[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 58.253768] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 59.662637] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 [ 60.034436] random: sshd: uninitialized urandom read (32 bytes read) syzkaller login: [ 62.337224] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. [ 68.222432] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 09:00:37 fuzzer started [ 72.897793] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 09:00:42 dialing manager at 10.128.0.26:36867 2018/10/08 09:00:42 syscalls: 1 2018/10/08 09:00:42 code coverage: enabled 2018/10/08 09:00:42 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 09:00:42 setuid sandbox: enabled 2018/10/08 09:00:42 namespace sandbox: enabled 2018/10/08 09:00:42 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 09:00:42 fault injection: enabled 2018/10/08 09:00:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 09:00:42 net packed injection: enabled 2018/10/08 09:00:42 net device setup: enabled [ 77.417948] random: crng init done 09:03:25 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000000)=ANY=[@ANYPTR=&(0x7f00000003c0)=ANY=[]], 0xfffffc1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r1, &(0x7f00000004c0)=[{{&(0x7f0000000080)=@un=@abs, 0x80, &(0x7f0000000180)=[{&(0x7f0000000040)=""/58, 0x3a}], 0x1, &(0x7f00000003c0)=""/128, 0x80}}], 0x1, 0x0, &(0x7f0000000540)={0x77359400}) [ 239.662767] IPVS: ftp: loaded support on port[0] = 21 [ 241.984347] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.990840] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.999447] device bridge_slave_0 entered promiscuous mode [ 242.162858] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.169321] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.178147] device bridge_slave_1 entered promiscuous mode [ 242.319417] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 242.460509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 242.894618] bond0: Enslaving bond_slave_0 as an active interface with an up link 09:03:30 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000300)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000640)) [ 243.048868] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 243.380220] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 243.387390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 243.786845] IPVS: ftp: loaded support on port[0] = 21 [ 243.995922] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 244.004183] team0: Port device team_slave_0 added [ 244.214184] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 244.222584] team0: Port device team_slave_1 added [ 244.435534] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 244.442773] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.451915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.648675] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 244.655887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 244.664939] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 244.816332] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 244.824063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.833203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.093625] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 245.101180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.110404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.388721] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.395314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.402346] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.408801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.417755] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 247.462249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 247.478981] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.485737] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.494107] device bridge_slave_0 entered promiscuous mode [ 247.745911] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.752537] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.761146] device bridge_slave_1 entered promiscuous mode [ 247.983243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 248.167331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 248.829902] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 249.117559] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:03:36 executing program 2: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000880)={0x3, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @remote}}}, 0x108) [ 249.435413] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 249.444262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 249.754609] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 249.761907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 249.997664] ip (6408) used greatest stack depth: 53040 bytes left [ 250.268382] IPVS: ftp: loaded support on port[0] = 21 [ 250.480473] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 250.488608] team0: Port device team_slave_0 added [ 250.838624] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 250.846783] team0: Port device team_slave_1 added [ 251.196772] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 251.203961] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 251.212902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 251.371311] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 251.379004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 251.388124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 251.744163] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 251.751977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 251.761048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 252.067829] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 252.075783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 252.085017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 255.044066] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.050618] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.059101] device bridge_slave_0 entered promiscuous mode [ 255.082182] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.088626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.095623] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.102146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.110840] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 255.325939] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.332532] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.340906] device bridge_slave_1 entered promiscuous mode [ 255.550399] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 255.623126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 255.838629] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 256.494247] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 256.855409] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 257.145699] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 257.152860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 257.316283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 257.323459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:03:44 executing program 3: r0 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000140)={0xffffffffffffffff}) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(authenc(rmd256,xts-aes-aesni))\x00'}, 0x58) [ 258.299834] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 258.308092] team0: Port device team_slave_0 added [ 258.639035] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 258.647194] team0: Port device team_slave_1 added [ 258.961036] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 258.968299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 258.977419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 259.000841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.109041] IPVS: ftp: loaded support on port[0] = 21 [ 259.280499] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 259.287682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 259.296679] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 259.646605] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 259.654380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 259.663539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 260.104850] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 260.112539] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 260.121544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 260.255032] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 261.657148] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 261.663568] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 261.671276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 263.031789] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.126855] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.133461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.140349] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.146929] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.155996] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 264.421914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 265.233941] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.240429] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.248948] device bridge_slave_0 entered promiscuous mode [ 265.634144] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.640635] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.649259] device bridge_slave_1 entered promiscuous mode [ 266.056998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 266.409054] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 267.464678] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 267.831150] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:03:54 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, &(0x7f0000000280), 0xfffffffffffffedd, 0x20000004, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty={[0xe00000000000000]}}, 0x1c) close(r0) [ 268.286284] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 268.293462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 268.615090] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 268.622246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 269.293120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 269.367942] IPVS: ftp: loaded support on port[0] = 21 [ 269.794049] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 269.802198] team0: Port device team_slave_0 added [ 270.223219] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 270.231331] team0: Port device team_slave_1 added [ 270.619708] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 270.626964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 270.635881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 270.868682] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 271.036304] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 271.043541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 271.052354] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 271.495639] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 271.503357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 271.512453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 271.933297] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 271.940908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 271.950064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 272.129022] hrtimer: interrupt took 71382 ns 09:03:59 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="240000005e0007031dfffd946fa2830020200a0005000010b21d85680c1ba3a20c02ff7e", 0x24}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000003980)=[{{&(0x7f0000000080)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000000740), 0x0, &(0x7f00000007c0)=""/217, 0xd9}}], 0x1, 0x0, &(0x7f0000003b40)) [ 272.603148] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 272.609535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 272.617528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 09:03:59 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") fsetxattr$security_evm(r0, &(0x7f0000000080)='security.evm\x00', &(0x7f0000000100)=@v1={0x2, "235a2611"}, 0x5, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000000)={{0x7fffffff, 0x1000000004001}}) 09:04:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x72, 0xffffffffffffffff, 0x0) socketpair$inet6(0xa, 0x80005, 0x10000, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getgid() getsockopt$netlink(r0, 0x10e, 0x7, &(0x7f0000000000)=""/8, &(0x7f0000706ffc)=0x2) ftruncate(r1, 0x8000) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x1, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f00000000c0)) 09:04:00 executing program 0: r0 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) ioctl$EXT4_IOC_RESIZE_FS(r0, 0x40086610, &(0x7f00000008c0)=0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00005d5ff3)={0x2, 0x4e20, @rand_addr}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x200000000000a, &(0x7f0000df8ffc)=0x4, 0x4) sendto$inet(r1, &(0x7f0000de1fff), 0x0, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x5, 0x4) fsetxattr$security_smack_entry(r1, &(0x7f0000000040)='security.SMACK64IPOUT\x00', &(0x7f0000000080)='+bdev&\x00', 0x7, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000defffc), 0x4) sendto$inet(r1, &(0x7f00000000c0)="11a58fde7649496403db92ed306004b3d3cbfc195485c3b895d864ab91a3aebde4f70a917a91ec9612d004000a7b43a35bb73249ede41bf5c05ab608fb7b74ffd57f6e8e43cf9cb723fc0d8d8cabbbbae3a5fde8ad6f52d667c512596f50b9962aa2193688d872a7eeca57801742d74d39c4b003a5e292e077ed102e7999329aab95a3d96363505f76c86a6d2352dd8025207ae531701f1ce353d6b017eb64000000bc2e9f8b66fe4a8e64f0fc7a0aa55d4103e1d7d5b0dd5750071e9b3a786021678a86fcbb0b9f9364ec0f0310306fef9c21b3b20d8b44423b495299cea2c6f40c377a72534453ad7f5af27b1efb2514ace1f9a68cf205a9ddb8fd954e34bde3612e6e05686cf3b968a14bd3a356f7b8d20214c0f7a388ef5ea8d063c65f2aabff685e69f86b4a0b3697f8bfbfe66796f0489ad2e49bdbc1742941c28c88cb93e1f8ccc3db4782cdf9cbd797ddc8d7b1364da50ad48e081a38622280169eba5c6a3bf9b5f15bdf8a8b6483340a3297c31154905db209195c28f15d10153204fbe0586516c714ddc939e0eb68c73969e81fc6f215b476ddf3fcf1a604603360089dadba2779cfed9027ac163067fc0d7592ac8a013b907372a42b242405241ac1f63f85a52fff2d78b30e87a156b5cfa133dabc259bb027bec5eb8c8eb623e9776a13d3ce972a6769de8a78153f498084a244b0146b77be3d1cba7b02fe8906ed8a88f105c763d1772825b986d52823bf38b6f95eca494fd9c64497874b9f450bec65311493cc108b27611eaa6819305a3730d29368f25f7e816d60884a1e0271c3c786ad36391366ac3b65f04c148974f6973005c5ff73d6f0b3f7e44c65da7c4115c4ee543991e4ad26938384cafffffffc8f7e79aaf1b8ef37f627e3c7168ecda2cf224a491bea6129fcd954b88dbb2d29464931bcd5378041db67ddc70ee856ae09c1b26b9ada008a7d52bf1a160606865a29794f36b2a3811c66e9fe27af8fc8356374e37f3eca244367fb535dde71fae4683710761b89f18820d4f06065450c3d1f76fa26ef28320edf6c36480af14f4444edb40ebb3f8ea264486ec31c40c7f0007a69c24da10db6f60da3e648f16b5fc6b5a5c6217e46c1f3ff354a8b49beb3b46a69dcb4c5d547a7b7ba8fe22da0173f9fe80f4bd47afbec4d2e0d3c91b1a326d8bb9fded873e87f847032af52bd6d129f3ce3f11ea9d0b4250af7eaa2649d9972b9b8dc773c869b3a431eac7f55d6bb92dc29f08d7d8959e2af7571efb7ec88eac4b62850e8f6b60d4a5d06d66875b4bd260a9014a2eb88621f4c6eb3f9ed2190b48acf0358d8b82fb4794535fcb8dd50ba86d23d230a94f07a768142ff3b4c8558dac21726b6279980c238041f26e86c8e3fa83028345999464e3e37d610ab7c15daaffb744a505a3dd9802b3721f29553ee23e1cf376f12cc3fe6b7ac76bd13da44356855be096155e355c9cad31fcdeedc6679c531bc1a2765dc8777108ec5e31d793005e718a9ced77d6505e44f649128a29f5264fecba132f9f5016eaf690751edd64d903b36ceb2b08042c60e9e97f8bc985476e6088a5ebd3743c2358171b30b16d730a5dd49c92fa19cc267e2c1927f200fc3d23a804f0a12b06a6a88a2685051ab28f1721209ada2c14b557a49423795b07040d510bb21ce5d15acedd18cb7cb7a93389ceb934206e4ffb220048a7a82fb3c251d0a31ba5af9eb0c16e29f33f9d0a78f5e6300cf04d17eb5f67711cafa0d4e99eeaf0f8fdbd34170318879a0d12c01891127ba7b677d204268524c5af1d7dc27176826302e34f9d35d2f2eefad5f22f68929d3456c11d5f00d4a8ce8b784bca8088805731eff2d47024c2da68abc2d2c0f7806d7d76cdf489f3bffa75cb826bc0809331d89a3255a498b8150d4ae31d03414ab244939455b6377c2917cb2d8a9f9ebf282657e417860e49ac94f4a838aefd34f28960a78da47933252d8cb2fdb27d413ee54502cd1bf75585468b77b8dca627cab29ef0a5297ee3dcb4c987520804e9a5f45e8241019281bab7e30f4b008bf0edf3b6fb5e8d1c2ab619b2eb84293d636a6a37d716cd8e102b7099676693cb7b01031b57ee93fd22cb18229893fd4d4ef87f1596879ac9f61b2f0c35be34cb6e6f75087ff963c188d43bcb464a95e956e75559eb1f6f2224fb2ca8f0bdc90ae5c2ce712498ee4026b13b8f3137000aa1545a75e5b48e80da30e6dac5529cac1099244e79ad542f45dcfbf16c62b5eb63daee8185c5e79ebfa1ca60880f9e2895f54ab95bbae38ae62200c1e439d73fa63d0bff75935a8ad2ae73b82132e8d4eb4bd55844b2f55c65d5ffa0c65aaf0cc5bc73925d05cf7c1c4383af074feb3a53919d2a3b5bef96115aab966821dbfc4577d19d85911a485c58a5b87cf44d230cfdc255486bb09d5c16f2164397f0fc5f652a171f0269bdcd98291410c010cc377d2690a6032fe5701117adbd0f6b847c9617a9b3d20529024d8d9749b9c49827694d346d3b1bbe434122331986b9f6e84430dfd75d123f3e307d6f5514f3da09b527408bfb6816da54beeefad160e4b095517f3292c2e17fb3bba47527671d0afe7c35d54d25ab307b15d069a05395a9cddd4b519224fe3c689d14827ede6d91ebace2a80afaad3dcd1f8ce20e92012b8934d7ff3ebdd285cc24202a86d70b96674a6af05a3c29065afa4e38b9c34006cb3eb9c87985cfc511a8c261cdeb0c7a3c7a682c40c5b9f1d7d5ef6f97e32d02fdd3f2ded413f4a36c4db899b96c8e40d91c2743cd1d435013e3c3431c82fc5b3345b66cce79fa49f10baa4ef28535eee8c5c1a4b38bace2fb14ec11d34d620b1cc2396dc1fa857ac6ac9f5689b5935f2f25184edd40f8f5c70", 0x7f9, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f0000df6fc8)={&(0x7f0000df6f80)=@generic, 0x80, &(0x7f0000df5000)=[{&(0x7f0000df5f6e)=""/146, 0x92}, {&(0x7f0000df6f74)=""/140, 0x8c}, {&(0x7f0000df5f18)=""/232, 0xe8}, {&(0x7f0000409fa2)=""/94, 0x5e}, {&(0x7f00007a7f19)=""/231, 0xe7}, {&(0x7f0000d76f57)=""/169, 0xa9}, {&(0x7f00009e3000)=""/230, 0xe6}], 0x7, &(0x7f0000c27ff9)=""/7, 0x7}, 0x0) [ 273.932859] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 274.412214] 8021q: adding VLAN 0 to HW filter on device team0 09:04:01 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x2, 0x1) ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f00000002c0)={0x10001, 0x9, 0x7fff}) ioctl(r0, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = socket$inet(0x10, 0x80002, 0x0) sendmsg(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000240007031dfffd946fa2830020200a0005000000001d8568251ba3a20400ff7e280000001100ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) r3 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x6, 0x101000) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) fstat(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(r3, &(0x7f0000000140)='./file0\x00', r4, r5, 0x500) [ 274.703478] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. [ 274.765477] netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. 09:04:02 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000580)="b7f2288a91199311265df5cf1cdd8b557e1a2dcfb8ebd8ada30a3b861685806e20f6b91f9e74dcbc259ed8eb415d6c604bb4663d64cb5b1d722b738b6286867d0913aabacb4a812bd81000000000008695eb0dff3d67318553fd4b20730fb31b73c68ec266de4dc5d0a2bfa9c10ab6ab5c8b09200a17b272847620c863dad546f90b1790ed6e0fc91221c3374cac29aa638dbdd8fffe10bad0bea9a2b105c8d170fc5f46b04ad30815aa594406fc1a220b24057e012d9628b9e9617556b86f941ce851ea0261cae755446d0255fd737a", 0xffffffffffffff6c) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x86b3d8b1) recvmmsg(r1, &(0x7f0000002c40)=[{{&(0x7f0000000240)=@nfc_llcp, 0x80, &(0x7f0000000440)=[{&(0x7f0000000000)=""/22, 0x16}, {&(0x7f0000000180)=""/53, 0x35}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/208, 0xd0}, {&(0x7f00000003c0)=""/84, 0x54}], 0x5, &(0x7f00000004c0)=""/163, 0xa3, 0x1ff}, 0x8000}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f00000029c0)=""/76, 0x4c}], 0x1, &(0x7f0000002b80)=""/138, 0x8a}}], 0x2, 0x100, &(0x7f0000002d00)={0x77359400}) 09:04:02 executing program 0: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0xe00, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0xa075, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4000000, 0x0, 0x20000000000000, 0xb0f6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x6, 0x6, 0x0, 0x0, 0x5}, r1, 0x0, 0xffffffffffffffff, 0x0) 09:04:03 executing program 0: r0 = accept(0xffffffffffffffff, &(0x7f0000000040)=@nfc_llcp, &(0x7f00000000c0)=0x80) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x38, &(0x7f0000000100)=[@in6={0xa, 0x4e22, 0x1, @mcast2, 0x5}, @in6={0xa, 0x4e23, 0x1f, @ipv4={[], [], @local}, 0xf52b}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000001c0)=ANY=[@ANYRES32=r1, @ANYBLOB="eb000000c57525d43ccd0a3c582dd3ed2fe7fc831175ade0a94a3faea03df75bbd055dae30e966446e40723f71d45d892749885754338a0fbd6bfa7d005b0c6b8880037ee6fb871d851ef00eb59c24beee5caf1c63a502702f0dc5bffffae982c118b301d3db9bca"], &(0x7f0000000240)=0x6c) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r2, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f0000033ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r2, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000810000)={0x0, 0x2}, 0x3a) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f00000004c0)) shutdown(r2, 0x1) [ 276.846914] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.853559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.860459] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.867016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.875464] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 276.902797] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 277.052484] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.058992] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.067574] device bridge_slave_0 entered promiscuous mode [ 277.502482] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.508960] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.517507] device bridge_slave_1 entered promiscuous mode [ 277.891574] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 278.242384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 279.472954] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 279.747565] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 280.101578] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 280.109114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 280.349419] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 280.356661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 280.866153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 281.210360] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 281.218807] team0: Port device team_slave_0 added [ 281.473853] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 281.482023] team0: Port device team_slave_1 added [ 281.732766] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 281.739879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 281.748698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 281.997742] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 282.005472] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 282.012635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 282.021233] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 282.293541] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 282.301131] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 282.310127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 282.617828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 282.625482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 282.634361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 282.675808] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 282.704463] ================================================================== [ 282.711869] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 282.718481] CPU: 0 PID: 7186 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #63 [ 282.725853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.735218] Call Trace: [ 282.737830] dump_stack+0x306/0x460 [ 282.741483] ? _raw_spin_lock_irqsave+0x227/0x340 [ 282.746350] ? vmx_create_vcpu+0x10df/0x7920 [ 282.750808] kmsan_report+0x1a3/0x2d0 [ 282.754686] __msan_warning+0x7c/0xe0 [ 282.758528] vmx_create_vcpu+0x10df/0x7920 [ 282.762801] ? kmsan_set_origin_inline+0x6b/0x120 [ 282.767710] ? __msan_poison_alloca+0x17a/0x210 [ 282.772452] ? vmx_vm_init+0x340/0x340 [ 282.776381] kvm_arch_vcpu_create+0x25d/0x2f0 [ 282.780935] kvm_vm_ioctl+0x13fd/0x33d0 [ 282.784954] ? __msan_poison_alloca+0x17a/0x210 [ 282.789678] ? do_vfs_ioctl+0x18a/0x2810 [ 282.793776] ? __se_sys_ioctl+0x1da/0x270 [ 282.797956] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 282.802828] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 282.807706] do_vfs_ioctl+0xcf3/0x2810 [ 282.811650] ? security_file_ioctl+0x92/0x200 [ 282.816203] __se_sys_ioctl+0x1da/0x270 [ 282.820225] __x64_sys_ioctl+0x4a/0x70 [ 282.824145] do_syscall_64+0xbe/0x100 [ 282.827988] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 282.833192] RIP: 0033:0x457579 [ 282.836448] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 282.855381] RSP: 002b:00007f8398b58c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 282.863114] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 282.870431] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 282.877715] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 282.885525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8398b596d4 [ 282.892817] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 282.900160] [ 282.901807] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 282.908742] Variable was created at: [ 282.912480] vmx_create_vcpu+0xd5/0x7920 [ 282.916564] kvm_arch_vcpu_create+0x25d/0x2f0 [ 282.921092] ================================================================== [ 282.921163] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 282.928455] Disabling lock debugging due to kernel taint [ 282.928471] Kernel panic - not syncing: panic_on_warn set ... [ 282.928471] [ 282.928500] CPU: 0 PID: 7186 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #63 [ 282.928513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.928537] Call Trace: [ 282.934885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 282.940118] dump_stack+0x306/0x460 [ 282.948768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 282.956106] panic+0x54c/0xafa [ 282.956178] kmsan_report+0x2cd/0x2d0 [ 282.991749] __msan_warning+0x7c/0xe0 [ 282.995586] vmx_create_vcpu+0x10df/0x7920 [ 282.999861] ? kmsan_set_origin_inline+0x6b/0x120 [ 283.004740] ? __msan_poison_alloca+0x17a/0x210 [ 283.009445] ? vmx_vm_init+0x340/0x340 [ 283.013393] kvm_arch_vcpu_create+0x25d/0x2f0 [ 283.018180] kvm_vm_ioctl+0x13fd/0x33d0 [ 283.022197] ? __msan_poison_alloca+0x17a/0x210 [ 283.026904] ? do_vfs_ioctl+0x18a/0x2810 [ 283.030989] ? __se_sys_ioctl+0x1da/0x270 [ 283.035165] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 283.040040] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 283.044908] do_vfs_ioctl+0xcf3/0x2810 [ 283.048835] ? security_file_ioctl+0x92/0x200 [ 283.053356] __se_sys_ioctl+0x1da/0x270 [ 283.057371] __x64_sys_ioctl+0x4a/0x70 [ 283.061287] do_syscall_64+0xbe/0x100 [ 283.065142] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 283.070354] RIP: 0033:0x457579 [ 283.073573] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 283.092515] RSP: 002b:00007f8398b58c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 283.100291] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 283.107579] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 283.114881] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 283.122171] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8398b596d4 [ 283.129461] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 283.137834] Kernel Offset: disabled [ 283.141487] Rebooting in 86400 seconds..