[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   59.427814] sshd (6154) used greatest stack depth: 53184 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[   59.695639] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   60.824890] random: sshd: uninitialized urandom read (32 bytes read)
[   61.252645] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   63.643107] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
[   69.382216] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/11 12:35:32 fuzzer started
[   73.873126] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/11 12:35:37 dialing manager at 10.128.0.26:39089
2018/10/11 12:35:37 syscalls: 1
2018/10/11 12:35:37 code coverage: enabled
2018/10/11 12:35:37 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/11 12:35:37 setuid sandbox: enabled
2018/10/11 12:35:37 namespace sandbox: enabled
2018/10/11 12:35:37 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/11 12:35:37 fault injection: enabled
2018/10/11 12:35:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/11 12:35:37 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory)
2018/10/11 12:35:37 net device setup: enabled
[   78.798865] random: crng init done
12:37:34 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='map_files\x00')
fchdir(r0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0x8912, &(0x7f0000000200)="153f6234488dd25d766070")
quotactl(0x2080000201, &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000380)='0')

[  194.693611] IPVS: ftp: loaded support on port[0] = 21
[  196.067378] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.074044] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.082937] device bridge_slave_0 entered promiscuous mode
[  196.226331] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.232923] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.241478] device bridge_slave_1 entered promiscuous mode
[  196.383279] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  196.521764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  196.969446] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  197.116066] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  197.402927] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  197.410057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  197.851006] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  197.859872] team0: Port device team_slave_0 added
12:37:39 executing program 1:
r0 = socket$inet(0x2, 0xa, 0x0)
perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)

[  198.000486] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  198.008723] team0: Port device team_slave_1 added
[  198.298283] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  198.456398] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  198.463629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  198.472942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  198.756200] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  198.763927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  198.773224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  198.989236] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  198.996817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  199.006118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  199.114373] IPVS: ftp: loaded support on port[0] = 21
[  200.997239] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.003805] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.012590] device bridge_slave_0 entered promiscuous mode
[  201.190382] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.197022] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.205723] device bridge_slave_1 entered promiscuous mode
[  201.478270] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  201.696935] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  201.707113] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.713655] bridge0: port 2(bridge_slave_1) entered forwarding state
[  201.720809] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.727392] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.736557] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  202.162370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  202.358921] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  202.615835] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  202.916602] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  202.923842] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  203.148088] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  203.155325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  203.856674] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  203.865291] team0: Port device team_slave_0 added
12:37:45 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)="504c20004cf7d12af11ce92537b5e3191e66de5d4ec18e4c2df01484a86d77842f624946eae310794c8c96ff1466232e25951139bda5d2990e523f8ec3080ffc1224d8dc4c84a9c8e8ab31576806715523fa749e8615c61049b8b1be6aa7740702cc5add", 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x0, 0xe, 0x9e, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8", &(0x7f0000000200)=""/158, 0x1000}, 0x28)

[  204.090374] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  204.098636] team0: Port device team_slave_1 added
[  204.446404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  204.453564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  204.462634] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  204.728213] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  204.735386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  204.744520] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  205.113367] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  205.120938] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  205.130157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  205.314408] IPVS: ftp: loaded support on port[0] = 21
[  205.429851] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  205.437584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  205.446884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  208.203916] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.210404] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.219067] device bridge_slave_0 entered promiscuous mode
[  208.521192] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.527828] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.536635] device bridge_slave_1 entered promiscuous mode
[  208.801227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  208.896501] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.903076] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.910066] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.916695] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.925697] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  208.950080] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  209.862403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  209.930897] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  210.218314] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  210.516828] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  210.524196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  210.765891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  210.773110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  211.706032] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  211.714410] team0: Port device team_slave_0 added
[  211.949277] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  211.957576] team0: Port device team_slave_1 added
[  212.316136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  212.323483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  212.332590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.584691] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  212.594423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  212.603506] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
12:37:53 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10)
sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2]}, 0x10)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")

[  212.820920] 8021q: adding VLAN 0 to HW filter on device bond0
[  212.982461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  212.990098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.999394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  213.409499] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  213.417212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  213.426503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  214.224947] IPVS: ftp: loaded support on port[0] = 21
[  214.350070] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  215.585438] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  215.592031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  215.600163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  217.031091] 8021q: adding VLAN 0 to HW filter on device team0
[  217.450633] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.457193] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.464254] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.470713] bridge0: port 1(bridge_slave_0) entered forwarding state
[  217.479609] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  217.623171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  217.716882] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.724044] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.732755] device bridge_slave_0 entered promiscuous mode
[  218.123221] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.129703] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.138490] device bridge_slave_1 entered promiscuous mode
[  218.455425] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  218.720557] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  219.810678] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  220.160172] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  220.489646] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  220.496867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  220.853661] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  220.860793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  221.935514] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  221.944050] team0: Port device team_slave_0 added
[  222.279297] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  222.287746] team0: Port device team_slave_1 added
[  222.662452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  222.669625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  222.678902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
12:38:03 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080))
r2 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000440)={{&(0x7f0000012000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$sndtimer(&(0x7f0000f85ff1)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x3})
dup3(r2, r3, 0x0)
dup3(r2, r1, 0x0)

[  223.062537] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  223.069661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  223.078852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  223.463109] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.498879] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  223.506570] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  223.515766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  223.925313] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  223.933280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  223.942720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  224.865554] IPVS: ftp: loaded support on port[0] = 21
[  225.248986] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  227.038867] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  227.045477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  227.053709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
12:38:08 executing program 0:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)

12:38:08 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x4a000, 0x0)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x100000001, 0x2, 0x4, 0x7, 0x61, 0x9, 0x2}, 0x1c)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f00000000c0)={0x8000, 0x2, 0x59, 'queue1\x00'})
sendmsg$nl_netfilter(r0, &(0x7f00000004c0)={&(0x7f0000de2ff4), 0xc, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000000a0a0300000000000000000000020000"], 0x14}}, 0x0)

12:38:09 executing program 0:
r0 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x1, 0x480002)
dup2(r0, r0)
r1 = dup2(r0, r0)
ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x0, 0xe4215745d627d41c, 0x1, r1})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f0000000100))

12:38:09 executing program 0:
r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x80000000005, 0x5)
ioctl$TCSBRK(r0, 0x5409, 0x80000001)
ioctl$FS_IOC_FSGETXATTR(r0, 0x8008551d, &(0x7f0000000240)={0x0, 0x3, 0xd81})

[  228.597008] usb usb3: usbfs: process 6927 (syz-executor0) did not claim interface 0 before use
[  228.627066] usb usb3: usbfs: process 6928 (syz-executor0) did not claim interface 0 before use
[  228.778717] 8021q: adding VLAN 0 to HW filter on device team0
12:38:09 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070")
r1 = socket$inet(0x2b, 0x80000000000001, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0xfffffffffffffd63)
sendmmsg(r1, &(0x7f0000000780)=[{{&(0x7f0000000140)=@nl=@unspec, 0x384, &(0x7f0000000040), 0x0, &(0x7f00000001c0)}}], 0x102, 0x0)

[  229.126282] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.132849] bridge0: port 2(bridge_slave_1) entered forwarding state
[  229.139811] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.146487] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.155106] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  229.196932] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.203557] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.212163] device bridge_slave_0 entered promiscuous mode
12:38:10 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
poll(&(0x7f0000000140)=[{r0, 0x6}, {r0, 0x2589}, {r0, 0x2}, {r0, 0x8010}], 0x4, 0x400)
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x34, 0x1)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000011c0)="b5", 0x1}], 0x1)
writev(r1, &(0x7f00000000c0), 0x10000000000000a4)
ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000040)=""/131)
r2 = getpid()
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000240)={0xfffffffffffffffe, 0x100, 0x7, 0xffffffff, 0xffffffffffffffff})
ioctl$TIOCMBIC(r1, 0x5417, &(0x7f0000000280)=0xce)
sched_setaffinity(r2, 0x8, &(0x7f0000000200)=0x8)

[  229.664644] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.671229] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.679796] device bridge_slave_1 entered promiscuous mode
[  229.863091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  230.186217] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  230.591459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
12:38:11 executing program 0:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x420401, 0x0)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000040)=0x42e)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='bpq0\x00', 0x10)
sendmsg$netlink(r1, &(0x7f0000005700)={&(0x7f0000000080), 0xc, &(0x7f0000005600)=[{&(0x7f0000000200)={0x10, 0x27, 0x200, 0x70bd25, 0x25dfdbfc}, 0x10}, {&(0x7f00000022c0)=ANY=[@ANYBLOB="10000002320019000000000000000000"], 0x10}], 0x2, &(0x7f00000056c0), 0x0, 0x4004800}, 0x80)
sendmsg$nl_route(r1, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_getmulticast={0x14, 0x3a, 0x10, 0x70bd25, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000000)

12:38:12 executing program 0:
r0 = socket$inet6(0xa, 0x801, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet6(0xa, 0x2000000802, 0x0)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000240)=@routing, 0x8)
setsockopt$inet6_opts(r0, 0x29, 0x3f, &(0x7f0000000040)=@routing={0x3c, 0x6, 0x0, 0x3, 0x0, [@dev={0xfe, 0x80, [], 0x13}, @mcast1, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1f}}]}, 0x38)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f000089b000)=0x1, 0x4)
sendmsg(r1, &(0x7f0000000000)={&(0x7f0000000100)=@in6={0xa, 0x4e24, 0x800, @dev}, 0x80, &(0x7f0000000180), 0x0, &(0x7f0000000200)}, 0x0)

[  232.095100] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  232.468093] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  232.841885] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  232.848993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  233.148483] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  233.155714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  234.310347] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  234.318687] team0: Port device team_slave_0 added
[  234.355101] 8021q: adding VLAN 0 to HW filter on device bond0
[  234.629363] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  234.637761] team0: Port device team_slave_1 added
[  234.990377] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  234.997604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  235.006553] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  235.379395] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  235.386715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  235.395568] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  235.694779] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  235.703384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  235.712435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  235.754731] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  236.035098] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  236.042957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  236.051995] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  236.757228] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  236.763705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  236.771506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  237.235073] syz-executor1 uses obsolete (PF_INET,SOCK_PACKET)
12:38:18 executing program 1:

[  237.852009] 8021q: adding VLAN 0 to HW filter on device team0
[  239.199534] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.206151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  239.213240] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.219711] bridge0: port 1(bridge_slave_0) entered forwarding state
[  239.228199] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  239.235006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  241.639749] 8021q: adding VLAN 0 to HW filter on device bond0
[  242.547910] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  243.409755] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  243.416314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  243.424544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
12:38:24 executing program 2:

[  244.153017] 8021q: adding VLAN 0 to HW filter on device team0
[  246.646207] 8021q: adding VLAN 0 to HW filter on device bond0
[  247.190011] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  247.569579] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  247.723722] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  247.730092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  247.738708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  248.088652] 8021q: adding VLAN 0 to HW filter on device team0
12:38:29 executing program 3:

12:38:31 executing program 0:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x1f, 0x0, "8c0eb7912a86ff3e23764a3c01af55410c3d3f813a4513a691be997c7ee1235982875b8ae5c27fc73eb383beca956b51a34191ad3a9f70ebee5f1d003dcd4427c273be993dd363cc8f36cc7f609a2371"}, 0xd8)
r1 = dup(r0)
ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000000)={0x65968907, 0xfbd7, 0x5, 0xad, 0x40})
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmsg$rds(r1, &(0x7f0000001e80)={&(0x7f0000000100)={0x2, 0x0, @rand_addr}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)=""/63, 0x3f}], 0x1, &(0x7f0000001d40)}, 0x8080)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000400)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000003c0)}}, 0x20)

12:38:31 executing program 4:

12:38:31 executing program 1:

12:38:31 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x80200, 0x0)
ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000040)=0x1)
ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x1a)
io_setup(0x1, &(0x7f0000000080)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f0000000240)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x7, 0x2, r0, &(0x7f00000000c0), 0x0, 0xfb8, 0x0, 0x2, r0}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x90, r0, &(0x7f0000000140)="d4fe9eb8b816a77a13acbed0cd39ee4392d85bd889e6feb0bb8148e5b4eaa3c034518f8cba4f8d63f91eb668a83a36487e87c197220bf4ccd26a450cd678a3de4890a52b88d1f36520b32872df7818c0d3372d91f46ca3f71b3445f6e93a4c26cd19b626634f66c298957cbd010b67df8fe6b47c03914b4d1597a68827ae79839029e997f312b37711aedcd8c1a0ba5d81de8b23", 0x94, 0x100, 0x0, 0x2, r0}])
getsockopt$inet6_tcp_buf(r0, 0x6, 0xcdbb1f2ff50f3133, &(0x7f0000000280)=""/234, &(0x7f0000000380)=0xea)
ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead)
write$P9_RLERROR(r0, &(0x7f00000003c0)={0x14, 0x7, 0x2, {0xb, '/dev/audio\x00'}}, 0x14)
ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000400))
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1})
ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000480)=""/146)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000540)={<r2=>0x0, @in6={{0xa, 0x4e20, 0x8, @ipv4={[], [], @multicast1}, 0x3}}, 0x100000001, 0x7fffffff, 0x2, 0x200, 0x80}, &(0x7f0000000600)=0x98)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000640)={r2, 0x2}, &(0x7f0000000680)=0x8)
ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f00000006c0)={0x0, 0x3})
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000740)='fou\x00')
sendmsg$FOU_CMD_GET(r3, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x34, r4, 0x20, 0x70bd2a, 0x25dfdbfe, {}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0x2f}, @FOU_ATTR_AF={0x8, 0x2, 0xa}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x2c}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004880}, 0x20000000)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000840)={<r5=>0x0})
ioctl$DRM_IOCTL_DMA(r0, 0xc0406429, &(0x7f0000000980)={r5, 0x3, &(0x7f0000000880)=[0x9, 0x401, 0x7], &(0x7f00000008c0)=[0x100, 0xecd], 0x5, 0x1, 0xffffffff, &(0x7f0000000900)=[0x9], &(0x7f0000000940)=[0x7, 0x3, 0x1ff]})
r6 = semget$private(0x0, 0x0, 0x40)
semctl$GETALL(r6, 0x0, 0xd, &(0x7f00000009c0)=""/239)
pread64(r0, &(0x7f0000000ac0)=""/22, 0x16, 0x0)
prctl$setendian(0x14, 0x3)
sysfs$1(0x1, &(0x7f0000000b00)='\x00')
setsockopt$inet6_opts(r0, 0x29, 0x3f, &(0x7f0000000b40)=@srh={0x7f, 0x4, 0x4, 0x2, 0x1, 0x8, 0xb4, [@ipv4={[], [], @loopback}, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x19}}]}, 0x28)
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000b80))
write$P9_RREAD(r0, &(0x7f0000000bc0)={0x4d, 0x75, 0x1, {0x42, "d385dfadc7bc3adf8b369830ac322866c3c10743295556c837b7c94bce7965b529de4ea83ca7e1ab1114b90c7f03a6b21ae8139fe4fe470385be160339e4af5ced2b"}}, 0x4d)
write$P9_RATTACH(r0, &(0x7f0000000c40)={0x14, 0x69, 0x2, {0x5, 0x3, 0x5}}, 0x14)
write$binfmt_aout(r0, &(0x7f0000000c80)={{0xba4156f90236f163, 0xe9c2, 0x9, 0x2e4, 0xda, 0x80000001, 0x2a8, 0x5}, "a346d23e70889feab551e5b79c1786718a2f2e7c9c74889acd599853724783485d060412a7eced6f8f331ff18e6fe6a25c4d30c70d245e8e65a8a8a33ea27506c0090fc40b1623cc387ecbc5de245242b9f5740fa3eac441e2edce689f13d4a56ee07478ada09d56b347abdfd5a19bd1dbfd46cffb98753cbe0f2fd6656573dd1b0b014302b94cb50a964addfcab1a30681afc85abf5c70e5b3184ee20ef432c30e04809f769bf6d5cfd2f74a378e682a8eb9dc8fe9b5c8cbd74ccfe83f25a837a8f8d2a5f0cbe5489", [[], [], [], [], [], [], []]}, 0x7e9)

12:38:31 executing program 2:

12:38:31 executing program 3:

[  250.505879] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
12:38:31 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa002]}, 0x6)

12:38:31 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00')
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000030c0)={'team0\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000003c00)={&(0x7f0000000040), 0xc, &(0x7f0000003bc0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00020038000100240001006c625f73746174735f7265667265736824000000080003005b00000008000400000000000000000000000000000000001edb572868a2e3ac58690860c2d25235a8bd58aa17687be02a5e45bd969f5bb9b57f0e9613094a7fd3302fdbe00a06d2dc0080c368a3fb1e9fe63f98b3dba4cfe122197c923b2b5bd9"], 0x1}}, 0x0)

12:38:31 executing program 0:
clone(0x820002102011ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)

12:38:31 executing program 1:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socket$kcm(0x2, 0x3, 0x2)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x8915, &(0x7f0000000040)=0x2)

12:38:32 executing program 4:
close(0xffffffffffffffff)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)="2f02726f75702e7374617000", 0x2761, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)="2f02726f75702e7374617000", 0x2761, 0x0)
write$cgroup_type(r1, &(0x7f0000000040)='threaded\x00', 0xb07a891d)
gettid()
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40087602, 0x20000001)
close(r0)
socket$kcm(0x2, 0x0, 0x2)

12:38:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'lo\x00'})
sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="08000200ffffffff1400030000000008000000000000"], 0x1}}, 0x0)

12:38:32 executing program 0:
r0 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$kcm(r0, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @mcast2}, 0x80, &(0x7f0000000380)=[{&(0x7f00000032c0)="507c6213a463fb7e6dd403834e5cd8181c255908788aad13f7ba66ae7175108a607017a2fe7900148afbc69617d5c2e73927393cf65abb5936002c3b4753d2c9ba2ad9a5952b2fa26c031daeee8474e91104e7c7f9fa70c982dc1b454b210115d1a0ec479bc803f4f1232ef3fe3821cc0d5f0844917ebb2cf9b8f58e613bfdfffe9de1b100a5739e811e1eca29b8e040b3f043b4196bbb27eb15ed30b266c1bc1b3e9114f87d2e837ad10fae7a5605cd832be6f416cd2b14b646ac7edba5c852d3e94ed84232cc3927d60dc265c25d4939bd64eff237b47b8aea30f785b47b09b0b7e960576bede3b37051e32712666d6a3d9b64bd8c1c14d322b9e6f845aecf3b28f7e84bda2764dba21b4f7fb6b91f7008e248b01a87b0883d695e77d9c382cee155fdf3a02a4a498eb3aec1fb6dfe044fd3f30dba12b8dd15265558a2d45e9b484005d7db63e1e9a682fb12c76d3a12cb1066d52d0ebb8e0b24e24aaf8a560be30e091f14bd9642cea7aa9de91c9d09c84072ff4a0a6ac9670d223c550e7c8dd5fa6d697be654d8b8a8ba694367261ee2e0b335a26a03ba4acfba03df60ab74e75561873eb07f1e37eba4e633760154466702a94127df92f8c99a280aa93138b2cf29e3ddee8395d743ea72f701ee300d0c2141a416824d19da68c251c7554314b7facaadf89841f79ef6ed29102f504ad754ae99e12dfb50b9280e07f65224723e618f097cd55da9ceb1d737165f753a6670a27b5708d0e54af83713ce4a5f6caef407278107e8f340e6ef468bb2c302247c9293966c9d790f8424bd123d0eb724510096d7f90507758880001a469b09ce7df51bb3f6cbcffef0a7688dbeb774deb5cad0ac7b90918f733e22c8a67b65ec8793cd27b451a97c1920ad737c0e216b3febff5f956690fe25f7fe3d48a4c612f0c825d51c5405f4ef0d3b0d2150f88776de6545d706d7f8be3e78c971b05caf4e5cf707325c3a7c37c5e84847a2408e03cbac361803c1ebc8d349d6b69041f660a89f0ae83b8b65a4256ff6ff8c12bf0dc6b54297a16be30320a2917a4586c8d16686d4e3ad2f28515caee52b6de25fcfd2dd1d5bfe0bfe347e14d47a7d0b66542ebb1e331b0a27aa56a08ae949c413a8a26eb57ededda8afbb945d0708c35ca02bbba30bf118ebc59a6b4f3b6aad627ce87f7649dcee5d36968b2a7d7baa1ce1dd1caaaa1cbfed6ece2ecf566f93f11a571c7f8f98e71f7da66187fdc69abd8fcf518134b9f9f0064c01a49788d162df27bd18714204573e148dac78cbe11578fafdb73cab8de556c7cc5dd890e5cce9cc2b06bec3d70006b67b761fed615f5da3ed21d3e32bba436ec9cfd455bf65ce63198e4a0003e51a21e2865210e3b28d4dd517008011e4271ee2c6638c8aaf60dc8ef3e3a0e345cee88d9615e16cc5f4b031b8fde27125e7e3804e05629ae84f0f1605f21a99d30e84d3b03a72d4e50811f9bcb053c8a5263e27450d2d4c354a321d3eb30a5ff499a1578ebaf755e5544cb8f10298b8466a0182e9a01bbfbe264e2454e4038f0fd9efab9aa08541021116c9ac729a96176b3d8dde4eefb90babea5af20753ea70c5a5e58e4590d5039495af245075e2df569175ace66a748ec4b650586928f9dfe04dd8b4689aad4ef573bd2ab5eb52887cfb27cbbb2fef32150ed1f6bd4420166657e213f9e15f62c1058021d28ec2c7a86e44392e93cb16292d4f69b165729ef86537704b3a4146f99b8bcddff37d1c05c8945e95747b239e8cac6a7e907e36dc265b2a6a2a9e7b7785b1ab48e894d2530af5afe60d68e3a45af509bed5db2f6460acf2fe6111e944471749612c97d199f7cd1b527b00d7b0b54712c0723f91797014ded54e23addde93c057a3f6f041a0998561accb662ac098f50926d7cbc660c92fd2f27e39124ad220802132be16b87d4d70883e510d4ee3325ab7d98ca967f12075b5a560e3a66088d0e", 0x578}], 0x1, &(0x7f0000000100)=ANY=[]}, 0xe803)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000002d00)="e12d0eaa30a162e8e92577e87cc05d1d6ff2dc557d43056b1296787bc335f96f0f83b6d7d5e849c2c7c033c4aa906b576cdc2534401d66433abd0c6bc821ac18465635acc4b26dae873dfe66603723fce4ee67bba0edbb67245919d771ab8f175e90eb3eb5d3284918287474a155c63179b4b2843674c8ca67eef4339817e39d76418c90f1a4a1e6dc0b947b2a5f73b1c2258f791785919f3cac7e788d5b4781c566e51902a8b417c99046571fbbd33dfd4618d46e120e1acf4fefd4b8d930bc74fd03cffe21143da39b06049ad89337f576f6ac271936bc2eb7543cca7c9cc35c51c1fff3d15d77ac2e84d1ab9558628a913cf4a02046801fead3eeebd25ba9e6ba271721117d68cf766905cefe7d562add0da55f3985d1edbad3042f64307a780e523d7c9a9527a419a40702d33a364e6cc2046638a9e05fc2bbfa2ae1e4e887795da0208a8c3a86aa0cd6508c2f1eeca98d9197295abea9b64b5407a2be9b9ee0dd8f1e929c3c6fe921448f9940ed5f7d429c8de3a9d1da7d9168ba28db7398077601483a33e5f4996fb6a852a67a65ba6c1aa8a48d3b9bcc404b326a8a1a1b75590fa7d0f2f4ba60634e9970ed7519eb2e87e37315ea124a8687c8d9193145f7ac71f559a3f26720c56cfb99787772515789b12212f6faa74b2fbbf7bb38310fd51decaf1aa49b2d0f85f0d206780fe517a1ddf39b1577957a5ecbac70f289e621a8cf9c0746063606ef877c76fea7af0c69541c3ab9baf49c75374f733be30764f639812c786dcbb4d921370108c366293065998a06027eee7d11dc8beb15412fa2006c1a6f0bc3abf2a4d2627345760bbee1a7fb004e0067c7526edf114bfa54be32fa1243e3219fc81565bf2d8d7a365bd223fdaed3e764e57a8808507116541884d6a570910e413cf8267f4750be3cb71faf7e6ea2010538d8546becd09b6730cc165314789a32a18355676f088231fafd6237164dd438d4fa28884b05052ae35a0bbd2e1387be28dd8f0a92e5f87ce3e5bd240be15b545d84de37eeb9fee2482e5208ef018f23758f2ea87d5ec188eca37d4e57501aa59de13853ccdff5ff1949920a64a6bded9a1a9eea6e39a1ba90bbddb6d796f60bbec9b738eafbab7f0b8b6959de55c1f9374eca8768b1d9b38b0f6f3d5b2fc2087e56befb5e5984661d02c3103734864f9a13693f167d5136d0c247ec3959deb197c4ff7b482d6c8d2dd05e10ca77b70636c5cfc50aee58a0b4f7b8cbfffeb726ce2c46df373cdfb7b2f5684ba2c877ef66b8b4be56bd331bbb512eb705334d086c1ddd0f06c1ad5e5d41abe90419aed755c5077257965e2cff5927d5fccbc4ef394341f1054fe6114f8c999ea6ff6f19c76e3b16e7c948a1b7c704dd98aba4ef7950b802a39a5cf9c41d19a318a55112fcb02a589ca825188becbb8ea4bb41db55e01a48c4f3b7d030bc967109b7b4693f0dcead6db70d7ce28c5e7c1daf2c44b67333cf3065e513b0e95fd01ef85b620658412fab3c5335302d9e5f5485a1f1b42e0a03b87887f79f3a2914d8883f48f8505c360a44702543119dd887cdafe51b47845cc8fd9efa056cca8ef3705fce38133afd23f73ad6e1490a18cbbe142d3d85390aa811534ed935243039cbb29147062e4ea29d66101d4b806e4d21b6f50043449fd498edd61c276b9dc2c9df3fac3e7f51547dcd6b40043cac3705817529c4a518bd52eb1c5ff96b6ab81e6a8d049f026f7e808541e4728a48728e64549350768c87fe1d60268e6c746fa6ede1e8a0cf005361d61318739b874519aa89ea511b1729381055e5a13fd0073fede35eab4889514624b1cd92f4acbfddef886368951ab372e2f1d7ee4a8c8fa46d5422457ec5b528e2c9f86e0d6bb27a4cb9e6e58f2fe8a91e9c6383368d60e4a91780e2d788617900739a1d898064f22ddc2930a42816ff438a6fd61b027e44ba49ffba31f2956ab72eb5e323a124e97b1e97f04c25f9ce7646614b", 0x585}], 0x1, &(0x7f00000001c0)}, 0x0)

12:38:32 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x5, 0xc, 0x2009, 0x20000000000001}, 0x2c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000000), &(0x7f0000000100)}, 0x20)

[  252.140693] IPVS: ftp: loaded support on port[0] = 21
[  252.961586] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.968097] bridge0: port 1(bridge_slave_0) entered disabled state
[  252.976632] device bridge_slave_0 entered promiscuous mode
[  253.058227] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.065038] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.073370] device bridge_slave_1 entered promiscuous mode
[  253.153225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  253.230342] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  253.464152] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  253.547321] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  253.700116] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  253.707268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  253.946885] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  253.954747] team0: Port device team_slave_0 added
[  254.034177] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  254.042169] team0: Port device team_slave_1 added
[  254.122427] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  254.202668] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  254.282688] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  254.290041] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  254.299264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  254.378874] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  254.386675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  254.395997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  255.280422] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.286928] bridge0: port 2(bridge_slave_1) entered forwarding state
[  255.293935] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.300367] bridge0: port 1(bridge_slave_0) entered forwarding state
[  255.309142] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  255.652762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  258.504155] 8021q: adding VLAN 0 to HW filter on device bond0
[  258.805110] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  259.095153] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  259.101392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  259.109441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  259.400524] 8021q: adding VLAN 0 to HW filter on device team0
12:38:42 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x2004e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @rand_addr}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000300000000000000000000009500000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48)
r2 = socket$kcm(0x29, 0x1000000000002, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1})
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)={0x14}, 0x20000514}}, 0x58d1)

12:38:42 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x14, 0x4, 0x1, 0x319}, 0x14}}, 0x0)
sendmsg$nl_netfilter(r0, &(0x7f0000000000)={&(0x7f0000de2ff4), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x1, 0x1, 0xffffffffffffffff}, 0x14}}, 0x0)

12:38:42 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000240)="637075092609360a00ff00dc2edfbb6bad1bf3f65f7c53933e9415236291ecf212bbd0cd30a4daa8e16f2abd7d4556ba36aeee2834e48d1708a7b03447c238fb1994df114a450298506d0f289809055bd9ad7ca3c9597ef4f7f9469cf08348b512dc4d80321fa68a891c")

12:38:42 executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600)
write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0xfffffe4c)
write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'rdma'}]}, 0x20000006)

12:38:42 executing program 2:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x2, 0x5, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x2, &(0x7f0000000180), 0x8)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x8d4, 0x20}, 0x2c)
recvmsg$kcm(0xffffffffffffffff, &(0x7f000000bc80)={&(0x7f000000bac0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f000000bb80), 0x0, &(0x7f000000bbc0)=""/152, 0x98}, 0x0)
sendmsg$kcm(r0, &(0x7f0000001600)={&(0x7f0000000000)=@in={0x2, 0x2000000, @dev={0xac, 0x14, 0x14, 0x18}}, 0x80, &(0x7f0000001340)=[{&(0x7f0000000080)="e5", 0x1}], 0x1, &(0x7f00000013c0)}, 0x0)

12:38:42 executing program 4:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x615, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0xc020660b, 0x0)

[  261.738095] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  261.851721] hrtimer: interrupt took 779186 ns
12:38:43 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
r1 = socket$inet6(0xa, 0x803, 0x8)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070")
write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0xffffff84)

12:38:43 executing program 1:
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f0000000280)={0x0, 0x70, 0x16, 0x40, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, @perf_config_ext})
perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

12:38:43 executing program 4:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$kcm(0x10, 0x800000000002, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="2e000000120081aee4050cecff0e00fa078b5bdb4cb904e473730e55cff26d1b0e000980000000005e510befccd7", 0x2e}], 0x1, &(0x7f00000013c0)}, 0x0)

12:38:43 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x2004e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @rand_addr}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000300000000000000000000009500000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48)
r2 = socket$kcm(0x29, 0x1000000000002, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1})
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)={0x14}, 0x20000514}}, 0x58d1)

12:38:43 executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @loopback}, 0x10)

12:38:43 executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600)
write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0xfffffe4c)
write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'rdma'}]}, 0x20000006)

12:38:43 executing program 1:

12:38:43 executing program 4:

12:38:44 executing program 2:

12:38:44 executing program 1:

12:38:44 executing program 0:

12:38:44 executing program 4:

12:38:44 executing program 2:

12:38:44 executing program 5:

12:38:44 executing program 1:

12:38:44 executing program 0:

12:38:44 executing program 5:

12:38:45 executing program 3:

12:38:45 executing program 2:

12:38:45 executing program 4:

12:38:45 executing program 5:

12:38:45 executing program 0:

12:38:45 executing program 1:

12:38:45 executing program 4:

12:38:45 executing program 2:

12:38:45 executing program 1:

12:38:45 executing program 0:

12:38:45 executing program 5:

12:38:45 executing program 4:

12:38:46 executing program 3:

12:38:46 executing program 2:

12:38:46 executing program 1:

12:38:46 executing program 5:

12:38:46 executing program 0:

12:38:46 executing program 4:

12:38:46 executing program 1:

12:38:46 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'Xat\x00', 0x19, 0x3, 0x368, [0x20001600, 0x0, 0x0, 0x200018d8, 0x20001908], 0x0, &(0x7f0000000240), &(0x7f0000001600)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{{{0x1b, 0x0, 0x0, 'sit0\x00', 'erspan0\x00', 'b\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0xb0, 0x120, 0x158, [@statistic={'statistic\x00', 0x18}]}, [@snat={'snat\x00', 0x10, {{@dev}}}, @arpreply={'arpreply\x00', 0x10, {{@broadcast}}}]}, @arpreply={'arpreply\x00', 0x10}}, {{{0x3, 0x0, 0x0, 'vcan0\x00', 'nr0\x00', 'veth1_to_bridge\x00', 'ip6gretap0\x00', @dev, [], @remote, [], 0x70, 0xa8, 0xd8}, [@snat={'snat\x00', 0x10}]}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x1, [{{{0x3, 0x0, 0x0, 'ifb0\x00', 'dummy0\x00', 'ip_vti0\x00', 'ip6tnl0\x00', @broadcast, [], @link_local, [], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev}}}}]}]}, 0x3e0)

12:38:46 executing program 3:
accept$unix(0xffffffffffffff9c, &(0x7f0000000680)=@abs, &(0x7f0000000240)=0x6e)
socketpair$inet(0x2, 0x0, 0x0, &(0x7f0000001180))
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000011c0), 0x4)
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'Xat\x00', 0x19, 0x3, 0x3e0, [0x20001600, 0x0, 0x0, 0x200018d8, 0x20001908], 0x0, &(0x7f0000000240), &(0x7f0000001600)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{{{0x1b, 0x0, 0x86dd, 'sit0\x00', 'erspan0\x00', 'b\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x128, 0x198, 0x1d0, [@statistic={'statistic\x00', 0x18}, @ip6={'ip6\x00', 0x50, {{@local, @dev}}}]}, [@snat={'snat\x00', 0x10, {{@dev}}}, @arpreply={'arpreply\x00', 0x10, {{@broadcast}}}]}, @arpreply={'arpreply\x00', 0x10}}, {{{0x3, 0x0, 0x0, 'vcan0\x00', 'nr0\x00', 'veth1_to_bridge\x00', 'ip6gretap0\x00', @dev, [], @remote, [], 0x70, 0xa8, 0xd8}, [@snat={'snat\x00', 0x10}]}, @common=@AUDIT={'AUDIT\x00', 0x8}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xfffffffffffffffe, 0x1, [{{{0x3, 0x0, 0x0, 'ifb0\x00', 'dummy0\x00', 'ip_vti0\x00', 'ip6tnl0\x00', @broadcast, [], @link_local, [], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev}}}}]}]}, 0x458)

12:38:46 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080))
r2 = epoll_create1(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000440)={{&(0x7f0000012000/0x3000)=nil, 0x3000}, 0x1})
r3 = syz_open_dev$sndtimer(&(0x7f0000f85ff1)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000013000))
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0f85403, &(0x7f0000000000)={0x3})
dup3(r2, r3, 0x0)
dup3(r2, r1, 0x0)

12:38:46 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000400))
ioctl$BLKROTATIONAL(0xffffffffffffffff, 0x127e, &(0x7f0000000040))

12:38:46 executing program 4:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
socket(0x0, 0x0, 0x0)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100))
ptrace(0x10, r0)
ptrace(0x4208, r0)
ptrace$getregset(0x4205, 0x0, 0x202, &(0x7f0000000080)={&(0x7f0000000040)=""/61, 0xffffff78})

[  265.878762] kernel msg: ebtables bug: please report to author: Valid hook without chain
[  266.055494] x_tables: eb_tables: snat target: only valid in nat table, not Xat
[  266.064141] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
12:38:47 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
open(&(0x7f0000000080)='./file0\x00', 0x101841, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0)
fremovexattr(0xffffffffffffffff, &(0x7f0000000100)=@known='com.apple.FinderInfo\x00')
mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='fuseblk\x00', 0x0, &(0x7f0000000340)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})

12:38:47 executing program 4:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
socket(0x0, 0x0, 0x0)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100))
ptrace(0x10, r0)
ptrace(0x4208, r0)
ptrace$getregset(0x4205, 0x0, 0x202, &(0x7f0000000080)={&(0x7f0000000040)=""/61, 0xffffff78})

[  266.241941] ==================================================================
[  266.249404] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830
[  266.257054] CPU: 1 PID: 7928 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #66
[  266.264266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  266.273633] Call Trace:
[  266.276254]  dump_stack+0x306/0x460
[  266.279921]  ? vmx_set_constant_host_state+0x1778/0x1830
[  266.285433]  kmsan_report+0x1a2/0x2e0
[  266.289287]  __msan_warning+0x7c/0xe0
[  266.293135]  vmx_set_constant_host_state+0x1778/0x1830
[  266.298461]  vmx_create_vcpu+0x3e6f/0x7870
[  266.302734]  ? kmsan_set_origin_inline+0x6b/0x120
[  266.307610]  ? __msan_poison_alloca+0x17a/0x210
[  266.312334]  ? vmx_vm_init+0x340/0x340
[  266.316243]  kvm_arch_vcpu_create+0x25d/0x2f0
[  266.318834] x_tables: eb_tables: snat target: only valid in nat table, not Xat
[  266.320777]  kvm_vm_ioctl+0x13fd/0x33d0
[  266.332134]  ? __msan_poison_alloca+0x17a/0x210
[  266.336857]  ? do_vfs_ioctl+0x18a/0x2810
[  266.340942]  ? __se_sys_ioctl+0x1da/0x270
[  266.345131]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  266.350014]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  266.354889]  do_vfs_ioctl+0xcf3/0x2810
[  266.358826]  ? security_file_ioctl+0x92/0x200
[  266.363371]  __se_sys_ioctl+0x1da/0x270
[  266.367392]  __x64_sys_ioctl+0x4a/0x70
[  266.371315]  do_syscall_64+0xbe/0x100
[  266.375150]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  266.380358] RIP: 0033:0x457519
[  266.383582] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  266.402506] RSP: 002b:00007f2470a4dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  266.410242] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[  266.417528] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  266.424807] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  266.432095] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2470a4e6d4
[  266.439383] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff
[  266.446688] 
[  266.448327] Local variable description: ----dt@vmx_set_constant_host_state
[  266.455343] Variable was created at:
[  266.459091]  vmx_set_constant_host_state+0x2b0/0x1830
[  266.464304]  vmx_create_vcpu+0x3e6f/0x7870
[  266.468543] ==================================================================
[  266.475928] Disabling lock debugging due to kernel taint
[  266.481402] Kernel panic - not syncing: panic_on_warn set ...
[  266.481402] 
[  266.488799] CPU: 1 PID: 7928 Comm: syz-executor0 Tainted: G    B             4.19.0-rc4+ #66
[  266.497391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  266.506761] Call Trace:
[  266.509379]  dump_stack+0x306/0x460
[  266.513051]  panic+0x54c/0xafa
[  266.516313]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  266.521790]  kmsan_report+0x2d3/0x2e0
[  266.525629]  __msan_warning+0x7c/0xe0
[  266.529462]  vmx_set_constant_host_state+0x1778/0x1830
[  266.534789]  vmx_create_vcpu+0x3e6f/0x7870
[  266.539055]  ? kmsan_set_origin_inline+0x6b/0x120
[  266.543931]  ? __msan_poison_alloca+0x17a/0x210
[  266.548651]  ? vmx_vm_init+0x340/0x340
[  266.552570]  kvm_arch_vcpu_create+0x25d/0x2f0
[  266.557099]  kvm_vm_ioctl+0x13fd/0x33d0
[  266.561113]  ? __msan_poison_alloca+0x17a/0x210
[  266.565816]  ? do_vfs_ioctl+0x18a/0x2810
[  266.569900]  ? __se_sys_ioctl+0x1da/0x270
[  266.574072]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  266.578971]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  266.583845]  do_vfs_ioctl+0xcf3/0x2810
[  266.587795]  ? security_file_ioctl+0x92/0x200
12:38:47 executing program 5:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
socket(0x0, 0x0, 0x0)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100))
ptrace(0x10, r0)
ptrace(0x4208, r0)
ptrace$getregset(0x4205, 0x0, 0x202, &(0x7f0000000080)={&(0x7f0000000040)=""/61, 0xffffff78})

[  266.592324]  __se_sys_ioctl+0x1da/0x270
[  266.596337]  __x64_sys_ioctl+0x4a/0x70
[  266.600250]  do_syscall_64+0xbe/0x100
[  266.604084]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  266.609298] RIP: 0033:0x457519
[  266.612521] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  266.631438] RSP: 002b:00007f2470a4dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  266.639182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[  266.646470] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  266.653821] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  266.661114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2470a4e6d4
[  266.668407] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff
[  266.676694] Kernel Offset: disabled
[  266.680336] Rebooting in 86400 seconds..