[ 53.105752] sshd (6005) used greatest stack depth: 53216 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 53.343503] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 53.704661] audit: type=1800 audit(1539250408.761:29): pid=5941 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 57.564314] random: sshd: uninitialized urandom read (32 bytes read) [ 58.027049] random: sshd: uninitialized urandom read (32 bytes read) [ 60.296811] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. [ 66.070554] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 09:33:42 fuzzer started [ 70.328023] random: cc1: uninitialized urandom read (8 bytes read) [ 70.471744] cc1 (6097) used greatest stack depth: 53184 bytes left 2018/10/11 09:33:47 dialing manager at 10.128.0.26:39089 2018/10/11 09:33:47 syscalls: 1 2018/10/11 09:33:47 code coverage: enabled 2018/10/11 09:33:47 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 09:33:47 setuid sandbox: enabled 2018/10/11 09:33:47 namespace sandbox: enabled 2018/10/11 09:33:47 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 09:33:47 fault injection: enabled 2018/10/11 09:33:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 09:33:47 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 09:33:47 net device setup: enabled [ 75.342644] random: crng init done 09:35:30 executing program 0: [ 176.550905] IPVS: ftp: loaded support on port[0] = 21 [ 177.777262] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.783987] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.792543] device bridge_slave_0 entered promiscuous mode [ 177.937336] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.943951] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.952443] device bridge_slave_1 entered promiscuous mode [ 178.080807] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.209579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 178.602601] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 178.735724] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:35:34 executing program 1: [ 179.533864] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 179.542151] team0: Port device team_slave_0 added [ 179.793631] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.803587] team0: Port device team_slave_1 added [ 180.063158] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 180.074494] IPVS: ftp: loaded support on port[0] = 21 [ 180.080332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.089247] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 180.282743] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 180.289877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.298863] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.431818] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.439677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.448804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.597380] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.605189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.614261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.113486] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.119960] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.128629] device bridge_slave_0 entered promiscuous mode [ 182.442601] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.449072] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.457611] device bridge_slave_1 entered promiscuous mode [ 182.678082] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 182.861044] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.867667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.874777] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.881256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.890072] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 182.903654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 183.252970] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.478847] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 183.715715] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 183.936061] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 183.944091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 09:35:39 executing program 2: [ 184.951542] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 184.959747] team0: Port device team_slave_0 added [ 185.206273] IPVS: ftp: loaded support on port[0] = 21 [ 185.247384] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 185.255431] team0: Port device team_slave_1 added [ 185.586414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 185.593758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.602961] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.856309] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 185.863889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.872788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.138039] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 186.145693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.154824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.408310] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 186.416095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.425277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.715116] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.721626] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.730317] device bridge_slave_0 entered promiscuous mode [ 188.023946] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.030530] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.039169] device bridge_slave_1 entered promiscuous mode [ 188.369845] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.625144] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.174944] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.181442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.188575] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.195170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.203873] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 189.413389] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.550051] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.829158] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.102468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.109637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.336762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.344325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.145986] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.154373] team0: Port device team_slave_0 added 09:35:46 executing program 3: [ 191.451585] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.459756] team0: Port device team_slave_1 added [ 191.796181] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.803546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.812536] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.082617] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.089760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.098655] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.416916] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.424692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.433764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.773593] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.781108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.789951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.819217] IPVS: ftp: loaded support on port[0] = 21 [ 194.240987] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.449996] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.856643] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.863267] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.871691] device bridge_slave_0 entered promiscuous mode [ 196.186362] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.193229] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.201736] device bridge_slave_1 entered promiscuous mode [ 196.292878] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.299361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.306422] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.312949] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.321585] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 196.332634] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.571296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 196.625203] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 196.631634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.639930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.894260] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 197.850073] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 197.916525] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.144333] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.521158] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 198.528637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.829513] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 198.836735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.699056] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.707437] team0: Port device team_slave_0 added [ 200.143009] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.150940] team0: Port device team_slave_1 added 09:35:55 executing program 4: [ 200.530785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.538382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.547383] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.922201] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.929387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.938681] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.338668] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.346563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.355698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.773069] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.780824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.790187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.990025] IPVS: ftp: loaded support on port[0] = 21 [ 202.873921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.358806] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 205.657732] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.664437] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.672946] device bridge_slave_0 entered promiscuous mode [ 205.898362] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 205.905048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 205.913206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 206.100031] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.106863] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.115360] device bridge_slave_1 entered promiscuous mode [ 206.159786] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.166377] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.173435] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.179893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.188621] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 206.516909] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 206.883507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 206.936929] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 09:36:02 executing program 0: 09:36:02 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x40800, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r0, 0x111, 0x5, 0x6, 0x4) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x90cd) mmap(&(0x7f00006ff000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) ioctl$ASHMEM_SET_NAME(r1, 0x40087708, &(0x7f0000000080)="a8") fsetxattr$security_ima(r1, &(0x7f0000000000)='security.ima\x00', &(0x7f00000000c0)=@v2={0x5, 0x0, 0x3, 0xab8, 0x1c, "42ce12f75a778cb6325d472e5cb5c3285e5b7b1a6bc2acc6b0588dc9"}, 0x26, 0x1) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000140)=0x5) [ 207.411204] 8021q: adding VLAN 0 to HW filter on device team0 09:36:02 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x2, 0x200) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000b00)=ANY=[@ANYBLOB="cb00000000000000000000006fb50f030b184ea5c4031c69052fd1720cfbaea9c5c703debaf358326afd4b9fe8ce347414304e35e496e4fa2ec7c667425d85d68d8444363a01b3bc6410f346cd8798664a03f86c04baf6625b10ded5cf4ff73dfd3af4a31e6b1bdd83d7dbe56d73876bc8875d50ed89363a463168b1a2863c378872e2e6612412d06c2871d4cf262a6263ef4e0054f4eb82220fa91b3f0f6b559ed232666ee10f0ca4bdd050780000006a83b2bc07e452927a20265fbea43b7de8dcee3cc723ffce56ae9f6c00000000000000000000001c4076b44b27b8da07774818f32451220dc3243e4c7dc0114b3297576f08e9c10e55d2e4f706add839bf21569e5bbd0ffe55fe14251bb1dce76f3299d3c2aa5999ad6bc810cf6bbefcdbae0e12af69c82ad038016dbd2761445eee971e18e6cf394b15032e12c5f3bcfa488d85c4902c10c681a3074a4584e3bebb8beee7d54f6f395e081b7143b5130696a7b7bbd42d315cca01291b455e048abf7ac64350b717f769bc780235214f7a0ae3e8eaea278988d5f3c6369975452c3d0c809ccb9d56e5a5043ba54e8c8b0e85318eebc9a670631f443e91c27c5a98210ff915d891a05157ce56a46d747e40ac167daf41d95ef2cd8c6498e70af70e3366dbfa613ec416c72e22e833f49665d72067a05a2c1b9c6c33580cda437970cbf7bf1e4b24fb14de204ecf0094232cd75ab364a96a72235b54195167e5e9780f2faa41f3682bc5dd59bfe4ffdde0dc103c510b75f19b967f239bd3f2dab5a54c944275ec26c86b9b51f083ffa138eeefdb66463845eef34c0c43a0456c306bd6b20d20947c73618c639a1aa525e4618b32e0a8330023eb6de3460db87be2f8cac0d9ccf999aa99f7efea690bba8db6bdbbeb069284ccb4ecebba49b013782fa920292ce2396a35749c93e6d59b8a20ba383502005a48a49ddd656b97fb711b8461e0c9666ab3cbfab70d52ad"]) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x10, &(0x7f0000000340)={'filter\x00', 0x7, 0x4, 0x4a8, 0x0, 0x0, 0x280, 0x3c0, 0x3c0, 0x3c0, 0x4, &(0x7f0000000000), {[{{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @mac, @rand_addr, @broadcast}}}, {{@arp={@multicast2, @remote, 0x0, 0x0, @mac=@local, {}, @mac, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6tnl0\x00', 'teql0\x00'}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @mac=@random="bb005abde82f", @empty, @loopback}}}, {{@arp={@multicast2, @dev, 0x0, 0x0, @empty, {}, @empty, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6_vti0\x00', 'syzkaller1\x00'}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @broadcast, @multicast1}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0xfeae) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e22, @rand_addr=0xffffffffd5239d87}}, 0x8001, 0x34}, &(0x7f0000000140)=0x90) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000002c0)={0x0, 0xfffffffffffffe46, &(0x7f0000000180)}, &(0x7f0000000300)=0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000240)=@assoc_value={r2}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={0x0, 0x79d760ee}, 0x8) 09:36:03 executing program 0: r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="2f0000001c0005c5ffffff000d0000000200001f01000000ec0010c9130001000000000000006f263f443a5ed758a1", 0x2f}], 0x1}, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x40, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x8010, r1, 0x0) r3 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x20013, r1, 0x0) r4 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x9, 0x810, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000040)={0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x78, 0x0, &(0x7f0000000180)=[@acquire_done={0x40106309, r2, 0x3}, @dead_binder_done={0x40086310, 0x2}, @free_buffer={0x40086303, r3}, @request_death={0x400c630e, 0x3, 0x4}, @register_looper, @exit_looper, @increfs_done={0x40106308, r4, 0x3}, @exit_looper, @acquire={0x40046305, 0x2}, @increfs_done={0x40106308, r5}], 0x26, 0x0, &(0x7f0000000200)="06fe7d37e58df89336781e39cf0a28d0e91d6b64884db2070b940c3b233e916f33e12b3fc997"}) ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f00000000c0)) [ 208.216126] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.612015] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:36:03 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000600)=ANY=[], &(0x7f0000000080)='./file0\x00', &(0x7f0000000440)='cgroup2\x00', 0x8d47c24892d6918d, 0x0) r0 = accept4$inet(0xffffffffffffff9c, 0x0, &(0x7f00000000c0), 0x80800) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0xfffffffffffffe00}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000380)={r1, 0xc9d, 0xf3}, 0x8) mkdir(&(0x7f0000000180)='./file0//ile0\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(0xffffffffffffffff, 0xc0305302, &(0x7f0000000b00)={0x0, 0x200, 0x0, 0x81, 0x6, 0xd9a}) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, &(0x7f00000002c0)=0x1c) epoll_pwait(0xffffffffffffffff, &(0x7f0000000240), 0x31b, 0x0, &(0x7f0000000280)={0x10001}, 0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000340)='./file0//ile0\x00') [ 208.963777] hrtimer: interrupt took 33781 ns [ 209.039255] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 209.047713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 09:36:04 executing program 0: r0 = socket$inet6(0xa, 0x802, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffff9c, 0x84, 0x1f, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x13}}}, 0x7}, &(0x7f0000000100)=0x90) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000140)={0x7, 0x8000, 0x3, 0x7, r1}, 0x10) sendto$inet6(r0, &(0x7f00000001c0)='M', 0x1, 0x20000810, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c) [ 209.481379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.488699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:36:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000340)=0x14) setsockopt$inet6_mreq(r1, 0x29, 0x1f, &(0x7f0000000380)={@local, r2}, 0x14) writev(r0, &(0x7f0000000040)=[{&(0x7f00000000c0)="390000001300094700bb61e1c3f7ffff06000000020000004500000020699e0019002900ae2490356bf199bcce3aeda4cb0d0000000000280f", 0x39}], 0x1) r3 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x0, 0x80800) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000080)={0x0, 0x1000}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000140)={r4, @in6={{0xa, 0x4e20, 0x80000000, @ipv4={[], [], @loopback}, 0x100}}}, &(0x7f0000000200)=0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000240)=[@in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e24, @local}, @in6={0xa, 0x4e23, 0x4, @empty, 0x9}, @in6={0xa, 0x4e24, 0x9, @remote, 0x80}], 0x58) ioctl$EVIOCSABS0(r3, 0x401845c0, &(0x7f00000002c0)={0x0, 0x401, 0x1, 0x8}) [ 209.843550] netlink: 'syz-executor0': attribute type 41 has an invalid length. [ 209.972941] netlink: 'syz-executor0': attribute type 41 has an invalid length. 09:36:05 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000080), &(0x7f00000000c0)=0x24b) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x10681, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000040)={0x1ff, 0x3, 0x5, 0x4}) socket$nl_xfrm(0x10, 0x3, 0x6) [ 210.809058] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.817458] team0: Port device team_slave_0 added [ 211.127243] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.135500] team0: Port device team_slave_1 added [ 211.456881] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.464215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.472987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.756183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.763566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.772604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.849103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.996310] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.004130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.013138] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.324185] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.331789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.340657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.848159] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 213.979093] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 213.985884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.993893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 09:36:10 executing program 1: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) setrlimit(0x400000000000007, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xd, 0x4, 0x4, 0x1, 0x0, r0}, 0x2c) gettid() timer_settime(0x0, 0x0, &(0x7f000004a000)={{0x0, 0x1}, {0x7, 0xe4c}}, &(0x7f0000040000)) [ 215.065820] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.322094] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.328597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.335672] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.342204] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.350218] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 215.357271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 217.704487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.379167] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.120597] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 219.127930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.136140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.820833] 8021q: adding VLAN 0 to HW filter on device team0 09:36:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000000)={0x2, 0x0, [{0xa, 0xfe}, {0x1}]}) [ 220.825454] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 220.857085] ================================================================== [ 220.864519] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 220.872157] CPU: 0 PID: 7207 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #66 [ 220.879352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.888714] Call Trace: [ 220.891331] dump_stack+0x306/0x460 [ 220.894985] ? vmx_set_constant_host_state+0x1778/0x1830 [ 220.900462] kmsan_report+0x1a2/0x2e0 [ 220.904295] __msan_warning+0x7c/0xe0 [ 220.908136] vmx_set_constant_host_state+0x1778/0x1830 [ 220.913441] vmx_create_vcpu+0x3e6f/0x7870 [ 220.917695] ? kmsan_set_origin_inline+0x6b/0x120 [ 220.922565] ? __msan_poison_alloca+0x17a/0x210 [ 220.927275] ? vmx_vm_init+0x340/0x340 [ 220.931188] kvm_arch_vcpu_create+0x25d/0x2f0 [ 220.935714] kvm_vm_ioctl+0x13fd/0x33d0 [ 220.939724] ? __msan_poison_alloca+0x17a/0x210 [ 220.944423] ? do_vfs_ioctl+0x18a/0x2810 [ 220.948507] ? __se_sys_ioctl+0x1da/0x270 [ 220.952682] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.957558] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.962429] do_vfs_ioctl+0xcf3/0x2810 [ 220.966358] ? security_file_ioctl+0x92/0x200 [ 220.970886] __se_sys_ioctl+0x1da/0x270 [ 220.974887] __x64_sys_ioctl+0x4a/0x70 [ 220.978791] do_syscall_64+0xbe/0x100 [ 220.982616] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 220.987822] RIP: 0033:0x457519 [ 220.991026] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 221.009944] RSP: 002b:00007f42008fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 221.017672] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 221.024959] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 221.032357] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 221.039647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f42008fc6d4 [ 221.046942] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff [ 221.054863] [ 221.056505] Local variable description: ----dt@vmx_set_constant_host_state [ 221.063531] Variable was created at: [ 221.067280] vmx_set_constant_host_state+0x2b0/0x1830 [ 221.072496] vmx_create_vcpu+0x3e6f/0x7870 [ 221.076742] ================================================================== [ 221.084119] Disabling lock debugging due to kernel taint [ 221.089582] Kernel panic - not syncing: panic_on_warn set ... [ 221.089582] [ 221.097080] CPU: 0 PID: 7207 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #66 [ 221.105678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.115042] Call Trace: [ 221.117649] dump_stack+0x306/0x460 [ 221.121306] panic+0x54c/0xafa [ 221.124540] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 221.130007] kmsan_report+0x2d3/0x2e0 [ 221.133827] __msan_warning+0x7c/0xe0 [ 221.137649] vmx_set_constant_host_state+0x1778/0x1830 [ 221.142952] vmx_create_vcpu+0x3e6f/0x7870 [ 221.147206] ? kmsan_set_origin_inline+0x6b/0x120 [ 221.152072] ? __msan_poison_alloca+0x17a/0x210 [ 221.156788] ? vmx_vm_init+0x340/0x340 [ 221.160702] kvm_arch_vcpu_create+0x25d/0x2f0 [ 221.165228] kvm_vm_ioctl+0x13fd/0x33d0 [ 221.169239] ? __msan_poison_alloca+0x17a/0x210 [ 221.173943] ? do_vfs_ioctl+0x18a/0x2810 [ 221.178032] ? __se_sys_ioctl+0x1da/0x270 [ 221.182210] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 221.187078] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 221.191953] do_vfs_ioctl+0xcf3/0x2810 [ 221.195878] ? security_file_ioctl+0x92/0x200 [ 221.200402] __se_sys_ioctl+0x1da/0x270 [ 221.204407] __x64_sys_ioctl+0x4a/0x70 [ 221.208308] do_syscall_64+0xbe/0x100 [ 221.212140] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 221.217340] RIP: 0033:0x457519 [ 221.220541] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 221.239862] RSP: 002b:00007f42008fbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 221.247587] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 221.254864] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 221.262140] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 221.269421] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f42008fc6d4 [ 221.276731] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff [ 221.285362] Kernel Offset: disabled [ 221.289045] Rebooting in 86400 seconds..