[ 56.566583] audit: type=1800 audit(1538568575.606:27): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 57.949191] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 62.075169] random: sshd: uninitialized urandom read (32 bytes read) [ 62.541187] random: sshd: uninitialized urandom read (32 bytes read) [ 64.533516] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. [ 70.363321] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/03 12:09:51 fuzzer started [ 74.947974] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/03 12:09:56 dialing manager at 10.128.0.26:45967 2018/10/03 12:09:56 syscalls: 1 2018/10/03 12:09:56 code coverage: enabled 2018/10/03 12:09:56 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/03 12:09:56 setuid sandbox: enabled 2018/10/03 12:09:56 namespace sandbox: enabled 2018/10/03 12:09:56 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/03 12:09:56 fault injection: enabled 2018/10/03 12:09:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/03 12:09:56 net packed injection: enabled 2018/10/03 12:09:56 net device setup: enabled [ 80.119400] random: crng init done 12:12:03 executing program 0: [ 205.382309] IPVS: ftp: loaded support on port[0] = 21 [ 207.706239] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.712885] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.721425] device bridge_slave_0 entered promiscuous mode [ 207.918101] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.924723] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.933273] device bridge_slave_1 entered promiscuous mode [ 208.070681] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 208.209042] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 12:12:07 executing program 1: [ 208.634105] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.837367] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.137050] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 209.144269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.286720] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.293936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.530150] IPVS: ftp: loaded support on port[0] = 21 [ 209.953109] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.961214] team0: Port device team_slave_0 added [ 210.187040] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.195344] team0: Port device team_slave_1 added [ 210.362255] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.369395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.378546] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.646320] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.653608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.662673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.838148] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.846009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.855720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.020250] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.028052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.037442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.298932] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.305529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.312636] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.319089] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.328063] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.442905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.614648] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.621119] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.629877] device bridge_slave_0 entered promiscuous mode [ 213.865520] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.872149] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.880684] device bridge_slave_1 entered promiscuous mode [ 214.069130] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 214.209517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 12:12:13 executing program 2: [ 214.887821] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 215.133502] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 215.395067] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 215.403812] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 215.582883] IPVS: ftp: loaded support on port[0] = 21 [ 215.735219] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 215.742378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 216.558826] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 216.567035] team0: Port device team_slave_0 added [ 216.886317] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 216.894660] team0: Port device team_slave_1 added [ 217.186364] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 217.193512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.202570] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.529317] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 217.536528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.545429] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.852565] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 217.860282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.869556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.196218] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 218.203935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.213107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.069812] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.076381] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.085669] device bridge_slave_0 entered promiscuous mode [ 220.363545] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.370024] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.378579] device bridge_slave_1 entered promiscuous mode [ 220.660827] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 220.914239] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 221.384572] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.391137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.398193] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.404723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.414737] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 221.719815] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 221.828116] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.065444] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.290641] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.297944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.623094] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 222.630142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 12:12:22 executing program 3: [ 223.580801] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.589194] team0: Port device team_slave_0 added [ 223.916364] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.924569] team0: Port device team_slave_1 added [ 224.110699] IPVS: ftp: loaded support on port[0] = 21 [ 224.356064] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.363237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.372082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.689535] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.696825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.705873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.076409] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.084177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.093413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.408427] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.416261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.425315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.671177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.095408] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 228.538909] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.545419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.553604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.523610] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.530097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.537117] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.543641] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.553041] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 229.993011] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.031591] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.038387] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.047062] device bridge_slave_0 entered promiscuous mode [ 230.333331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.453644] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.460113] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.468678] device bridge_slave_1 entered promiscuous mode [ 230.880382] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 231.224828] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 232.212729] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 232.557275] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.735635] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 232.743247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 233.156764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 233.164069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 12:12:32 executing program 4: [ 234.316669] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 234.325018] team0: Port device team_slave_0 added [ 234.741931] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 234.750012] team0: Port device team_slave_1 added [ 235.181773] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 235.188870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.198200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.311037] IPVS: ftp: loaded support on port[0] = 21 [ 235.547129] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 235.554422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 235.563272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 235.981195] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 235.989033] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.998290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.473957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.480930] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.488836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.497958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.068606] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 12:12:38 executing program 0: [ 239.731354] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 239.737961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.745920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 12:12:39 executing program 0: socket$alg(0x26, 0x5, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x40000000000074, 0x315) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='lp\x00', 0x3) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x2f0c, 0x20008001, &(0x7f0000e68000)={0x2, 0x4e23, @loopback, [0x4002000000000000, 0xb00, 0x0, 0x0, 0x0, 0x0, 0xfeffffff]}, 0x10) r1 = dup3(r0, r0, 0x80000) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x0, 0x4, [0x1, 0x3ff, 0xd3f, 0xbcdc]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000140)={r3, 0x9, 0x1, 0x400, 0x5, 0x1}, 0x14) ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000040)={0x3, r2}) 12:12:39 executing program 0: socket$alg(0x26, 0x5, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x40000000000074, 0x315) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='lp\x00', 0x3) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x2f0c, 0x20008001, &(0x7f0000e68000)={0x2, 0x4e23, @loopback, [0x4002000000000000, 0xb00, 0x0, 0x0, 0x0, 0x0, 0xfeffffff]}, 0x10) r1 = dup3(r0, r0, 0x80000) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x0, 0x4, [0x1, 0x3ff, 0xd3f, 0xbcdc]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000140)={r3, 0x9, 0x1, 0x400, 0x5, 0x1}, 0x14) ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000040)={0x3, r2}) [ 241.559289] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.565872] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.572916] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.579404] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.588050] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 12:12:40 executing program 0: r0 = socket$inet6_sctp(0xa, 0xfffffffffffffffd, 0x84) socketpair(0x2, 0x40000000000002, 0x800, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x5452, &(0x7f0000000000)) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000280)={'filter\x00', 0x0, 0x3, 0x67, [], 0x1, &(0x7f0000000180)=[{}], &(0x7f0000000200)=""/103}, &(0x7f0000000300)=0x78) recvfrom$packet(r2, &(0x7f0000000080)=""/253, 0xfd, 0x0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="58fe25ae1447"}, 0x709000) close(r1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x10001, @local, 0x3}}, 0x9, 0x9658, 0x100000001, 0x9, 0x84}, &(0x7f00000001c0)=0x98) [ 241.604537] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.752044] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 12:12:41 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000300)={r1, 0x3, 0x6, @local}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r1, 0x1, 0x232, @remote}, 0x10) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000001c0)={{{@in=@multicast2, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000100)=0xe8) getgroups(0x4, &(0x7f0000000140)=[0xee01, 0xee00, 0xee01, 0x0]) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x40028, &(0x7f0000000540)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000070000,user_id=', @ANYRESDEC=r3, @ANYBLOB=',group_id=', @ANYRESDEC=r4, @ANYBLOB="2c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030342c666f776e65723dcd13d838005df904d8b7642d99368b2c80468ac3b3f89b6117d21ee4aff068655b78001bf390794e93504b0ce6cff924ac5a3fe41e4bb12d4e0d9bb280fe08f16c191cd5c6de37ce4af55c987e4c79feaced9b167598a5d86e493088ce77001f5c83d7d5bba89499f6e8a5c68020", @ANYRESDEC=r5, @ANYBLOB=',smackfsdef=^wlan1+^,\x00']) [ 242.181126] device team_slave_0 entered promiscuous mode [ 242.186885] device team_slave_1 entered promiscuous mode [ 242.312089] device team_slave_0 left promiscuous mode [ 242.317389] device team_slave_1 left promiscuous mode 12:12:41 executing program 0: r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x8000) ioctl$SCSI_IOCTL_DOORUNLOCK(r0, 0x5381) socket$packet(0x11, 0x253dba69382934df, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f00000001c0)={0x1, 0x1}, 0xfb20c8f99ab56cf6) [ 242.662466] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.668965] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.706023] device bridge_slave_0 entered promiscuous mode [ 243.168089] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.174704] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.183427] device bridge_slave_1 entered promiscuous mode 12:12:42 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000ac5000), 0x4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) connect$unix(r1, &(0x7f00002ffff6)=@file={0x0, './file0\x00'}, 0xa) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000a8cff0)={0x1, &(0x7f0000528000)=[{0x6}]}, 0x10) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000000040)={'ip6gretap0\x00', {0x2, 0x4e23}}) close(r0) connect$unix(r1, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e20}, 0x6e) r2 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x6, 0xa100) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400004}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xcc, r3, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3f}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xe5}, @IPVS_CMD_ATTR_SERVICE={0x44, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@dev={0xfe, 0x80, [], 0xc}}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x40}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3a}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x20000040}, 0x1) finit_module(r2, &(0x7f0000000380)='ppp1nodevwlan0&ppp0\\posix_acl_access\x00', 0x3) ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f0000000140)={0x6, 0xfffffffffffff000}) ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0xfffffffffffff001) [ 243.588761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 12:12:43 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setsig(r0, 0xa, 0xb) fcntl$setlease(r0, 0x400, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, &(0x7f0000d31ff0), &(0x7f00007adff0)={0x77359400}, 0x8) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') truncate(&(0x7f000037eff8)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) [ 244.105164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 245.316254] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 245.655381] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 246.030743] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 246.038081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 246.318225] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 246.325541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 246.874096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.148866] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 247.157057] team0: Port device team_slave_0 added [ 247.420579] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 247.428728] team0: Port device team_slave_1 added [ 247.770120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 247.785817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 247.794679] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 248.033682] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 248.040738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 248.049690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 248.117561] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 248.377012] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 248.384725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 248.394025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 248.723655] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 248.731260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 248.741137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.451548] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 249.458362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 249.466527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 12:12:48 executing program 1: [ 250.423524] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.347206] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.353774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.360746] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.367349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.376315] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.383039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 253.949441] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.731056] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 255.510871] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 255.517773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 255.525785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 12:12:54 executing program 2: [ 256.364779] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.691945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.224157] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 259.729220] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.735710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.743611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 12:12:58 executing program 3: [ 260.226748] 8021q: adding VLAN 0 to HW filter on device team0 12:13:01 executing program 4: 12:13:01 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000000)={0x1, 0x9, 0x81, 0x5}, 0x8) sendto$inet6(r0, &(0x7f00000001c0)="9e6829dad8e5ac7b9f14c7654c84411ee98280bb73dc47663fea5f17e8250344754b4706df89d6b97c7f0f7e1a84547e9a338ac46c2d6bd0f57d42bda622b64908ddfddf723b5cd4ba6b64a7c39d8384435404c4364d189d00e48d8e991c081b748d73ac5de16ed56f712abafbce9c8493a3e25a580c25598ed37609d641690f649aa3315683f6aa093ba51c95aa1f004054f2baeeeae818244cc79497e78417f5d3f69cf8df57cf7ae649ccf6fd75a6f86abcedda22af519770f5abba9e", 0xbe, 0x4008000, &(0x7f0000000100)={0xa, 0x4e22, 0x6, @empty, 0x8}, 0x1c) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0xd1, &(0x7f0000000180)=0x3c, 0x4) ioctl(r1, 0x8912, &(0x7f0000000380)) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0xda38, 0x408000) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000140)={0xb7f4, 0x1, 0x100000800}, 0xc) ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000000080)=0x9) 12:13:01 executing program 5: umount2(&(0x7f0000000000)='./file0\x00', 0x2) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000080)) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000000c0)={0x1, 0x0, 0x2, 0x3, 0x2}, 0xc) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140)='security.ima\x00', &(0x7f0000000180)=@sha1={0x1, "dea760b744a912abfbd6abb48e9aa187d9181fad"}, 0x15, 0x1) r1 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)="4b137e81704def5a61386d1f0aaa863a08fcd2b917f7a3659453db6f7002590922c74926db621a516be2068b1963bbbc5d17223951335e1770ff7b2390fa5d6572c17cb03880a46bbed5bbb4635db0af4b50bbc3d02c021f4cd56ae5f70f4502d5fe4286a3a99988c6a9e1280fbb795f1b6ab150959da05917f92d4c3f01691dba1d9fcb30a90c3d93998dfed02cd7e9c35e69ffca8c3ab206060ab2f0202ca0d7d8f9e621fd923ee26c4f46fe34649d0ccab0b4c66592455b3107970a4c283c46a5485cd696fa939f48b73728694814bc4ad730", 0xd4, 0xfffffffffffffffe) r2 = request_key(&(0x7f0000000340)='rxrpc_s\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='\x00', 0xfffffffffffffff9) keyctl$negate(0xd, r1, 0x40, r2) ioctl$UI_END_FF_UPLOAD(r0, 0x406855c9, &(0x7f0000000400)={0xe, 0x20, {0x53, 0x4, 0x3d12, {0x3, 0x2}, {0x4, 0x2}, @rumble={0x200, 0x7ff}}, {0x53, 0xbd, 0xffff, {0xe1, 0x6}, {0x400}, @const={0x3f, {0x0, 0xffffffff, 0x48f0c63d, 0x2a55}}}}) ioctl$TIOCLINUX7(r0, 0x541c, &(0x7f0000000480)={0x7, 0xa0e}) bind$vsock_dgram(r0, &(0x7f00000004c0), 0x10) openat$ion(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ion\x00', 0x800, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff}) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f0000000580)=""/3) r4 = socket$inet6(0xa, 0x6, 0xffffffffffffdd2e) write$P9_RWSTAT(r0, &(0x7f00000005c0)={0x7, 0x7f, 0x2}, 0x7) ioctl$NBD_DISCONNECT(r0, 0xab08) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000600)={{{@in6=@mcast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6=@dev}}, &(0x7f0000000700)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000000740)={{{@in6=@loopback, @in6=@ipv4={[], [], @rand_addr}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000000840)=0xe8) r8 = getuid() setresuid(r5, r7, r8) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000880)={0x37}) socket$rds(0x15, 0x5, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f00000008c0)={0x2, 0xffffffff7fffffff, 0x2, 0xfff, 0x2, 0x74e, 0x30000000000000, 0x2, 0x0}, &(0x7f0000000900)=0x20) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000940)={r9, 0x4, 0x1ff, 0x10001}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x18800100}, 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)=@newtclass={0x58, 0x28, 0x824, 0x70bd29, 0x25dfdbfc, {0x0, r6, {0xa}, {0x0, 0x10}, {0x11, 0xc}}, [@tclass_kind_options=@c_drr={{0x8, 0x1, 'drr\x00'}, {0xc, 0x2, @TCA_DRR_QUANTUM={0x8, 0x1, 0x2}}}, @TCA_RATE={0x8, 0x5, {0x6879aa92, 0x81}}, @TCA_RATE={0x8, 0x5, {0x5, 0xa4a}}, @TCA_RATE={0x8, 0x5, {0x4, 0x5}}, @TCA_RATE={0x8, 0x5, {0x3, 0x7ff}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40}, 0x44) socketpair$inet(0x2, 0x7, 0xe82, &(0x7f0000000ac0)) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000b00)={r9, 0x6}, &(0x7f0000000b40)=0x8) mq_getsetattr(r0, &(0x7f0000000b80)={0x340, 0x0, 0x4a2c, 0x2, 0x5, 0x280, 0x80000000, 0x7}, &(0x7f0000000bc0)) 12:13:01 executing program 1: 12:13:01 executing program 2: 12:13:01 executing program 3: 12:13:01 executing program 1: 12:13:01 executing program 4: 12:13:01 executing program 2: 12:13:01 executing program 3: 12:13:01 executing program 0: 12:13:01 executing program 1: 12:13:01 executing program 4: 12:13:02 executing program 2: [ 263.425752] IPVS: ftp: loaded support on port[0] = 21 [ 264.718676] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.725246] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.734163] device bridge_slave_0 entered promiscuous mode [ 264.816174] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.822860] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.830447] device bridge_slave_1 entered promiscuous mode [ 264.910203] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 264.988001] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 265.215975] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 265.296306] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 265.379061] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 265.386103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 265.466052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 265.473106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 265.710593] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 265.718286] team0: Port device team_slave_0 added [ 265.795504] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 265.803194] team0: Port device team_slave_1 added [ 265.880048] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 265.962736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 266.045071] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 266.052486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 266.061369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 266.139706] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 266.147210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 266.156510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 267.037720] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.044193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.050972] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.057557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.065917] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 267.391935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 270.240381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.550780] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 270.848166] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 270.854551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 270.862662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 271.163654] 8021q: adding VLAN 0 to HW filter on device team0 12:13:12 executing program 5: 12:13:12 executing program 0: 12:13:12 executing program 3: 12:13:12 executing program 4: 12:13:12 executing program 1: 12:13:12 executing program 2: 12:13:12 executing program 3: 12:13:12 executing program 4: 12:13:12 executing program 1: 12:13:12 executing program 0: 12:13:12 executing program 5: 12:13:12 executing program 2: r0 = socket$inet6(0xa, 0x800000001, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x4003) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_misc(r1, &(0x7f0000000300)=ANY=[], 0xfe7c) write$binfmt_elf32(r1, &(0x7f0000000140)=ANY=[], 0xffef) r2 = accept4(r0, 0x0, &(0x7f0000000040), 0x0) shutdown(r2, 0x2) 12:13:12 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="c744240006000000c744240200000080c7442406000000000f01142466b8c2008ec80f070f0f369a0f2002674669f9c12c000026660f38157e0f660f0dbead00000066baf80cb8bcecb281ef66bafc0cb80b000000ef0f20d835080000000f22d8", 0x61}], 0x1, 0x0, &(0x7f0000000040), 0x1000000000000286) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:13:12 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004802, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f00000002c0)=[{}], 0x1) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x0, 0x0, @dev, 0x200000000009}, 0x1c) sendmsg(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2c7c579a7ae9c96d5cc9ad926a3eea1cf89515d52fc430", 0x17}], 0x1, &(0x7f0000000440)}, 0xc100) sendmsg(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000001180)="b10b938636ea69df7b5a9984bb1bc72ef58d96e56e11df900a707f4946b1637e2096c584b9a1b4e017163fbdb35160a56c11dfbe74df97d36d19ad6a91c6fb4ad19581b8cf707131830f7a22b1b263c9da0e443c5e969ed6a0d3bc508bf75c3147447379f585759ceba0de5cda46291dc1b8f106a83e1cde43a862d95413ce2616b261ed9f79913ae781b3b843ea1b4429a750b8ccb1952a7b863d0bada9f61df6609fe368eaf47c0ce9e46a22b0d75b063deeaa94285d0c43353046e0a308296a76b0b0145f8af9aa0ed0e18bc50509eaef21c8e03842a97df3a462ea3f9d5f83bf1d4d2875f0d5b24e941483f863cd2ea7c769bd3e594fb173dd873c7d9a3fd20939ad1d5867881ed77a078007b4972aba36cae02004373a6a74d74cb15a52c5f8426cb6f235d38048fd91f5d6100fd58a335df10add227d804167ba191c7a035c5a2a916e7fef18a6003578820b3e0be26a22f2c149f40a0335cadcca64a5e44179e6ce4d7f7c16e8a96c5be7cdf66eef901cb8eeabc94bae30acca8c6fa02889c32311044dcbc9a2e02e0632f7f9aa96849abede543773745e4652fccc503003f10cd68ddab594969ad36cb622ed7ba22dc46a80fb63ac2c561a80ae5c10b295", 0x1c2}], 0x1, &(0x7f0000000200)}, 0x8000) sendmsg(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001480)="d09a0e63c9476288b671afdbd53a5994e137381f62021d1951b627b8dda57a5d17d744648c81c5703ed8146ab1b0171f89091b1dd3238d03dbb686df460963245dedf2973ee555af99499e44ad420dbf65fd46fbc99a1274429e2d5783751815828ec8cb3553110cca66460215353d19f6d8bbd8fb264eddea60b18e16c31aa5e200000491634ac2fd10e2cd30bcd7fede24263a7fff16e53ea293f3551b7147c33a44ea437fb1515c3e8d4f162fdebf8ebe11ae6fcd9372c8d8f19556ae091fe94215ae9434da412f6fa4cb6561e5f78ff9707844ee5d573fb294437722d9a06dfa61748c32c73d759933a8dd344c947d3efdbe90d0eb049df5fbb0c19f6785264b619c530d97395d44b04f7e2a280d658c7871ad373b792678c49227999651ef3b2ee1bc2b8f3035db376e8e09aa3837233c8713065a8ad131d24f6c42a3220d0e07c3d3e95d59a5dd10c09716b5f874ecf53aadfa5050ff40f2c3c4a629b6445e5836100afff5a8977583653b40ca316f8f11416e5c1bd5499636ddae25fc4970b37209cf5c0bf8e432160c258d14223baa52798e09858645773dd97e68a95310da713cff077b06000000d4f145e9199c126a7f235e5674a3c7f5c7129ac7c1a3319590249b6d34ef6c3d8b94c6fc7cdcbddb053243053f7bc1f230d3bc7dfc4359e33992d0a3946b914a093287a76ac4a249b5b86cc75476466e409553355fefab75e9268a8751ffc9481fcff1f49c475699595b315e2147ee038b7291600c6b1cf7c8f24d587b9464a67e5ccec17820e711b98f4f7d5053642068a3fff704c3fe26ba862b53e2622d6e8b4a4c815fb2ea90ef63e141209dd292fdf886ee3e64b90f47ce22661c7a21f7bc10df0248079b7be17284eb54e5ab5bde9c6857b3cb184586049e7741b2d8b5b1a19e99e183", 0x292}], 0x1, &(0x7f0000001780)}, 0x0) accept4(r0, 0x0, &(0x7f00000000c0), 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x40, 0x0) write$P9_RWSTAT(r2, &(0x7f0000000180)={0x7}, 0x7) accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x80800) [ 273.804311] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 273.868403] sctp: failed to load transform for md5: -2 12:13:13 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r1, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) clone(0x6102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x13800000000000}) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000040)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 12:13:13 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="240000005e0007031dfffd946fa2830020200a00090003007a1d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000007140)=[{{&(0x7f0000000180)=@generic, 0x80, &(0x7f00000000c0), 0x0, &(0x7f00000003c0)=""/189, 0xbd}}], 0x1, 0x0, &(0x7f0000007340)) [ 274.090878] hrtimer: interrupt took 59777 ns 12:13:13 executing program 4: [ 274.189188] ================================================================== [ 274.196625] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590 [ 274.203149] CPU: 1 PID: 7860 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63 [ 274.210355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 274.219722] Call Trace: [ 274.222355] dump_stack+0x306/0x460 [ 274.226011] ? loaded_vmcs_init+0x343/0x590 [ 274.230382] kmsan_report+0x1a3/0x2d0 [ 274.234227] __msan_warning+0x7c/0xe0 [ 274.238066] loaded_vmcs_init+0x343/0x590 [ 274.242264] __loaded_vmcs_clear+0x2fb/0x3c0 [ 274.246716] generic_exec_single+0x17b/0x500 [ 274.251158] ? vmx_get_msr_feature+0x180/0x180 [ 274.255780] smp_call_function_single+0x290/0x500 [ 274.260670] ? vmx_get_msr_feature+0x180/0x180 [ 274.265306] vmx_free_vcpu+0x582/0x8a0 [ 274.269237] ? vmx_create_vcpu+0x7920/0x7920 [ 274.273687] kvm_arch_destroy_vm+0x727/0xcd0 [ 274.278138] kvm_put_kvm+0x100b/0x1cf0 [ 274.282085] kvm_vm_release+0x67/0x90 [ 274.285920] ? kvm_vm_compat_ioctl+0x420/0x420 [ 274.290540] __fput+0x4e8/0xda0 [ 274.293887] ____fput+0x37/0x40 [ 274.297201] ? fput+0x3e0/0x3e0 [ 274.300528] task_work_run+0x467/0x500 [ 274.304460] get_signal+0x2198/0x2390 [ 274.308287] ? vmalloc_to_page+0x57d/0x6b0 [ 274.312584] ? kmsan_set_origin_inline+0x6b/0x120 [ 274.317465] ? __msan_poison_alloca+0x17a/0x210 [ 274.322176] ? do_signal+0x1d6/0x2da0 [ 274.326010] ? prepare_exit_to_usermode+0x293/0x470 [ 274.331073] do_signal+0x1ed/0x2da0 [ 274.334762] ? kmsan_set_origin_inline+0x6b/0x120 [ 274.339641] ? __msan_poison_alloca+0x17a/0x210 [ 274.344354] ? prepare_exit_to_usermode+0x53/0x470 [ 274.349321] prepare_exit_to_usermode+0x293/0x470 [ 274.354212] syscall_return_slowpath+0x112/0x880 [ 274.359007] ? fput+0x38d/0x3e0 [ 274.362328] ? __se_sys_ioctl+0x239/0x270 [ 274.366533] do_syscall_64+0xe4/0x100 [ 274.370376] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.375592] RIP: 0033:0x457579 [ 274.378809] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 274.397754] RSP: 002b:00007f41b1e64c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 274.405508] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000457579 [ 274.412812] RDX: 0000000020000400 RSI: 000000004020ae46 RDI: 0000000000000004 [ 274.420123] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 274.427436] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41b1e656d4 [ 274.434731] R13: 00000000004c8540 R14: 00000000004d03c0 R15: 00000000ffffffff [ 274.442047] [ 274.443697] Local variable description: ----error.i@loaded_vmcs_init [ 274.450189] Variable was created at: [ 274.453941] loaded_vmcs_init+0x8a/0x590 [ 274.458030] __loaded_vmcs_clear+0x2fb/0x3c0 [ 274.462449] ================================================================== [ 274.469834] Disabling lock debugging due to kernel taint [ 274.475338] Kernel panic - not syncing: panic_on_warn set ... [ 274.475338] [ 274.482734] CPU: 1 PID: 7860 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #63 [ 274.491340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 274.500716] Call Trace: [ 274.503356] dump_stack+0x306/0x460 [ 274.507050] panic+0x54c/0xafa [ 274.510342] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 274.515843] kmsan_report+0x2cd/0x2d0 [ 274.519690] __msan_warning+0x7c/0xe0 [ 274.523582] loaded_vmcs_init+0x343/0x590 [ 274.527796] __loaded_vmcs_clear+0x2fb/0x3c0 [ 274.532265] generic_exec_single+0x17b/0x500 [ 274.536709] ? vmx_get_msr_feature+0x180/0x180 [ 274.541345] smp_call_function_single+0x290/0x500 [ 274.546225] ? vmx_get_msr_feature+0x180/0x180 [ 274.550892] vmx_free_vcpu+0x582/0x8a0 [ 274.554826] ? vmx_create_vcpu+0x7920/0x7920 [ 274.559285] kvm_arch_destroy_vm+0x727/0xcd0 [ 274.563739] kvm_put_kvm+0x100b/0x1cf0 [ 274.567691] kvm_vm_release+0x67/0x90 [ 274.571520] ? kvm_vm_compat_ioctl+0x420/0x420 [ 274.576130] __fput+0x4e8/0xda0 [ 274.579458] ____fput+0x37/0x40 [ 274.582761] ? fput+0x3e0/0x3e0 [ 274.586078] task_work_run+0x467/0x500 [ 274.590016] get_signal+0x2198/0x2390 [ 274.593856] ? vmalloc_to_page+0x57d/0x6b0 [ 274.598153] ? kmsan_set_origin_inline+0x6b/0x120 [ 274.603030] ? __msan_poison_alloca+0x17a/0x210 [ 274.607742] ? do_signal+0x1d6/0x2da0 [ 274.611574] ? prepare_exit_to_usermode+0x293/0x470 [ 274.616628] do_signal+0x1ed/0x2da0 [ 274.620310] ? kmsan_set_origin_inline+0x6b/0x120 [ 274.625200] ? __msan_poison_alloca+0x17a/0x210 [ 274.629912] ? prepare_exit_to_usermode+0x53/0x470 [ 274.634885] prepare_exit_to_usermode+0x293/0x470 [ 274.639772] syscall_return_slowpath+0x112/0x880 [ 274.644559] ? fput+0x38d/0x3e0 [ 274.647901] ? __se_sys_ioctl+0x239/0x270 [ 274.652098] do_syscall_64+0xe4/0x100 [ 274.655943] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 274.661158] RIP: 0033:0x457579 [ 274.664383] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 274.683312] RSP: 002b:00007f41b1e64c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 274.691060] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000457579 [ 274.698360] RDX: 0000000020000400 RSI: 000000004020ae46 RDI: 0000000000000004 [ 274.705648] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 274.712937] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f41b1e656d4 [ 274.720223] R13: 00000000004c8540 R14: 00000000004d03c0 R15: 00000000ffffffff [ 274.728482] Kernel Offset: disabled [ 274.732125] Rebooting in 86400 seconds..