[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 56.239504] sshd (6069) used greatest stack depth: 53216 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 56.479911] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 59.894722] random: sshd: uninitialized urandom read (32 bytes read) [ 60.405570] random: sshd: uninitialized urandom read (32 bytes read) [ 62.953147] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.4' (ECDSA) to the list of known hosts. [ 68.685009] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 07:30:29 fuzzer started [ 73.227531] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 07:30:34 dialing manager at 10.128.0.26:36867 2018/10/08 07:30:34 syscalls: 1 2018/10/08 07:30:34 code coverage: enabled 2018/10/08 07:30:34 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 07:30:34 setuid sandbox: enabled 2018/10/08 07:30:34 namespace sandbox: enabled 2018/10/08 07:30:34 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 07:30:34 fault injection: enabled 2018/10/08 07:30:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 07:30:34 net packed injection: enabled 2018/10/08 07:30:34 net device setup: enabled [ 78.230348] random: crng init done 07:32:39 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000080)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, @in={0x2, 0x0, @multicast2}}}, 0x90) recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x34000}], 0x1, &(0x7f0000001400)=""/123, 0x7b}, 0x0) [ 200.924915] IPVS: ftp: loaded support on port[0] = 21 [ 203.248318] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.254917] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.263421] device bridge_slave_0 entered promiscuous mode [ 203.423242] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.429707] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.438211] device bridge_slave_1 entered promiscuous mode [ 203.574100] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.713113] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.135484] bond0: Enslaving bond_slave_0 as an active interface with an up link 07:32:43 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000180)='cgroup.subtree_control\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x0) [ 204.297892] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 204.674361] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 204.682001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.162935] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 205.171142] team0: Port device team_slave_0 added [ 205.258109] IPVS: ftp: loaded support on port[0] = 21 [ 205.366705] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 205.375076] team0: Port device team_slave_1 added [ 205.622283] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.811160] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 205.818333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.827280] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 206.006435] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 206.014214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.023481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.286022] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 206.293670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.302908] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.756719] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.763266] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.770186] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.776779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.785694] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 208.843614] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.850068] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.858662] device bridge_slave_0 entered promiscuous mode [ 208.872017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.108336] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.114947] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.123675] device bridge_slave_1 entered promiscuous mode [ 209.265003] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.555219] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 07:32:49 executing program 2: [ 210.488468] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.807678] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.857330] IPVS: ftp: loaded support on port[0] = 21 [ 211.099884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.107113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.356967] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.364130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.239586] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.247716] team0: Port device team_slave_0 added [ 212.560211] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.568395] team0: Port device team_slave_1 added [ 212.826455] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.838105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.847090] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.105197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 213.112395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.121232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.423034] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.430585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.439614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.728525] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 213.736314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.745501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.657124] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.663822] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.672417] device bridge_slave_0 entered promiscuous mode [ 215.960028] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.966639] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.975260] device bridge_slave_1 entered promiscuous mode [ 216.248975] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 216.549835] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 217.183248] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.189740] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.196799] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.203334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.212201] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.334665] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 217.423616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 217.561827] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.801082] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 217.808270] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 07:32:57 executing program 3: [ 218.145683] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.152883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.180987] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.189216] team0: Port device team_slave_0 added [ 219.225348] IPVS: ftp: loaded support on port[0] = 21 [ 219.561956] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.570074] team0: Port device team_slave_1 added [ 219.880545] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 219.889190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.898055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.238078] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 220.245301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.254464] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.560937] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.568623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.577693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.923559] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.969882] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 220.977914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.986770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.116340] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 223.538049] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 223.544505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.552497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.890116] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.896659] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.903653] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.910117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.918881] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 225.009695] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.267344] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.273907] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.282354] device bridge_slave_0 entered promiscuous mode [ 225.454804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.675653] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.682729] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.691087] device bridge_slave_1 entered promiscuous mode [ 226.109305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 226.408440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 07:33:06 executing program 4: [ 227.540756] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 227.965656] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 228.391512] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 228.398752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 228.788281] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 228.795545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 228.829443] IPVS: ftp: loaded support on port[0] = 21 [ 230.143852] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 230.152077] team0: Port device team_slave_0 added [ 230.634354] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 230.642523] team0: Port device team_slave_1 added [ 230.996541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 231.003901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.012773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.378285] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 231.385464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.394820] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.822093] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.829671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.838919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.139030] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.245497] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.253285] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.262352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.689032] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 235.302031] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 235.308374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 235.316458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 07:33:14 executing program 0: [ 235.719490] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.726069] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.734529] device bridge_slave_0 entered promiscuous mode 07:33:14 executing program 0: ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x80045510, 0x70e000) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x2484c1, 0x0) ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f0000000040)) [ 236.211127] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.217773] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.226239] device bridge_slave_1 entered promiscuous mode 07:33:15 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020d0000080000000000000000000000030007ed0000000002000000e00000010000000000000000030005000000000000000000000000000000000000000000"], 0x40}}, 0x0) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x2, 0x16, 0x6, 0xf, 0x21, 0x0, 0x70bd27, 0x25dfdbfb, [@sadb_key={0x1f, 0x9, 0x748, 0x0, "5f229a0fcca9fc32ccfa79aeac950bba0564c863d7dd2f13d06007f8f6f760bb6357f0e7021650e71dc2d8632a34d2a9cafce66bc84b55d293f207da7ed03a41a0e661ea9991503c97e45867e0407ade6413ed60c82b3eb566723bfaf0582d8c489eb4d6f5575ea61ce004724a0b278c559e08c6edaa9663e436bb01381aa3ea8b9617544a953c387036ad6a291e1747525b17e30a9b50b4839d1df20ff20762494ca95f14dfc1b523fe348d47484d3600a8299dc021dc9b331ef449b57dd39cdafd5159495990311aa307911a1cdc09c5b02ab1cf42b535c11545c1e53e542bebfe38aa41fc60ac93"}]}, 0x108}}, 0x2000c001) [ 236.646756] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 07:33:15 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000080)=[{&(0x7f00000003c0)="48000000150019fcd9e6e9e40013f35a0200db7879efe7155942b2e0d0ac7f09004b01c2445ea7c519f0dea30c5459520274bc9240e10520613057fff70000000000000000000000", 0x48}], 0x1) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x44800, 0x0) ioctl$KDSETKEYCODE(r2, 0x4b4d, &(0x7f0000000040)={0x35, 0xfffffffffffffff2}) fcntl$getown(r0, 0x9) [ 237.026106] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.074492] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.080943] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.087972] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.094482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.103058] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.122443] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 07:33:16 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="140004f1537b71c280b752000000000000000000"], 0x14}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000009f80)=@delpolicy={0x50, 0x14, 0x231, 0x0, 0x0, {{@in6=@loopback, @in=@loopback}}}, 0x50}, 0x8}, 0x0) syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x0, 0x4640) [ 237.773149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 07:33:16 executing program 0: unshare(0x24020400) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, 0xfffffffffffffffe, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.current\x00', 0x0, 0x0) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r1, 0x111, 0x2, 0x0, 0x4) [ 238.299617] bond0: Enslaving bond_slave_0 as an active interface with an up link 07:33:17 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x40, 0x4000) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040)=0x7f, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000021c0)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x80, 0x0, "f29427265179e3b65cd70809efc59669ffd9aa6c3f0746edc6b0a53addee053fcd8c7b47f3d4ea9b55d91afd4f60d1c1808c1f00a51c7e5d1336cd14adbfa14d694f6686cc678119a85444a3deb3600b"}, 0xd8) [ 238.764878] bond0: Enslaving bond_slave_1 as an active interface with an up link 07:33:17 executing program 0: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) memfd_create(&(0x7f0000000040)='\x00', 0x2) [ 239.251575] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 239.258866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.648604] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 239.655906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.738716] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 240.746886] team0: Port device team_slave_0 added [ 240.974989] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 240.983076] team0: Port device team_slave_1 added [ 241.266737] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.301243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 241.308418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.317287] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 241.568406] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 241.575611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 241.584386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 241.842332] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 241.850000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.858860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 242.053981] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 242.061486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 242.070451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.191274] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 243.275418] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.281916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.289648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.410345] 8021q: adding VLAN 0 to HW filter on device team0 07:33:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000080)="6567660f18470066b97e0900000f32baa000b8e479ef65650f968440680f20d86635080000000f22d8ba2000b00eee26d996f1000f23fabaf80c66b82087fc8266efbafc0c66b80090000066efbaf80c66b8c2f6428b66efbafc0cb80000ef", 0x5f}], 0x1, 0x0, &(0x7f0000000040), 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x76, 0x0, [0x48b]}) [ 244.643377] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 244.762476] ================================================================== [ 244.769891] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 244.776494] CPU: 0 PID: 7169 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #63 [ 244.783706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 244.793082] Call Trace: [ 244.795695] dump_stack+0x306/0x460 [ 244.799347] ? _raw_spin_lock_irqsave+0x227/0x340 [ 244.804208] ? vmx_create_vcpu+0x10df/0x7920 [ 244.808679] kmsan_report+0x1a3/0x2d0 [ 244.812531] __msan_warning+0x7c/0xe0 [ 244.816390] vmx_create_vcpu+0x10df/0x7920 [ 244.820677] ? kmsan_set_origin_inline+0x6b/0x120 [ 244.825599] ? __msan_poison_alloca+0x17a/0x210 [ 244.830305] ? vmx_vm_init+0x340/0x340 [ 244.834222] kvm_arch_vcpu_create+0x25d/0x2f0 [ 244.838746] kvm_vm_ioctl+0x13fd/0x33d0 [ 244.842765] ? __msan_poison_alloca+0x17a/0x210 [ 244.847506] ? do_vfs_ioctl+0x18a/0x2810 [ 244.851630] ? __se_sys_ioctl+0x1da/0x270 [ 244.855861] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 244.860758] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 244.865640] do_vfs_ioctl+0xcf3/0x2810 [ 244.869572] ? security_file_ioctl+0x92/0x200 [ 244.874115] __se_sys_ioctl+0x1da/0x270 [ 244.878143] __x64_sys_ioctl+0x4a/0x70 [ 244.882057] do_syscall_64+0xbe/0x100 [ 244.885903] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 244.891118] RIP: 0033:0x457579 [ 244.894342] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 244.913264] RSP: 002b:00007f73141c6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 244.921010] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 244.928299] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 244.935601] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 244.942903] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73141c76d4 [ 244.950187] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 244.957488] [ 244.959128] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 244.966059] Variable was created at: [ 244.969835] vmx_create_vcpu+0xd5/0x7920 [ 244.973914] kvm_arch_vcpu_create+0x25d/0x2f0 [ 244.978417] ================================================================== [ 244.985779] Disabling lock debugging due to kernel taint [ 244.991249] Kernel panic - not syncing: panic_on_warn set ... [ 244.991249] [ 244.998637] CPU: 0 PID: 7169 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #63 [ 245.007218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 245.016589] Call Trace: [ 245.019213] dump_stack+0x306/0x460 [ 245.022900] panic+0x54c/0xafa [ 245.026182] kmsan_report+0x2cd/0x2d0 [ 245.030032] __msan_warning+0x7c/0xe0 [ 245.033886] vmx_create_vcpu+0x10df/0x7920 [ 245.038154] ? kmsan_set_origin_inline+0x6b/0x120 [ 245.043024] ? __msan_poison_alloca+0x17a/0x210 [ 245.047753] ? vmx_vm_init+0x340/0x340 [ 245.051675] kvm_arch_vcpu_create+0x25d/0x2f0 [ 245.056211] kvm_vm_ioctl+0x13fd/0x33d0 [ 245.060223] ? __msan_poison_alloca+0x17a/0x210 [ 245.064929] ? do_vfs_ioctl+0x18a/0x2810 [ 245.069024] ? __se_sys_ioctl+0x1da/0x270 [ 245.073195] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 245.078060] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 245.082940] do_vfs_ioctl+0xcf3/0x2810 [ 245.086881] ? security_file_ioctl+0x92/0x200 [ 245.091415] __se_sys_ioctl+0x1da/0x270 [ 245.095426] __x64_sys_ioctl+0x4a/0x70 [ 245.099334] do_syscall_64+0xbe/0x100 [ 245.103166] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 245.108376] RIP: 0033:0x457579 [ 245.111590] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 245.130526] RSP: 002b:00007f73141c6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 245.138288] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 245.145575] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 245.152863] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 245.160181] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f73141c76d4 [ 245.167498] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 245.175780] Kernel Offset: disabled [ 245.179425] Rebooting in 86400 seconds..