[ 53.215879] sshd (5997) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 53.426652] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 53.792809] audit: type=1800 audit(1539172128.841:29): pid=5930 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 55.298271] random: sshd: uninitialized urandom read (32 bytes read) [ 55.716749] random: sshd: uninitialized urandom read (32 bytes read) [ 57.924567] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts. [ 63.639751] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 11:49:00 fuzzer started [ 67.962861] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 11:49:05 dialing manager at 10.128.0.26:45337 2018/10/10 11:49:05 syscalls: 1 2018/10/10 11:49:05 code coverage: enabled 2018/10/10 11:49:05 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 11:49:05 setuid sandbox: enabled 2018/10/10 11:49:05 namespace sandbox: enabled 2018/10/10 11:49:05 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 11:49:05 fault injection: enabled 2018/10/10 11:49:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 11:49:05 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/10 11:49:05 net device setup: enabled [ 72.569813] random: crng init done 11:50:47 executing program 0: syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)) [ 173.234112] IPVS: ftp: loaded support on port[0] = 21 [ 174.442269] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.448735] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.458839] device bridge_slave_0 entered promiscuous mode [ 174.587228] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.593766] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.602232] device bridge_slave_1 entered promiscuous mode [ 174.729577] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.856181] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.243719] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.375807] bond0: Enslaving bond_slave_1 as an active interface with an up link 11:50:50 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) capget(&(0x7f0000000040), &(0x7f0000000100)) [ 176.031255] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.039121] team0: Port device team_slave_0 added [ 176.294357] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.302572] team0: Port device team_slave_1 added [ 176.573702] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 176.591121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 176.600058] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.725058] IPVS: ftp: loaded support on port[0] = 21 [ 176.835190] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.045495] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.053180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.062866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.240292] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.248124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.257055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.703829] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.710360] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.718746] device bridge_slave_0 entered promiscuous mode [ 178.914227] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.920704] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.929186] device bridge_slave_1 entered promiscuous mode [ 179.128226] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.282553] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.423297] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.429782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.436939] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.443498] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.452279] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.897350] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.912765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.077862] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.264384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.271459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.403965] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.411063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:50:55 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) clone(0x0, &(0x7f0000000100), &(0x7f0000000000), &(0x7f00000001c0), &(0x7f0000000200)) flistxattr(r0, &(0x7f0000000200)=""/140, 0x8c) [ 181.225479] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.233716] team0: Port device team_slave_0 added [ 181.488024] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.496166] team0: Port device team_slave_1 added [ 181.708850] IPVS: ftp: loaded support on port[0] = 21 [ 181.835670] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.843647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.852637] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.106138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.113327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.122234] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.413255] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.420818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.429944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.603190] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.610745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.619896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.403859] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.410311] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.418896] device bridge_slave_0 entered promiscuous mode [ 184.711507] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.718189] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.726654] device bridge_slave_1 entered promiscuous mode [ 184.971460] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.181983] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.493520] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.499997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.507102] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.513621] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.522473] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.888298] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.075595] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.176946] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.435378] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 186.442564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.737422] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 186.744876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:51:02 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, &(0x7f0000000100)="66b8e6008ec0400fc71948b85b6de0a1d4eddd610f23c00f21f835000009000f23f866bad00466b8440066ef66baf80cb8883fed84ef66bafc0cb87e220000efc7442400d7000000c744240208000000ff1c24c7442400651a95c6c744240200300000c7442406000000000f011424b9800000c00f3235000800000f30c4027d1e3fb8010000000f01d9", 0x8a}], 0x1, 0x0, &(0x7f00000001c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 187.688641] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 187.696842] team0: Port device team_slave_0 added [ 188.074356] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.082664] team0: Port device team_slave_1 added [ 188.385803] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.393086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.401943] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.797569] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 188.804794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.813608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.088079] IPVS: ftp: loaded support on port[0] = 21 [ 189.208835] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.216634] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.225968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.599459] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.607348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.616404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.555358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.727248] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.298385] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.305077] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.313625] device bridge_slave_0 entered promiscuous mode [ 192.640467] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.647208] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.655853] device bridge_slave_1 entered promiscuous mode [ 192.983313] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 193.101239] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.107960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.116092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.145459] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.152031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.158916] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.165528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.174134] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.321379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 193.752911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.329618] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 194.356468] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.655718] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.013503] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 195.020590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.334076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 195.341201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.328383] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 196.336521] team0: Port device team_slave_0 added [ 196.655651] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 196.663886] team0: Port device team_slave_1 added 11:51:11 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000040)={0xfffffffffffffffe}) [ 197.045783] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 197.053049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.062046] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.422360] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 197.429492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.438452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.818849] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 197.826625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.835338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.223747] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 198.231356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.240745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.479307] IPVS: ftp: loaded support on port[0] = 21 [ 198.609401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.225452] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.686120] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.692728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.700678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.080197] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.086910] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.095360] device bridge_slave_0 entered promiscuous mode [ 202.434209] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.440668] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.449189] device bridge_slave_1 entered promiscuous mode [ 202.688760] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.695357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.702384] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.708849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.717448] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 202.828175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.202133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 203.224410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.273048] 8021q: adding VLAN 0 to HW filter on device team0 11:51:18 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000040)={@remote}, 0x14) 11:51:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x80000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f00000004c0)={0x2, 0x37, 0x210}, 0x14}}, 0x0) [ 204.412762] bond0: Enslaving bond_slave_0 as an active interface with an up link 11:51:19 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@kern={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000040)}, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) r2 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0xfd1, 0x20000) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f0000000080)={0x2}, 0x1) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0xfffffffc, &(0x7f0000002d80), 0x0, &(0x7f0000000000), 0x30b}}], 0x1, 0x0) [ 204.832530] bond0: Enslaving bond_slave_1 as an active interface with an up link 11:51:20 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)='6', 0x1) r1 = accept$alg(r0, 0x0, 0x0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x400000, 0x0) gettid() ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000200)={{0x3, 0xd08}, {0x9, 0x1000}, 0x10000000cac2, 0x1, 0x40}) sendmmsg(r1, &(0x7f0000007b40)=[{{&(0x7f0000000180)=@l2, 0x80}}, {{&(0x7f0000000080)=@hci, 0x80, &(0x7f0000007680), 0x0, &(0x7f00000076c0)}}], 0x2, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x480000, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000040)=0x9, 0x4) [ 205.299659] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 205.307532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 11:51:20 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x200000, 0x0) r2 = shmget$private(0x0, 0x1000, 0x1801, &(0x7f0000b04000/0x1000)=nil) shmctl$IPC_RMID(r2, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffc000/0x3000)=nil, 0x3000}, &(0x7f0000000100)=0x10) getsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f0000000080), &(0x7f0000000040)=0x2f) [ 205.747621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.755006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:51:20 executing program 0: r0 = socket$inet6(0xa, 0x80000, 0x2) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080)=0x8001, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000240)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x0, 0x0, @loopback}], 0x14) 11:51:21 executing program 0: r0 = socket$inet6(0xa, 0x80000, 0x2) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080)=0x8001, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000240)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x0, 0x0, @loopback}], 0x14) 11:51:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) io_setup(0x8, &(0x7f0000000140)=0x0) r2 = socket(0x1e, 0x1000000000005, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000048}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r3, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8001}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x928a}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x4014) sendmsg(r2, &(0x7f0000db5fc8)={&(0x7f00004aeb5c)=@generic={0x10000001001e, "030000000000000000000001e526cc573c5bf86c483724c71e14dd6a739effea1b48007be61ffe06d79f00000000000000076c3f010039d8f986ff01000000000000af06d5fe32c419d67bcbc7e3ad316a198356edb9b7341c1fd45624281e27800ece70b076c3979ac40000bd767e2e78a1dfd300881a1565b3b16d7436"}, 0x80, &(0x7f0000000300), 0x0, &(0x7f000016cf61)}, 0x0) io_submit(r1, 0x1400, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000140), 0x5ee}]) [ 207.003014] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 207.011063] team0: Port device team_slave_0 added [ 207.361315] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 207.369411] team0: Port device team_slave_1 added [ 207.748712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 207.756017] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.765057] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.111805] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 208.118968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.127920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.396725] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.406060] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.415054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.634766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.716690] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 208.724560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.733410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.518884] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 210.505997] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 210.512684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.520396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 11:51:26 executing program 1: [ 211.575041] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.707800] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.714371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.721251] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.727992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.736382] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.745074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.952198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.618916] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 216.279407] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 216.285992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.293995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 11:51:31 executing program 2: [ 216.918559] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.038524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.540425] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.991027] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 219.997542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.005534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.111543] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 220.141962] ================================================================== [ 220.149389] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 220.157036] CPU: 0 PID: 7291 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #66 [ 220.164263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.173627] Call Trace: [ 220.176242] dump_stack+0x306/0x460 [ 220.179901] ? vmx_set_constant_host_state+0x1778/0x1830 [ 220.185376] kmsan_report+0x1a2/0x2e0 [ 220.189193] __msan_warning+0x7c/0xe0 [ 220.193022] vmx_set_constant_host_state+0x1778/0x1830 [ 220.198314] vmx_create_vcpu+0x3e6f/0x7870 [ 220.202556] ? kmsan_set_origin_inline+0x6b/0x120 [ 220.207408] ? __msan_poison_alloca+0x17a/0x210 [ 220.212092] ? vmx_vm_init+0x340/0x340 [ 220.215991] kvm_arch_vcpu_create+0x25d/0x2f0 [ 220.220500] kvm_vm_ioctl+0x13fd/0x33d0 [ 220.224501] ? __msan_poison_alloca+0x17a/0x210 [ 220.229184] ? do_vfs_ioctl+0x18a/0x2810 [ 220.233260] ? __se_sys_ioctl+0x1da/0x270 [ 220.237429] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.242290] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.247154] do_vfs_ioctl+0xcf3/0x2810 [ 220.251077] ? security_file_ioctl+0x92/0x200 [ 220.255602] __se_sys_ioctl+0x1da/0x270 [ 220.259603] __x64_sys_ioctl+0x4a/0x70 [ 220.263509] do_syscall_64+0xbe/0x100 [ 220.267335] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 220.272534] RIP: 0033:0x457579 [ 220.275830] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.294756] RSP: 002b:00007fa90c4c6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.302487] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 220.309761] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 220.317038] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 220.324316] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa90c4c76d4 [ 220.331603] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 220.338908] [ 220.340549] Local variable description: ----dt@vmx_set_constant_host_state [ 220.347564] Variable was created at: [ 220.351306] vmx_set_constant_host_state+0x2b0/0x1830 [ 220.356514] vmx_create_vcpu+0x3e6f/0x7870 [ 220.360755] ================================================================== [ 220.368118] Disabling lock debugging due to kernel taint [ 220.373575] Kernel panic - not syncing: panic_on_warn set ... [ 220.373575] [ 220.380958] CPU: 0 PID: 7291 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #66 [ 220.389538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.398902] Call Trace: [ 220.401508] dump_stack+0x306/0x460 [ 220.405159] panic+0x54c/0xafa [ 220.408386] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 220.413846] kmsan_report+0x2d3/0x2e0 [ 220.417759] __msan_warning+0x7c/0xe0 [ 220.421575] vmx_set_constant_host_state+0x1778/0x1830 [ 220.426880] vmx_create_vcpu+0x3e6f/0x7870 [ 220.431136] ? kmsan_set_origin_inline+0x6b/0x120 [ 220.435991] ? __msan_poison_alloca+0x17a/0x210 [ 220.440684] ? vmx_vm_init+0x340/0x340 [ 220.444593] kvm_arch_vcpu_create+0x25d/0x2f0 [ 220.449116] kvm_vm_ioctl+0x13fd/0x33d0 [ 220.453123] ? __msan_poison_alloca+0x17a/0x210 [ 220.458525] ? do_vfs_ioctl+0x18a/0x2810 [ 220.462611] ? __se_sys_ioctl+0x1da/0x270 [ 220.466785] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.471651] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 220.476513] do_vfs_ioctl+0xcf3/0x2810 [ 220.476561] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.480422] ? security_file_ioctl+0x92/0x200 [ 220.490803] __se_sys_ioctl+0x1da/0x270 [ 220.494805] __x64_sys_ioctl+0x4a/0x70 [ 220.498710] do_syscall_64+0xbe/0x100 [ 220.502535] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 220.507737] RIP: 0033:0x457579 [ 220.510937] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.529852] RSP: 002b:00007fa90c4c6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.537591] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 220.544883] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 220.552159] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 220.559438] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa90c4c76d4 [ 220.566718] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 220.575260] Kernel Offset: disabled [ 220.578902] Rebooting in 86400 seconds..