[ 56.753792] audit: type=1800 audit(1538954726.786:27): pid=6049 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.245423] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 59.988434] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 60.518058] random: sshd: uninitialized urandom read (32 bytes read) [ 62.644331] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. [ 68.449599] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/07 23:25:40 fuzzer started [ 73.150833] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/07 23:25:45 dialing manager at 10.128.0.26:36867 2018/10/07 23:25:45 syscalls: 1 2018/10/07 23:25:45 code coverage: enabled 2018/10/07 23:25:45 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/07 23:25:45 setuid sandbox: enabled 2018/10/07 23:25:45 namespace sandbox: enabled 2018/10/07 23:25:45 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/07 23:25:45 fault injection: enabled 2018/10/07 23:25:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/07 23:25:45 net packed injection: enabled 2018/10/07 23:25:45 net device setup: enabled [ 77.889319] random: crng init done 23:27:44 executing program 0: [ 195.073821] IPVS: ftp: loaded support on port[0] = 21 [ 197.572769] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.579481] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.588135] device bridge_slave_0 entered promiscuous mode [ 197.729910] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.736679] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.745272] device bridge_slave_1 entered promiscuous mode [ 197.887814] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 198.028800] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 198.462831] bond0: Enslaving bond_slave_0 as an active interface with an up link 23:27:48 executing program 1: [ 198.608226] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.496987] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.505593] team0: Port device team_slave_0 added [ 199.525138] IPVS: ftp: loaded support on port[0] = 21 [ 199.846688] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 199.855161] team0: Port device team_slave_1 added [ 200.077791] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.085008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.094138] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.238856] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.246020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.255253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.430614] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 200.438487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.447989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.708802] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 200.716534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.725675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.289466] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.296098] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.304596] device bridge_slave_0 entered promiscuous mode [ 203.321781] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.328250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.335304] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.341847] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.350736] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 203.512874] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.519329] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.527952] device bridge_slave_1 entered promiscuous mode [ 203.780884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.053223] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.101952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 23:27:54 executing program 2: [ 204.911797] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 205.232502] IPVS: ftp: loaded support on port[0] = 21 [ 205.249044] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 205.625490] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 205.632639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.981587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.988881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 206.827047] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 206.835197] team0: Port device team_slave_0 added [ 207.155994] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 207.164204] team0: Port device team_slave_1 added [ 207.426389] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 207.433627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.442571] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.728374] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 207.735723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.745028] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.038253] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.046035] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.055518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.345591] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 208.353464] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.362660] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.804088] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.810569] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.819197] device bridge_slave_0 entered promiscuous mode [ 210.185847] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.192517] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.200907] device bridge_slave_1 entered promiscuous mode [ 210.443341] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.771598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 211.581913] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.750332] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.756906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.763956] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.770419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.779441] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.882486] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.227876] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.235117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.371997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.498021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.505476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 23:28:02 executing program 3: [ 213.493339] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.501813] team0: Port device team_slave_0 added [ 213.849470] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 213.857717] team0: Port device team_slave_1 added [ 213.862214] IPVS: ftp: loaded support on port[0] = 21 [ 214.243696] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.250944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.259962] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.672527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.679624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.688646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.006638] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 215.014524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.023959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.344458] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 215.352343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.361619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.403452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.748903] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 217.995283] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 218.001871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 218.009938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.422415] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.490579] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.497175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.504221] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.510691] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.519503] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.071911] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.078384] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.087432] device bridge_slave_0 entered promiscuous mode [ 220.104773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.544464] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.550972] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.559521] device bridge_slave_1 entered promiscuous mode [ 220.918599] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 221.245781] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 222.409645] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.747988] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 223.096104] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 223.103392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 23:28:13 executing program 4: [ 223.566107] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 223.573358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 224.836006] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.844258] team0: Port device team_slave_0 added [ 224.927464] IPVS: ftp: loaded support on port[0] = 21 [ 225.323950] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 225.332264] team0: Port device team_slave_1 added [ 225.768212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.775457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.784538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 226.152442] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 226.159541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 226.168481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.628895] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.636636] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.646137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 227.106379] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 227.114285] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 227.123240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.301301] 8021q: adding VLAN 0 to HW filter on device bond0 23:28:18 executing program 0: [ 229.130007] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 23:28:19 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x100, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000100)={0x2}, 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='vegas\x00', 0x7d) sendto$inet6(r1, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000113, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000]}}, 0x1c) close(r0) r3 = shmget$private(0x0, 0x10000, 0xfe, &(0x7f0000ff0000/0x10000)=nil) shmctl$SHM_LOCK(r3, 0xb) ioctl$FICLONE(r1, 0x40049409, r1) [ 229.339538] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 229.468359] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 23:28:19 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x100, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000100)={0x2}, 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='vegas\x00', 0x7d) sendto$inet6(r1, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000113, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000]}}, 0x1c) close(r0) r3 = shmget$private(0x0, 0x10000, 0xfe, &(0x7f0000ff0000/0x10000)=nil) shmctl$SHM_LOCK(r3, 0xb) ioctl$FICLONE(r1, 0x40049409, r1) [ 229.973056] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 23:28:20 executing program 0: prctl$intptr(0x3f, 0x40) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$sndpcmc(&(0x7f0000000380)='/dev/snd/pcmC#D#c\x00', 0xffffffff80000001, 0x4280) write$FUSE_NOTIFY_DELETE(r0, &(0x7f00000003c0)={0x3a, 0x6, 0x0, {0x2, 0x5, 0x11, 0x0, 'GPLvmnet1,trusted'}}, 0x3a) sysinfo(&(0x7f0000000080)=""/230) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0xd07bac5de54ee06, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000240)={{{@in=@broadcast, @in=@dev}}, {{@in=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000340)=0xe8) ioctl$sock_bt(r1, 0x5411, &(0x7f00000001c0)="7f7a391fbec121444e48a8c0e6e46723b7189205c3e484d7dcd6cceeb9e147467da8130772ed00654f842e64edf10b08dc99ddeee150a783a4108712e4f79f03864c6b5962375f077757c8cc7de35bc114e491eff079fb1277c51f1fce2d68d50a16") setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000000)=ANY=[@ANYBLOB='nat\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1e8) [ 230.825652] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 230.832247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 230.840102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 23:28:20 executing program 0: r0 = socket(0x10, 0x802, 0x0) sendto(r0, &(0x7f0000000600)="120000001200e7ef169792ca987a81119d20", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x144}, {&(0x7f00000000c0)=""/85, 0x10}, {&(0x7f0000000fc0)=""/4096, 0x1064}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x15}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f6, 0x0, &(0x7f0000003700)={0x77359400}) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x9, 0x100) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000140)=0x8) [ 231.341062] ip (6966) used greatest stack depth: 53056 bytes left 23:28:21 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="0f0000080100000000780c000000000000000000000000000000cc71707518c44c7e31c07ac8ec5300000000000000a4f7fce8d7da4c364b8ac60488d761416b0734fa582c229b394f472601e235373215bc054f261e19620dcee9b7f9457745bbaeb9a381"]}) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f00000000c0)=0x4, 0x4) 23:28:22 executing program 0: r0 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000040)=0x1c, 0x80000) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x2db, 0x4}, &(0x7f00000000c0)=0x8) r2 = geteuid() ioprio_get$uid(0x3, r2) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000180)={r1, 0x401}, 0x8) setsockopt$inet6_dccp_int(r0, 0x21, 0x6, &(0x7f0000000200)=0x1, 0x4) capset(&(0x7f0000581ff8)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x2}) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x0, 0x0) fsetxattr$security_capability(r3, &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000300)=@v3, 0x18, 0x0) [ 232.159543] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.166390] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.175163] device bridge_slave_0 entered promiscuous mode 23:28:22 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x2) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\n'], 0x1) sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000002d40), 0x2bc}}, {{0x0, 0x0, &(0x7f0000000040), 0x361, &(0x7f0000000140)}}], 0x40007aa, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000040)='\\\x00', 0xffffffffffffffff}, 0x30) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f00000000c0)=r1) [ 232.459098] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.465723] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.472802] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.479275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.487862] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 232.598208] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.604973] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.613798] device bridge_slave_1 entered promiscuous mode [ 232.658206] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.036392] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 233.063410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 233.392993] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.380846] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.773407] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.134106] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 235.141236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 235.496813] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 235.504070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.510573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.572119] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 236.580240] team0: Port device team_slave_0 added [ 236.816395] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.824762] team0: Port device team_slave_1 added [ 237.123497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.137705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.146999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.485023] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 237.492358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.501010] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.747647] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.755415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.764438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.783191] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.002265] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 238.009869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.018851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.835284] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 238.841958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.849806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.816238] 8021q: adding VLAN 0 to HW filter on device team0 23:28:30 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$TIOCSBRK(r1, 0x40044591) r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x102) write$evdev(r2, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) munmap(&(0x7f000058e000/0x3000)=nil, 0x3000) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000040)={'vlan0\x00'}) [ 242.036248] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.042785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.049697] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.056287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.064718] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 242.071356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.471309] 8021q: adding VLAN 0 to HW filter on device bond0 23:28:35 executing program 2: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)}}, 0x20) fcntl$setstatus(r0, 0x4, 0x44000) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f00000011c0)={&(0x7f0000000180), 0xc, &(0x7f0000001180)={&(0x7f0000000f00)={0x14, 0x0, 0x0, 0x70bd2c}, 0x14}}, 0x4004001) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) io_submit(r1, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) [ 246.519336] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 247.261568] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 247.268061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.276695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 247.816851] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.746566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.294921] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 250.840407] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 250.846893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 250.854822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 23:28:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4d0, 0x0, 0xce]}) [ 251.372203] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 251.402790] ================================================================== [ 251.410203] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 251.413675] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.416820] CPU: 1 PID: 7499 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63 [ 251.429911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.439292] Call Trace: [ 251.441909] dump_stack+0x306/0x460 [ 251.445568] ? _raw_spin_lock_irqsave+0x227/0x340 [ 251.450437] ? vmx_create_vcpu+0x10df/0x7920 [ 251.454888] kmsan_report+0x1a3/0x2d0 [ 251.458749] __msan_warning+0x7c/0xe0 [ 251.462601] vmx_create_vcpu+0x10df/0x7920 [ 251.466867] ? kmsan_set_origin_inline+0x6b/0x120 [ 251.471771] ? __msan_poison_alloca+0x17a/0x210 [ 251.476488] ? vmx_vm_init+0x340/0x340 [ 251.480406] kvm_arch_vcpu_create+0x25d/0x2f0 [ 251.485716] kvm_vm_ioctl+0x13fd/0x33d0 [ 251.490249] ? __msan_poison_alloca+0x17a/0x210 [ 251.494948] ? do_vfs_ioctl+0x18a/0x2810 [ 251.499053] ? __se_sys_ioctl+0x1da/0x270 [ 251.503231] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 251.508104] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 251.512973] do_vfs_ioctl+0xcf3/0x2810 [ 251.516906] ? security_file_ioctl+0x92/0x200 [ 251.521442] __se_sys_ioctl+0x1da/0x270 [ 251.525459] __x64_sys_ioctl+0x4a/0x70 [ 251.529377] do_syscall_64+0xbe/0x100 [ 251.533213] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.539658] RIP: 0033:0x457579 [ 251.543570] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 251.562502] RSP: 002b:00007f1e13f72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 251.570408] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 251.577700] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 251.584996] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 251.592285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e13f736d4 [ 251.599573] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 251.606901] [ 251.608539] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 251.615472] Variable was created at: [ 251.619205] vmx_create_vcpu+0xd5/0x7920 [ 251.623286] kvm_arch_vcpu_create+0x25d/0x2f0 [ 251.627783] ================================================================== [ 251.635409] Disabling lock debugging due to kernel taint [ 251.641837] Kernel panic - not syncing: panic_on_warn set ... [ 251.641837] [ 251.650116] CPU: 1 PID: 7499 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #63 [ 251.658793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.668180] Call Trace: [ 251.670802] dump_stack+0x306/0x460 [ 251.674484] panic+0x54c/0xafa [ 251.677760] kmsan_report+0x2cd/0x2d0 [ 251.681623] __msan_warning+0x7c/0xe0 [ 251.685464] vmx_create_vcpu+0x10df/0x7920 [ 251.689726] ? kmsan_set_origin_inline+0x6b/0x120 [ 251.694600] ? __msan_poison_alloca+0x17a/0x210 [ 251.699329] ? vmx_vm_init+0x340/0x340 [ 251.703246] kvm_arch_vcpu_create+0x25d/0x2f0 [ 251.707786] kvm_vm_ioctl+0x13fd/0x33d0 [ 251.711812] ? __msan_poison_alloca+0x17a/0x210 [ 251.716522] ? do_vfs_ioctl+0x18a/0x2810 [ 251.720606] ? __se_sys_ioctl+0x1da/0x270 [ 251.724789] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 251.729667] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 251.734546] do_vfs_ioctl+0xcf3/0x2810 [ 251.738480] ? security_file_ioctl+0x92/0x200 [ 251.743011] __se_sys_ioctl+0x1da/0x270 [ 251.747026] __x64_sys_ioctl+0x4a/0x70 [ 251.750938] do_syscall_64+0xbe/0x100 [ 251.754772] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 251.759978] RIP: 0033:0x457579 [ 251.763191] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 251.782122] RSP: 002b:00007f1e13f72c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 251.789885] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 251.797196] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 251.805185] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 251.812482] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e13f736d4 [ 251.819773] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 251.828170] Kernel Offset: disabled [ 251.831828] Rebooting in 86400 seconds..