[   58.237624] audit: type=1800 audit(1539177398.279:27): pid=6072 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   59.823428] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   63.443714] random: sshd: uninitialized urandom read (32 bytes read)
[   64.022020] random: sshd: uninitialized urandom read (32 bytes read)
[   66.635801] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts.
[   72.439832] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/10 13:16:54 fuzzer started
[   77.090320] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/10 13:16:59 dialing manager at 10.128.0.26:45337
2018/10/10 13:16:59 syscalls: 1
2018/10/10 13:16:59 code coverage: enabled
2018/10/10 13:16:59 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/10 13:16:59 setuid sandbox: enabled
2018/10/10 13:16:59 namespace sandbox: enabled
2018/10/10 13:16:59 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/10 13:16:59 fault injection: enabled
2018/10/10 13:16:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/10 13:16:59 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory)
2018/10/10 13:16:59 net device setup: enabled
[   82.412007] random: crng init done
13:19:07 executing program 0:
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000340))
close(r0)

[  208.079741] IPVS: ftp: loaded support on port[0] = 21
[  209.486122] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.492804] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.501562] device bridge_slave_0 entered promiscuous mode
[  209.666153] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.672816] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.681370] device bridge_slave_1 entered promiscuous mode
[  209.831438] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  209.974946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  210.418404] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  210.569992] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  210.860023] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  210.867258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  211.037788] ip (6279) used greatest stack depth: 53056 bytes left
13:19:11 executing program 1:
mkdir(&(0x7f000002b000)='./file0\x00', 0x0)
r0 = creat(&(0x7f0000002500)='./file0/bus\x00', 0x0)
unshare(0x400)
sync_file_range(r0, 0x0, 0x0, 0x0)

[  211.355008] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  211.363421] team0: Port device team_slave_0 added
[  211.626724] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  211.634984] team0: Port device team_slave_1 added
[  211.886915] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  211.894158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  211.903428] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.006585] IPVS: ftp: loaded support on port[0] = 21
[  212.128706] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  212.136026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  212.145305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  212.439926] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  212.447735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.457003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.706785] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  212.714547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  212.724057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  213.999047] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.005683] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.014622] device bridge_slave_0 entered promiscuous mode
[  214.246605] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.253356] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.262153] device bridge_slave_1 entered promiscuous mode
[  214.471800] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  214.655969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  215.349166] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.355789] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.362921] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.369395] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.378590] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  215.408717] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  215.598746] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  215.897445] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  216.176383] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  216.183657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  216.914744] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  216.923215] team0: Port device team_slave_0 added
[  217.137327] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  217.145775] team0: Port device team_slave_1 added
13:19:17 executing program 2:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)

[  217.459630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  217.466861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  217.475991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  217.699211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  217.706401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  217.715513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  218.024377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  218.032087] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  218.041137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  218.385063] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  218.392881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  218.402166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  218.547219] IPVS: ftp: loaded support on port[0] = 21
[  221.290221] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.296906] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.305588] device bridge_slave_0 entered promiscuous mode
[  221.600061] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.606759] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.616598] device bridge_slave_1 entered promiscuous mode
[  221.854701] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.861229] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.868319] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.874865] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.883670] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  221.932159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  222.004548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  222.287564] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  223.077800] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  223.243391] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  223.429472] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  223.436717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  223.603327] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  223.610476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  224.458186] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  224.466688] team0: Port device team_slave_0 added
[  224.707667] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  224.716004] team0: Port device team_slave_1 added
[  225.054668] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  225.062077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  225.071066] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  225.428914] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  225.436225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  225.445421] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
13:19:25 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000140)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)

[  225.662562] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  225.670212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  225.679628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  226.067909] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  226.075724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  226.085038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  227.328509] IPVS: ftp: loaded support on port[0] = 21
[  227.631936] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.966514] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  230.236833] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.243385] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.250354] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.256963] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.266119] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  230.422814] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  230.429256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  230.437541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  230.821577] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.828532] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.837253] device bridge_slave_0 entered promiscuous mode
[  230.892077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  231.174121] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.180603] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.189294] device bridge_slave_1 entered promiscuous mode
[  231.581130] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  231.716651] 8021q: adding VLAN 0 to HW filter on device team0
[  231.947403] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  233.116645] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  233.450944] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  233.846859] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  233.854037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  234.224863] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  234.232150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  235.318934] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  235.327225] team0: Port device team_slave_0 added
[  235.653635] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  235.662045] team0: Port device team_slave_1 added
[  236.087298] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  236.094965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  236.104157] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
13:19:36 executing program 4:
ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000400))
openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x0, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
write(r1, &(0x7f0000000340), 0x10000014c)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r3=>0x0})
ioctl$SG_GET_COMMAND_Q(r2, 0x2270, &(0x7f00000001c0))
pselect6(0x40, &(0x7f00000000c0)={0x64}, &(0x7f0000000100), &(0x7f0000000140)={0x8}, &(0x7f0000000200)={0x0, r3+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8})
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  236.387330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  236.394597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  236.403911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  236.503893] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.919069] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  236.929168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  236.938210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  237.287504] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  237.295203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  237.304356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  238.067717] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  238.310940] IPVS: ftp: loaded support on port[0] = 21
[  239.833241] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  239.839645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  239.847855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  241.466700] 8021q: adding VLAN 0 to HW filter on device team0
13:19:41 executing program 0:
socket(0xa, 0x0, 0x0)

13:19:42 executing program 0:
socket(0xa, 0x0, 0x0)

[  242.587870] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.594563] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.601601] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.608269] bridge0: port 1(bridge_slave_0) entered forwarding state
[  242.617292] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  242.654443] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.661031] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.669895] device bridge_slave_0 entered promiscuous mode
13:19:42 executing program 0:
mmap(&(0x7f0000000000/0x5000)=nil, 0x5000, 0xfffffc, 0x10031, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x10001, 0x400000)
ioctl$DRM_IOCTL_FREE_BUFS(r0, 0x4010641a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[0xfffffffffffffffd]})
keyctl$dh_compute(0x17, &(0x7f0000000580), &(0x7f00000005c0)=""/214, 0xd6, &(0x7f0000000780)={&(0x7f00000006c0)={'sha512-avx2\x00'}, &(0x7f0000000700)})

[  242.903820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  243.121408] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.127995] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.137127] device bridge_slave_1 entered promiscuous mode
13:19:43 executing program 0:
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
socket(0x1, 0x4, 0x3)
socketpair$unix(0x1, 0x80000000003, 0x0, &(0x7f0000000100)={0x0, <r0=>0x0})
sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0)

[  243.614034] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
13:19:44 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000011c0)={&(0x7f0000000000), 0xc, &(0x7f0000001180)={&(0x7f0000001100)=@gettfilter={0x24, 0x2e, 0xc13, 0x0, 0x0, {0x0, 0x0, {}, {}, {0x0, 0x1}}}, 0x24}}, 0x0)

[  243.995009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
13:19:44 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = getpgid(0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1})
close(r0)
io_setup(0x8, &(0x7f0000000100)=<r2=>0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x101, 0x0)
io_submit(r2, 0x1ffffffffffffe37, &(0x7f0000000080))

13:19:44 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='gid_map\x00')
r1 = getpgrp(0xffffffffffffffff)
syz_open_procfs(r1, &(0x7f00000000c0)='ns\x00')
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/68, 0x44}], 0x1, 0x4)

[  245.303185] bond0: Enslaving bond_slave_0 as an active interface with an up link
13:19:45 executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, &(0x7f0000040000))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
clock_nanosleep(0x2, 0x0, &(0x7f0000000100)={0x0, 0x989680}, 0x0)
socketpair(0x13, 0xf, 0xab6, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x80000)
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f0000000080)={0x3, r3})
tkill(r0, 0x15)

[  245.726936] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  246.111133] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  246.118492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  246.485099] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  246.492303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  247.045113] 8021q: adding VLAN 0 to HW filter on device bond0
[  247.655894] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  247.664238] team0: Port device team_slave_0 added
[  248.029203] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  248.037659] team0: Port device team_slave_1 added
[  248.386655] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  248.399963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  248.407164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  248.416110] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  248.783194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  248.790275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  248.799191] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  249.101976] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  249.109604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  249.118772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  249.498834] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  249.506652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  249.515680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  249.619470] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  249.626281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  249.634294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
13:19:50 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000015c0)={r4, 0x0, 0x2, r2})
r5 = eventfd(0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r5, 0xfffffffffffffffb, 0x2, r2})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000))

[  250.633725] 8021q: adding VLAN 0 to HW filter on device team0
[  250.845156] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  252.422687] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.429197] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.436280] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.442844] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.451254] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  252.458008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  255.551448] 8021q: adding VLAN 0 to HW filter on device bond0
13:19:55 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f00000002c0)="8f497c807322f3476f0f20d835080000000f22d8401a15151c5e7e0f001f410f01ca460f01ca6444d87ba80f017a0066baf80cb81c4ab388ef66bafc0cb80c280000ef", 0x43}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000007c0)={"a523fb9656eb871ffcd7ffeb51d84e738a55eba841ae487e33cdd921e8a51ce6c924020f0ac3562dd8cdeb31deac16f46da4ac16ee8165bce439eddce671c5b0a1103ea3f86a43cbb78504f6f9c77c2f09dc27632ec6036ee52a87e321e707c0cfe15576c26d52d0334c8d4693e127b3a046a5ed7796c9c5017cfd58ec871ed76369846fea9ebfa2f7f96496abf4ef57ed1ecd930eb9e13396875f01e932804ffe8a34c8fbedd97cdfb3176ec59fbbfd20a6ff17795431c3908530e4f5f703480a5211cc6a7e2084e4a9b6aedf60b7b8084b00ca2cbed255b4cc4679c967432fea5e95119f9635e94794aab6ef54f290677fa08d0ee2cc8eae468efd02417055d3f3ccc86b629dfb878c4d115c16c75fe352cffa93648cf49577256b5d2faf0634335c97ffff966ae90cbf81250df3613c25d2789c869c9cc95a6e9d364c4c684059c593f9950e66cf81cd9f36d73fade4f0cbb795010364d13ff32c12efd91d0ebb6533700945f2db6113a630bd521eec89a74c46e1733b72d6e4d2ccee3b40f99809a9a4fb5fc2d1c53e1366d455bcbe81893100ab56b2556b55c1a0c5787356b464c3bf7011488e55f587a6d4420d46d69a74ee5bbfbcb0d6cb00aae8c3dfd6dd2e9f76d7a542f20553207b668dce69f1b463ee9166e81bb109f461b8885f15c9e525d72260ccdbd69e3345612158114780b9409ea856cb724faa6ed27ba836b35c10e7c7d43f2fa34f98f16a00f31565e16a213eaf4a7f438c89733ebe6d16328b930fd942bc64d631dd1f2aa1cc2ccdaff2324076c83e1ba4d2a0e40e010c96b42e7a4a76cd7a89ef592b9b3030f62d9fbd565ee5908ab90b42620b61e5d1e08621a31d21003cd12a450461636472fa64a7e1b98778bfb482fb4b4da31b42ee98b10f9c0f4c085d08c37ee2e3a9e4a5aff72a0ab844fcbfa224842c85f6cdfd25829c44760e3859624f891df4824f7d17938ac2def6721639176fad9512ee9b4c5de1412cf3083e1d5ee2d29b63267ccba535409da7bef05d3fa79a3ef037ee609e01ad345ee17f48b5e8510f767de35df4dfb856f7533ad88866c6b01fe345107ba7191a8809e2e014492acf9c4f35cad664198a65c55f884490f4b30b4526324be842c393f336f16bea2bf6c6b917fdb751e12ff689ab4ffa44625a8b2bc1de4e88682abe5ce9d1942792747681ad23c31046d825140987f19a9cf10323c3f50a20f35a6d1dd8ca6758296b4537a0da1a853011b777623c8774b3689897cf9264a7782470847f36a8093faee04114663438ab39d8a777fb3e10cb4a2402a939a98d387087c5ca5fd8fbc4d96ae698b5bb84a0a8484e2b85743e623a033eb5b1889ccfb4b95885bc69d4c1cb819b95e7923e557c9ec9ec10e94d1e1295fc2f256fa095036f6cfc04c414fc57fc72c120614a586089c93741e97a61c466"})
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f00000000c0)=0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, &(0x7f0000000400), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
msgget$private(0x0, 0x0)

[  256.112947] ==================================================================
[  256.120383] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830
[  256.128045] CPU: 0 PID: 7295 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #66
[  256.135245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  256.144613] Call Trace:
[  256.147228]  dump_stack+0x306/0x460
[  256.150879]  ? vmx_set_constant_host_state+0x1778/0x1830
[  256.156374]  kmsan_report+0x1a2/0x2e0
[  256.160217]  __msan_warning+0x7c/0xe0
[  256.164051]  vmx_set_constant_host_state+0x1778/0x1830
[  256.169368]  vmx_create_vcpu+0x3e6f/0x7870
[  256.173637]  ? kmsan_set_origin_inline+0x6b/0x120
[  256.178517]  ? __msan_poison_alloca+0x17a/0x210
[  256.183226]  ? vmx_vm_init+0x340/0x340
[  256.187139]  kvm_arch_vcpu_create+0x25d/0x2f0
[  256.191677]  kvm_vm_ioctl+0x13fd/0x33d0
[  256.195707]  ? __msan_poison_alloca+0x17a/0x210
[  256.200442]  ? do_vfs_ioctl+0x18a/0x2810
[  256.204547]  ? __se_sys_ioctl+0x1da/0x270
[  256.208734]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  256.213610]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  256.218490]  do_vfs_ioctl+0xcf3/0x2810
[  256.222448]  ? security_file_ioctl+0x92/0x200
[  256.226994]  __se_sys_ioctl+0x1da/0x270
[  256.231048]  __x64_sys_ioctl+0x4a/0x70
[  256.234969]  do_syscall_64+0xbe/0x100
[  256.238804]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  256.244013] RIP: 0033:0x457579
[  256.247232] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  256.266845] RSP: 002b:00007ffa23201c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  256.274579] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  256.281865] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[  256.289149] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  256.296443] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffa232026d4
[  256.303729] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  256.311027] 
[  256.312664] Local variable description: ----dt@vmx_set_constant_host_state
[  256.319699] Variable was created at:
[  256.323459]  vmx_set_constant_host_state+0x2b0/0x1830
[  256.328681]  vmx_create_vcpu+0x3e6f/0x7870
[  256.332933] ==================================================================
[  256.340306] Disabling lock debugging due to kernel taint
[  256.345770] Kernel panic - not syncing: panic_on_warn set ...
[  256.345770] 
[  256.353258] CPU: 0 PID: 7295 Comm: syz-executor2 Tainted: G    B             4.19.0-rc4+ #66
[  256.362290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  256.372182] Call Trace:
[  256.374795]  dump_stack+0x306/0x460
[  256.378555]  panic+0x54c/0xafa
[  256.381819]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  256.387307]  kmsan_report+0x2d3/0x2e0
[  256.391144]  __msan_warning+0x7c/0xe0
[  256.394980]  vmx_set_constant_host_state+0x1778/0x1830
[  256.400292]  vmx_create_vcpu+0x3e6f/0x7870
[  256.404554]  ? kmsan_set_origin_inline+0x6b/0x120
[  256.409433]  ? __msan_poison_alloca+0x17a/0x210
[  256.414147]  ? vmx_vm_init+0x340/0x340
[  256.418066]  kvm_arch_vcpu_create+0x25d/0x2f0
[  256.422595]  kvm_vm_ioctl+0x13fd/0x33d0
[  256.426607]  ? __msan_poison_alloca+0x17a/0x210
[  256.431310]  ? do_vfs_ioctl+0x18a/0x2810
[  256.435390]  ? __se_sys_ioctl+0x1da/0x270
[  256.439572]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  256.444453]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  256.449332]  do_vfs_ioctl+0xcf3/0x2810
[  256.453296]  ? security_file_ioctl+0x92/0x200
[  256.457838]  __se_sys_ioctl+0x1da/0x270
[  256.461858]  __x64_sys_ioctl+0x4a/0x70
[  256.465778]  do_syscall_64+0xbe/0x100
[  256.469617]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  256.474832] RIP: 0033:0x457579
[  256.478047] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  256.497226] RSP: 002b:00007ffa23201c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  256.504960] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  256.512247] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[  256.519531] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  256.526815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffa232026d4
[  256.534097] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  256.542525] Kernel Offset: disabled
[  256.546160] Rebooting in 86400 seconds..