3/0x2e0 [ 242.340712] __msan_warning+0x7c/0xe0 [ 242.344545] vmx_set_constant_host_state+0x1778/0x1830 [ 242.350368] vmx_create_vcpu+0x3e6f/0x7870 [ 242.354630] ? kmsan_set_origin_inline+0x6b/0x120 [ 242.359501] ? __msan_poison_alloca+0x17a/0x210 [ 242.364207] ? vmx_vm_init+0x340/0x340 [ 242.368121] kvm_arch_vcpu_create+0x25d/0x2f0 [ 242.372652] kvm_vm_ioctl+0x13fd/0x33d0 [ 242.376665] ? __msan_poison_alloca+0x17a/0x210 [ 242.381363] ? do_vfs_ioctl+0x18a/0x2810 [ 242.385444] ? __se_sys_ioctl+0x1da/0x270 [ 242.389615] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 242.394510] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 242.399408] do_vfs_ioctl+0xcf3/0x2810 [ 242.403358] ? security_file_ioctl+0x92/0x200 [ 242.407885] __se_sys_ioctl+0x1da/0x270 [ 242.411894] __x64_sys_ioctl+0x4a/0x70 [ 242.415822] do_syscall_64+0xbe/0x100 [ 242.419667] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 242.424871] RIP: 0033:0x457579 [ 242.428084] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 242.447007] RSP: 002b:00007fd6346bec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 242.454742] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 242.462035] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 242.469320] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 242.476604] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6346bf6d4 [ 242.483886] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 242.492122] Kernel Offset: disabled [ 242.495766] Rebooting in 86400 seconds..