[....] Starting OpenBSD Secure Shell server: sshd[ 50.577979] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 50.926147] audit: type=1800 audit(1538964160.981:29): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 50.945517] audit: type=1800 audit(1538964160.991:30): pid=5932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 53.399876] random: sshd: uninitialized urandom read (32 bytes read) [ 53.842861] random: sshd: uninitialized urandom read (32 bytes read) [ 55.385952] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts. [ 61.275245] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 02:02:53 fuzzer started [ 65.466001] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 02:02:57 dialing manager at 10.128.0.26:36867 2018/10/08 02:02:57 syscalls: 1 2018/10/08 02:02:57 code coverage: enabled 2018/10/08 02:02:57 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 02:02:57 setuid sandbox: enabled 2018/10/08 02:02:57 namespace sandbox: enabled 2018/10/08 02:02:57 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 02:02:57 fault injection: enabled 2018/10/08 02:02:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 02:02:57 net packed injection: enabled 2018/10/08 02:02:57 net device setup: enabled [ 70.564926] random: crng init done 02:04:35 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) write$cgroup_int(r2, &(0x7f0000000980), 0xffffff4d) close(r2) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00) ioctl(r0, 0x8912, &(0x7f0000000180)="153f6234488dd25d766070") socket$inet(0x2, 0x0, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x1f00000000000000, 0x0, &(0x7f0000000000), 0x3c) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000200)={@rand_addr, @multicast2}, &(0x7f0000000240)=0xc) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0106418, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f00000002c0), &(0x7f0000000300)=0x18) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f00000000c0)) [ 166.254228] IPVS: ftp: loaded support on port[0] = 21 [ 168.377890] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.384476] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.392718] device bridge_slave_0 entered promiscuous mode [ 168.512158] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.518583] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.526816] device bridge_slave_1 entered promiscuous mode [ 168.644017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 168.761954] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 169.129457] bond0: Enslaving bond_slave_0 as an active interface with an up link 02:04:39 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x0) [ 169.252729] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.864362] IPVS: ftp: loaded support on port[0] = 21 [ 170.103608] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 170.111467] team0: Port device team_slave_0 added [ 170.285734] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 170.293663] team0: Port device team_slave_1 added [ 170.439910] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 170.446991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.455777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.634074] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 170.641080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.649747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.773903] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 170.811789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.820610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.953762] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 170.961248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.970107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.970546] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.977161] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.985538] device bridge_slave_0 entered promiscuous mode [ 173.144015] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.150455] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.159220] device bridge_slave_1 entered promiscuous mode [ 173.172854] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.179294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.186238] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.192793] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.201282] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 173.364006] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.602775] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 173.932462] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.087074] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.212799] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 174.359782] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 174.366940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.515466] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 174.522650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 02:04:44 executing program 2: sched_setaffinity(0x0, 0xfffffffffffffcbf, &(0x7f00000000c0)=0x8000009) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000d80)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, &(0x7f000000a000)) chdir(&(0x7f0000000000)='./file0\x00') r0 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) ftruncate(r0, 0x280080) sendfile(r0, r0, &(0x7f0000000100), 0x2008000fffffffb) [ 175.083665] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.091713] team0: Port device team_slave_0 added [ 175.385345] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.393320] team0: Port device team_slave_1 added [ 175.403760] IPVS: ftp: loaded support on port[0] = 21 [ 175.705366] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 175.712492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.721064] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.018796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.026009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.034720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.261732] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.269214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.278274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 176.557603] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 176.565184] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.574047] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.105642] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.112191] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.119073] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.125666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.134719] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.261822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.482032] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.488494] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.496787] device bridge_slave_0 entered promiscuous mode [ 179.793820] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.800284] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.808770] device bridge_slave_1 entered promiscuous mode [ 180.072795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 180.347651] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.154039] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.434482] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.695635] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.702854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.944270] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.951679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 02:04:52 executing program 3: mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0) futex(&(0x7f0000004000), 0x400000085, 0x0, &(0x7f0000001ff0), &(0x7f0000000180), 0x0) [ 182.691145] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.699044] team0: Port device team_slave_0 added [ 182.991118] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.999080] team0: Port device team_slave_1 added [ 183.304197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.311250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.320054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.432808] IPVS: ftp: loaded support on port[0] = 21 [ 183.672451] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.679466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.688104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.772951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.995788] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 184.003373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.012212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.331248] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 184.338871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.347750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.918253] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.012949] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.019280] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.027128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.201966] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.732844] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.739295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.746245] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.752731] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.761112] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 188.033161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.499731] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.506456] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.514739] device bridge_slave_0 entered promiscuous mode [ 188.851448] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.858075] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.866157] device bridge_slave_1 entered promiscuous mode [ 189.275501] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.505269] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.406203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.498076] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.841105] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.156913] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 191.164209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.386880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 191.394166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.652124] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 02:05:02 executing program 4: r0 = socket$inet_dccp(0x2, 0x6, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000240)='team\x00', 0xffffffffffffffff}, 0x30) fcntl$lock(r0, 0x6, &(0x7f0000000600)={0x1, 0x3, 0x5, 0x9, r1}) ptrace$setregset(0x4205, 0x0, 0x2, &(0x7f0000000500)={&(0x7f0000000440)="de0fef96653bfe48b276187305dfa39246036bb5eeee4deedfc0c5efa80fe0570b228621f5d177291dc8929d944bd858f7efddd21340d9aa2d5aa73e133bc4567721e3893b53d1af997fc1b0f347a99da1250a615aa3605fff69d306c80328053a4b4ddefa0785569683041e31e90893eccffc6383454c30dee9c3532b5a99625ca3ebd7bd2644e563918d3298b9875be4f436ed87f8cf3d07b3e06196a297e8", 0xa0}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in6, @in6=@remote}}, {{@in6=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000400)=0xe8) ioctl$PERF_EVENT_IOC_REFRESH(r2, 0x2402, 0x40000000000200) recvmmsg(0xffffffffffffff9c, &(0x7f0000004440)=[{{&(0x7f0000001bc0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001c40)=""/37, 0x25}], 0x1, &(0x7f0000002000)=""/112, 0x70}}], 0x1, 0x0, &(0x7f00000045c0)={0x0, 0x989680}) ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, {0x306, @broadcast}, 0x0, {0x2, 0x4e20, @rand_addr=0x1}, 'teql0\x00'}) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0x14) r4 = memfd_create(&(0x7f0000000640)='u:object_r:app_data_file:s0:c512,c768\x00', 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000540), &(0x7f0000000580)=0x4) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000006c0)={r3, 0x1f, 0x9}, 0x10) write$selinux_attr(r4, &(0x7f0000000140)='u:object_r:app_data_file:s0:c512,c768\x00', 0x26) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000005c0)='status\x00') preadv(r5, &(0x7f00000017c0), 0x1fe, 0x0) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r4, 0x84, 0x78, &(0x7f0000000080)=r3, 0x4) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='scalable\x00', 0x9) sendto$inet(r6, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x2000560e, &(0x7f0000e68000)={0x2, 0x0, @local, [0x0, 0x2]}, 0x10) [ 192.355947] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 192.363830] team0: Port device team_slave_0 added [ 192.751198] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 192.759341] team0: Port device team_slave_1 added [ 193.076294] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.082723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.090410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.213657] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 193.220687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.229301] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.527964] IPVS: ftp: loaded support on port[0] = 21 [ 193.544893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 193.552050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.560602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.877660] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 193.885248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.893987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.254355] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 194.262117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.270863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.530718] 8021q: adding VLAN 0 to HW filter on device team0 02:05:05 executing program 0: mount(&(0x7f00000003c0)=ANY=[@ANYRESHEX], &(0x7f0000000200)='./file1\x00', &(0x7f0000000280)='mslos\x00', 0x0, &(0x7f0000000300)) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0x29f, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xffffffffffffff04, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)=""/20, 0x14}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x20000001, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28) sendto$inet6(r0, &(0x7f00000005c0), 0xf4002, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x1c) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x0) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000400)=ANY=[], 0x0) [ 195.634765] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 02:05:07 executing program 0: bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000200)='ip6_vti0\x00', 0x10) ppoll(&(0x7f0000000040)=[{}, {}], 0x2, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0), 0x8) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) write$evdev(r2, &(0x7f0000000000)=[{{0x77359400}}, {}], 0x20) sendto$inet(0xffffffffffffffff, &(0x7f0000d7cfcb), 0xfffffffffffffe8f, 0x0, &(0x7f0000893ff0), 0x10) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000000c0)="6c6f0000000000000000000000000200", 0x10) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000140)) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0xe, 0x4, 0x4b8, 0x0, 0x118, 0x330, 0x118, 0x330, 0x420, 0x420, 0x420, 0x420, 0x420, 0x4, &(0x7f0000000180), {[{{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@addrtype={0x30, 'addrtype\x00', 0x0, {0x50, 0x1, 0x0, 0x1}}, @common=@icmp={0x28, 'icmp\x00', 0x0, {0x11, 0x7fff, 0x4}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x10}, @multicast2, 0xffffff00, 0xff000000, 'bcsh0\x00', 'bridge0\x00', {}, {}, 0x5e, 0x2, 0x10}, 0x0, 0x1f0, 0x218, 0x0, {}, [@common=@inet=@hashlimit3={0x158, 'hashlimit\x00', 0x3, {'ifb0\x00', {0x5, 0x8, 0x40, 0x7fff, 0x3, 0xfffffffffffffffc, 0x800, 0x1, 0x40, 0x40}, 0x6}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x8, 0x5}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1, 0x3, 0x200}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x518) [ 198.343483] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.349950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.356968] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.363503] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.371694] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 02:05:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x8000000002) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0xb, 0x20011, r0, 0x36) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x101, 0x40) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, &(0x7f0000000080)) [ 198.941943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 02:05:09 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountstats\x00') r1 = socket$inet6(0xa, 0x1000000000002, 0x0) fcntl$setlease(r0, 0x400, 0x1) exit(0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@sack_info={0x0, 0x80000000, 0x100000001}, &(0x7f0000000080)=0xc) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={r2, 0x2, 0x20}, &(0x7f0000000140)=0xc) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') dup3(r1, r0, 0x0) [ 199.793096] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.799696] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.807977] device bridge_slave_0 entered promiscuous mode [ 200.194153] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.200689] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.208944] device bridge_slave_1 entered promiscuous mode 02:05:10 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0xfffffffffffffe88) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x3c, &(0x7f0000000000)=[@in={0x2, 0x4e21, @loopback}, @in={0x2, 0x4e22, @remote}, @in6={0xa, 0x4e23, 0x5, @loopback, 0x4}]}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000001c0)={0x3, 0x4, 0x8008, 0x2, 0x5, 0x4000000000003, 0x80000de1, 0x8, r1}, 0xffffffffffffff1b) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000180)=0x14) [ 200.656616] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 02:05:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = epoll_create(0x5) r2 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xae4, 0x1) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000100)=0x900, 0x4) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000fddfff)) fdatasync(r1) r3 = syz_open_pts(r0, 0x0) close(r0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r3, &(0x7f0000000000)) [ 201.004357] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 02:05:11 executing program 0: open(&(0x7f00007e2ff8)='./file0\x00', 0x80040, 0x0) r0 = open(&(0x7f00007e2ff8)='./file0\x00', 0x202000, 0x2) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0xc000, 0x0) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) 02:05:11 executing program 0: getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000000)={{{@in6=@mcast1, @in6=@local}}, {{@in6}, 0x0, @in=@rand_addr}}, &(0x7f0000000100)=0xe8) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) ioprio_set$uid(0x4, r0, 0xffffffffffffffff) [ 202.129935] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 202.408263] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 202.522171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.704851] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 202.712079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.970082] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 202.977430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 02:05:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}) mount(&(0x7f0000000140)=ANY=[@ANYBLOB="346465762f73673000c965fb53c1ebcbf101a2e020b3c7931bf30a0c13fc17adbb7e6bd212ef52bc3d063124a2837482a95fdbd1299573828b84d15dc6f2a9d59715819fad599848a3b160cf7864099e828475ea257ce1919add1976fe35d21cdcf63b609282ec1ebcfc273130c207b0b365b18708b30b305b7b3209a8751b947841f777a49e627f4e98aa51f136000000000000000000000000000024ec302c977ccaf759a1372901a4c2515fb23307e9a5d007ad24b37bf8e6dacaab33e89f6f982f8e5da954ff2b67d428f04be682a5fbfc321f2e339280fdc162107d9e1b7a936ca8ebd1712406b8c4625c2cbe7119c4bb825515d40d4ad65335f280aea0646eb50000000000000000000000000000"], &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='ncpfs\x00', 0x1084, &(0x7f00000000c0)=',\x00') ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) utimensat(0xffffffffffffffff, &(0x7f0000f8eff8)='./file0\x00', &(0x7f0000f84fe0)={{0x0, 0x3ffffffe}, {0x0, 0x2710}}, 0x0) [ 203.550947] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 203.831413] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 203.839387] team0: Port device team_slave_0 added [ 204.029746] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.037753] team0: Port device team_slave_1 added [ 204.200714] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 204.208080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.216004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.230311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.247509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.256410] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.465102] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.472352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.480720] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.676754] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 204.684376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.693073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.837609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 204.845203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.853931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.019695] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.151146] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.158126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.165112] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.171670] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.179761] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 207.186475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.753070] 8021q: adding VLAN 0 to HW filter on device bond0 02:05:19 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000280)={0x77, 0x0, [0x4b564d03, 0x1, 0x48]}) [ 209.494781] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 209.523798] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.557563] ================================================================== [ 209.564991] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 209.571590] CPU: 0 PID: 7238 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #63 [ 209.578786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.588146] Call Trace: [ 209.590749] dump_stack+0x306/0x460 [ 209.594393] ? _raw_spin_lock_irqsave+0x227/0x340 [ 209.599245] ? vmx_create_vcpu+0x10df/0x7920 [ 209.603682] kmsan_report+0x1a3/0x2d0 [ 209.607518] __msan_warning+0x7c/0xe0 [ 209.611340] vmx_create_vcpu+0x10df/0x7920 [ 209.615593] ? kmsan_set_origin_inline+0x6b/0x120 [ 209.620446] ? __msan_poison_alloca+0x17a/0x210 [ 209.625136] ? vmx_vm_init+0x340/0x340 [ 209.629043] kvm_arch_vcpu_create+0x25d/0x2f0 [ 209.633560] kvm_vm_ioctl+0x13fd/0x33d0 [ 209.637559] ? __msan_poison_alloca+0x17a/0x210 [ 209.642251] ? do_vfs_ioctl+0x18a/0x2810 [ 209.646333] ? __se_sys_ioctl+0x1da/0x270 [ 209.650500] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 209.655358] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 209.660217] do_vfs_ioctl+0xcf3/0x2810 [ 209.664138] ? security_file_ioctl+0x92/0x200 [ 209.668660] __se_sys_ioctl+0x1da/0x270 [ 209.672667] __x64_sys_ioctl+0x4a/0x70 [ 209.676578] do_syscall_64+0xbe/0x100 [ 209.680482] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 209.685683] RIP: 0033:0x457579 [ 209.688897] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.707817] RSP: 002b:00007fa9f0006c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 209.715547] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 209.722826] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 209.730105] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 209.737388] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa9f00076d4 [ 209.744663] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 209.751958] [ 209.753591] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 209.760512] Variable was created at: [ 209.764237] vmx_create_vcpu+0xd5/0x7920 [ 209.768304] kvm_arch_vcpu_create+0x25d/0x2f0 [ 209.772806] ================================================================== [ 209.780171] Disabling lock debugging due to kernel taint [ 209.785623] Kernel panic - not syncing: panic_on_warn set ... [ 209.785623] [ 209.793007] CPU: 0 PID: 7238 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #63 [ 209.801589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.810947] Call Trace: [ 209.813549] dump_stack+0x306/0x460 [ 209.817210] panic+0x54c/0xafa [ 209.820452] kmsan_report+0x2cd/0x2d0 [ 209.824276] __msan_warning+0x7c/0xe0 [ 209.828096] vmx_create_vcpu+0x10df/0x7920 [ 209.832345] ? kmsan_set_origin_inline+0x6b/0x120 [ 209.837206] ? __msan_poison_alloca+0x17a/0x210 [ 209.841903] ? vmx_vm_init+0x340/0x340 [ 209.845812] kvm_arch_vcpu_create+0x25d/0x2f0 [ 209.850329] kvm_vm_ioctl+0x13fd/0x33d0 [ 209.854329] ? __msan_poison_alloca+0x17a/0x210 [ 209.859020] ? do_vfs_ioctl+0x18a/0x2810 [ 209.863096] ? __se_sys_ioctl+0x1da/0x270 [ 209.867263] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 209.872127] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 209.876994] do_vfs_ioctl+0xcf3/0x2810 [ 209.880913] ? security_file_ioctl+0x92/0x200 [ 209.885432] __se_sys_ioctl+0x1da/0x270 [ 209.889433] __x64_sys_ioctl+0x4a/0x70 [ 209.893338] do_syscall_64+0xbe/0x100 [ 209.897155] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 209.902348] RIP: 0033:0x457579 [ 209.905552] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.924467] RSP: 002b:00007fa9f0006c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 209.932189] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 209.939463] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 209.946739] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 209.954021] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa9f00076d4 [ 209.961305] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 209.969729] Kernel Offset: disabled [ 209.973354] Rebooting in 86400 seconds..