[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   62.969901] audit: type=1800 audit(1542941174.011:25): pid=6602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   62.989128] audit: type=1800 audit(1542941174.011:26): pid=6602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   63.008609] audit: type=1800 audit(1542941174.041:27): pid=6602 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts.
2018/11/23 02:46:30 fuzzer started
2018/11/23 02:46:35 dialing manager at 10.128.0.26:36751
2018/11/23 02:46:35 syscalls: 1
2018/11/23 02:46:35 code coverage: enabled
2018/11/23 02:46:35 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/11/23 02:46:35 setuid sandbox: enabled
2018/11/23 02:46:35 namespace sandbox: enabled
2018/11/23 02:46:35 Android sandbox: /sys/fs/selinux/policy does not exist
2018/11/23 02:46:35 fault injection: enabled
2018/11/23 02:46:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/11/23 02:46:35 net packet injection: enabled
2018/11/23 02:46:35 net device setup: enabled
02:49:23 executing program 0:
clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x802, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1b)
ptrace$cont(0x18, r0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0xfffffffffffffffc, 0x0, 0x0, 0x3, 0x1})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x1f, r0, 0x0, 0x0)

syzkaller login: [  253.261270] IPVS: ftp: loaded support on port[0] = 21
[  255.657807] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.664461] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.673311] device bridge_slave_0 entered promiscuous mode
[  255.813556] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.820103] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.829019] device bridge_slave_1 entered promiscuous mode
[  255.968111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  256.106958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  256.536004] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  256.681361] bond0: Enslaving bond_slave_1 as an active interface with an up link
02:49:27 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
semctl$GETALL(0x0, 0x0, 0xd, &(0x7f00000002c0)=""/1)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x0)

[  257.585913] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  257.594367] team0: Port device team_slave_0 added
[  257.660389] IPVS: ftp: loaded support on port[0] = 21
[  257.877401] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  257.885625] team0: Port device team_slave_1 added
[  258.157733] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  258.164954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  258.174020] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  258.382543] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  258.389624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  258.398911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  258.579100] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  258.586855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  258.596140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  258.914092] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  258.922069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  258.931090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  261.109944] bridge0: port 1(bridge_slave_0) entered blocking state
[  261.116649] bridge0: port 1(bridge_slave_0) entered disabled state
[  261.125410] device bridge_slave_0 entered promiscuous mode
[  261.394025] bridge0: port 2(bridge_slave_1) entered blocking state
[  261.400528] bridge0: port 2(bridge_slave_1) entered disabled state
[  261.409138] device bridge_slave_1 entered promiscuous mode
[  261.424163] bridge0: port 2(bridge_slave_1) entered blocking state
[  261.430693] bridge0: port 2(bridge_slave_1) entered forwarding state
[  261.437874] bridge0: port 1(bridge_slave_0) entered blocking state
[  261.444438] bridge0: port 1(bridge_slave_0) entered forwarding state
[  261.453457] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  261.655094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  261.899708] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  262.261904] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  262.638186] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  262.825237] bond0: Enslaving bond_slave_1 as an active interface with an up link
02:49:33 executing program 2:
mmap(&(0x7f0000e84000/0x3000)=nil, 0x3000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0)

[  262.995330] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  263.006118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  263.295145] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  263.302693] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  263.829982] IPVS: ftp: loaded support on port[0] = 21
[  264.098735] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  264.107013] team0: Port device team_slave_0 added
[  264.397035] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  264.405318] team0: Port device team_slave_1 added
[  264.618324] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  264.625483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  264.634485] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  264.876759] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  264.884088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  264.893147] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  265.228403] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  265.236353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  265.245935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  265.484864] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  265.492702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  265.501823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  268.235252] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.241969] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.250741] device bridge_slave_0 entered promiscuous mode
[  268.515763] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.522413] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.531144] device bridge_slave_1 entered promiscuous mode
[  268.823731] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.830221] bridge0: port 2(bridge_slave_1) entered forwarding state
[  268.837347] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.843906] bridge0: port 1(bridge_slave_0) entered forwarding state
[  268.853099] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  268.868344] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  268.982448] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  269.166810] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  269.861465] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  270.084747] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  270.384473] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  270.391848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  270.701396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  270.708569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  271.398010] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  271.406244] team0: Port device team_slave_0 added
[  271.643393] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  271.651451] team0: Port device team_slave_1 added
[  271.924834] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  271.933446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  271.942625] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
02:49:43 executing program 3:
openat$apparmor_thread_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x0, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x2e)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000240)='illinois\x00', 0x9)
sendto$inet6(r2, &(0x7f0000000100), 0x0, 0x20000004, 0x0, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000340), 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000040000))
tkill(r3, 0x401104000000016)

[  272.145881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  272.153072] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  272.161934] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  272.439451] 8021q: adding VLAN 0 to HW filter on device bond0
[  272.485956] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  272.493685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  272.502582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  272.826446] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  272.834266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  272.843369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  273.462993] IPVS: ftp: loaded support on port[0] = 21
[  273.793054] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  275.147643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  275.154207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  275.162369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  276.410945] 8021q: adding VLAN 0 to HW filter on device team0
[  276.616943] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.623581] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.630582] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.637225] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.646688] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  276.653649] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  279.147330] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.153997] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.162941] device bridge_slave_0 entered promiscuous mode
[  279.565992] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.572662] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.581324] device bridge_slave_1 entered promiscuous mode
[  279.942273] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  280.262276] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  281.411875] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  281.727908] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  282.005713] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  282.013288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  282.426183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  282.433440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  282.479323] 8021q: adding VLAN 0 to HW filter on device bond0
02:49:54 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="2e8e6d0d66b80500000066b9000000000f01d9f30f7f7b3dba4100ed0f20c06635000000200f22c066b9800000c00f326635000800000f300f3806e8f2afca09180f01ca", 0x44}], 0x1, 0x0, 0x0, 0x0)
socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  283.619415] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  283.627858] team0: Port device team_slave_0 added
[  283.759304] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  284.041326] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  284.049673] team0: Port device team_slave_1 added
[  284.522706] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  284.529749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  284.538738] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  284.704339] ptrace attach of "/root/syz-executor0"[7427] was attempted by "/root/syz-executor0"[7428]
02:49:55 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x89a3, &(0x7f0000000200)={'ip6tnl0\x00'})

[  284.927939] IPVS: ftp: loaded support on port[0] = 21
[  284.978881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  284.986650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  284.995562] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
02:49:56 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x40001, 0x0)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000040)={0x43, 0xc, 0x3d73, 0x1ff, "e9614ce8af37abc06ff43090104d8cd1c7d8d53a4daeb7166af4b433e518c479"})
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @loopback}, 0x10)

[  285.262289] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  285.269001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  285.277117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  285.517927] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  285.525933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  285.535245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
02:49:56 executing program 0:
io_setup(0x6, &(0x7f0000000000)=<r0=>0x0)
io_getevents(r0, 0x2b3e, 0x4, &(0x7f0000000100)=[{}, {}, {}, {}], &(0x7f0000000080))
r1 = syz_open_dev$sndtimer(&(0x7f00000b5ff1)='/dev/snd/timer\x00', 0x0, 0x0)
unshare(0x8000400)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a3)
r2 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x121102, 0x0)
ioctl$TIOCOUTQ(r2, 0x5411, &(0x7f0000000040))

[  285.941370] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  285.949416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  285.958482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
02:49:57 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x400c80, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x200, 0x0)
ioctl$TIOCLINUX2(r1, 0x541c, &(0x7f0000000100)={0x2, 0xffffffffffffffff, 0x100000000, 0x703f, 0x705466f0, 0x20})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000040))

[  286.661096] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  286.979397] 8021q: adding VLAN 0 to HW filter on device team0
02:49:58 executing program 0:
r0 = userfaultfd(0x0)
prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000200)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000011000/0x2000)=nil, 0x3000, 0x8})

02:49:58 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xfffffffffffffff9, 0x1)
read(r0, &(0x7f0000000140)=""/89, 0x59)
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000080)=""/130)

02:49:59 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x200000, 0x0)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000100))
r2 = shmget(0x2, 0x1000, 0x400, &(0x7f0000ffe000/0x1000)=nil)
shmctl$SHM_STAT(r2, 0xd, &(0x7f00000001c0)=""/30)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x1ffd, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_S_CROP(r3, 0x4014563c, &(0x7f0000000080)={0xf, {0x6, 0x7fffffff, 0x1, 0x1}})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x3, 0xf0ffffffffffff}]}}}]}, 0x3c}}, 0x0)

[  288.278500] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551615)
[  288.288231] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647
[  288.339251] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551615)
[  288.348883] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647
02:49:59 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000001780)='/dev/vhci\x00', 0x0, 0x0)
getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f00000017c0), &(0x7f0000001840)=0x4)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000001ac0)={0x6, 0x5})
fstat(r0, &(0x7f0000001880)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
lstat(&(0x7f0000001800)='./file0\x00', &(0x7f0000001900)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
ioctl$VIDIOC_G_TUNER(r1, 0xc054561d, &(0x7f0000001b80)={0x5cfb, "56dcd212127fde6b145dcae3ac137ca08d5fda6b5b6958f8f5cbe932a8f883f5", 0x4, 0x1108, 0x4, 0xc024, 0x16, 0x3, 0x8, 0x78})
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001980)={{{@in=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@broadcast}, 0x0, @in=@rand_addr}}, &(0x7f0000001a80)=0xe8)
write$P9_RSTATu(r1, &(0x7f0000001c00)=ANY=[@ANYBLOB="5d0000007d3371a7a04afdf4b91f0000b58423cd888d1d0001000000000800000000000000008e080000f8fffffa0000000340000000000000080021776c616e315c8f00000a002f6465762f766863690001002c02004c2b", @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r4], 0x5d)
ioctl$sock_ifreq(r0, 0x1000000000008992, &(0x7f00000000c0)={'veth0_to_bond\x00', @ifru_data=&(0x7f0000000180)="3b5ebbb901391860c2a6aeebdbf6afb10abb4a8112653b32394bb6eb5c81bbf2"})
fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000001700)='trusted.overlay.nlink\x00', &(0x7f0000001740)={'L+', 0x3}, 0x28, 0x2)
r5 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe0c7, 0x80000)
sendmsg$rds(r5, &(0x7f00000016c0)={&(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10, &(0x7f0000001380)=[{&(0x7f0000000080)=""/58, 0x3a}, {&(0x7f00000001c0)=""/158, 0x9e}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/205, 0xcd}, {&(0x7f0000000100)=""/68, 0x44}], 0x5, &(0x7f0000001580)=ANY=[@ANYBLOB="58000000000000001401000007000000ff0f000040000000", @ANYPTR=&(0x7f0000001400)=ANY=[@ANYBLOB="0500000000000000"], @ANYPTR=&(0x7f0000001440)=ANY=[@ANYBLOB="0500000000000000"], @ANYBLOB="fcffffffffffffff0080000000000000fcffffffffffffff1f000000000000006f000000000000008000000000000000580000000000000014010000060000000500000004000000", @ANYPTR=&(0x7f0000001480)=ANY=[@ANYBLOB="0100000000000000"], @ANYPTR=&(0x7f00000014c0)=ANY=[@ANYBLOB="0500000000000000"], @ANYBLOB="0400000000000000ff08000000000000ede7453c010000000041000000000000000600000000000000180000a855f9fab2000000000014010000020000005ec40000f4000000580042c3a0b500001401000009000040000000800100", @ANYPTR=&(0x7f0000001500)=ANY=[@ANYBLOB="ba00000000000000"], @ANYPTR=&(0x7f0000001540)=ANY=[@ANYBLOB="0300000000000000"], @ANYBLOB="01000000000000000010000000000000ae8f000000000000010000000000000000000000000000000900000000000000"], 0x120}, 0x20000840)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000001b40)={0x3, "690cfb"}, 0x4)

[  290.532511] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.539064] bridge0: port 2(bridge_slave_1) entered forwarding state
[  290.546169] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.552768] bridge0: port 1(bridge_slave_0) entered forwarding state
[  290.561450] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  291.089782] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.096447] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.105171] device bridge_slave_0 entered promiscuous mode
[  291.462447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  291.505067] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.511541] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.520230] device bridge_slave_1 entered promiscuous mode
[  291.847813] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  291.873567] 8021q: adding VLAN 0 to HW filter on device bond0
[  292.193599] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  293.148887] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  293.190402] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  293.560173] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  293.939514] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  293.947028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  294.275847] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  294.283059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  294.446228] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  294.452738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  294.460494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  295.237203] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  295.245511] team0: Port device team_slave_0 added
[  295.484108] hrtimer: interrupt took 62336 ns
[  295.595941] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  295.604334] team0: Port device team_slave_1 added
02:50:06 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000180)=0x1, 0x4)
mmap(&(0x7f000029b000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0)
getsockopt$inet_int(r0, 0x0, 0xe, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
sendto$inet(r0, &(0x7f0000000000)="98", 0x1, 0x0, 0x0, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x2000, 0x0)
ioctl$PPPIOCGL2TPSTATS(r1, 0x80487436, &(0x7f0000000280)="b045872cd93575d5bd8b1ea073b70cc29c723d8da9c46524309b9cfa9ebe61695e9637b05ca7a5fee30c814f6264233a631c4ac3c604f2bd260127a4635eec64aea2dccc475761ec9a7f92d56550b4a929e391808dce08c00af83cc7d6d8c15fe3dd74525ca229e0192240a43b81")
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f000029b000/0x1000)=nil, 0x1000}, &(0x7f0000000100)=0x10)
pipe(&(0x7f0000000080))
syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x4, 0x0)

[  295.678153] 8021q: adding VLAN 0 to HW filter on device team0
[  295.927339] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  295.934509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  295.943542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  296.218256] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  296.225487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  296.234312] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  296.432224] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  296.441098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  296.450230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  296.695109] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  296.702878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  296.712118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  298.931733] bridge0: port 2(bridge_slave_1) entered blocking state
[  298.938235] bridge0: port 2(bridge_slave_1) entered forwarding state
[  298.945328] bridge0: port 1(bridge_slave_0) entered blocking state
[  298.951867] bridge0: port 1(bridge_slave_0) entered forwarding state
[  298.960265] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  298.967146] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
02:50:12 executing program 2:
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000200)={@multicast2, @rand_addr=0x8f0}, 0x8)
clock_nanosleep(0x2, 0x0, &(0x7f0000000140)={0x0, 0x989680}, &(0x7f0000000000))
ioctl$KVM_SET_CLOCK(r0, 0x4030ae7b, &(0x7f0000000040)={0x8, 0x8})
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0xfffffe, 0x32, 0xffffffffffffffff, 0x0)
tkill(0x0, 0x31)
iopl(0x79e4)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080))
setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0)

[  302.092081] 8021q: adding VLAN 0 to HW filter on device bond0
[  302.690883] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  303.185919] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  303.192689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  303.200519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  303.715736] 8021q: adding VLAN 0 to HW filter on device team0
[  305.623118] 8021q: adding VLAN 0 to HW filter on device bond0
[  306.130749] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  306.646002] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  306.653493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  306.661263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
02:50:18 executing program 3:
r0 = socket$inet6(0xa, 0x803, 0x6)
syz_genetlink_get_family_id$ipvs(0x0)
sendmsg$IPVS_CMD_DEL_SERVICE(r0, 0x0, 0x1)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000300), 0x4)
r2 = openat(0xffffffffffffffff, &(0x7f0000000580)='./file1/file0\x00', 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
syz_genetlink_get_family_id$fou(0x0)
recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f00000002c0)=""/20, 0x14}, 0x100)
sendmsg$nl_route_sched(r2, 0x0, 0x4000080)
write$binfmt_elf64(r1, &(0x7f0000001000)=ANY=[@ANYBLOB="7f454c4600706a5ce1a2ee467d3bca22f507643a066104010000000000000200000000000040000000000000000c02000000000000a6d10000030038000200ffffffff468051e57464030000000300000000000000bc08000000000000f9ffffffffffffffff7f0000000000000600000000000000000800000000000005000000020000006f000000000000000000000000000000ea2b000000000000080000000000000003000000000000000800000000000000f8d1cf6bc8252c025b5f92a84bb4d5efd7201c0b3858f135eeae2dc7f0e87b4cb7c2ebe8e1bf26d90204e8796ae2234ab4507f89e0a927c56e06ac8486242f23306477b3ced713f3ccd7a0f1572c2cfeceaf21bfb67974157e7a4e10510b1d74ca0f796a92f62c8102c33ef139e0cf2ccd4388e8404194afc7dc0000000004a76736e493f5c3e2c8d91d510485793916f26e041f6b30857e8c9b55fe64259328116a71513c065b05319d42f98f000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000008f0000000000000000000000000000000000000000000000000000000000000000000000000000001e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x2e4)
write$binfmt_elf64(r1, &(0x7f0000004ac0)=ANY=[@ANYBLOB="7f454c46004aa1490b8bd421250000050000000000000003003e00060000002c010000000000004000000000000000e1000000000000000500000087003800020002000700ea000200007001000000ea0a000000000000f7ffffffffffffff00000000ffffffff00000000000000000100000001000400010000000000000001000070040000000500000000000000000100000001000000ff0f00000000000000fcfffffffffffff423273d395b5dfe49a633eb0eb0263328129db30c89d614ca312379424593d1149401363a977a2b10bc8394762bab422771360aa38dc889b26829f721e3098b0f80c2f4ee55bcf0df04911af0a6a16e0ab5b5bb1e2227df0cb7b403be567ea3b9adef738dd4b7efbd9e56dfc0dc488a064d4ad246d477bc8fedb6c1fbcdb1469e544a6ac9afa9987b94c8d1209a41a79416931a8f43bd761418a2c47221a2a4d6bee2592cd6eab8fa3ac582965b48d68fb1dde708c9901874b0f1628c0adf0dc15872d102a327e9f073a52942892de4cc87c25e76cde841dd1e09db3f59955450018b682981af9bf3133a078c73b70fa2c611fbf7915b41105bd663e6f7116777b3cb43f260d25a06d22119ca7674f7d9eeb496cccae5ea73758600072b6f0c2a040000002001cb9377fbc132be60c8b0bf6ac0a892b355685d62cb7077a1e889c359d7bfc544111c6ca232e6c6593a0b8f085567b065536d649fea6d4e202255fc1a0dedba780af208b0457ed33958cfd97c0155f59b06d997423bb3b6f3d5e01c8b74030434cacb0e508ef261aff03a72021b6011f6ff05f6070f0bcb7d75cbf1668562cd6599dcf1eac792c47370ac83b2730215d9955f6fa81f59d3209f1deccc28f8c413432d976fe6eb3ae98661de6250e09bcf7b82d0492b349ca022abe346a443d41aa83ba7d2ed5193dda7e9c78769b1430e5a171e12e0fa1d057e1aef4b856ab0f2dabc8b207f09d78e1f83461ccac0b2558732ea70d369973971d2c6d94081f33308b1e4b27a2ce6f45838809407045aa63b07372728d2aabbb752eb506219d82564c7323f73bfc2260fd95e5e8eeca550b29adcca477de69469764858d7aa3ab8afd99e883c43dacae12ac88e7fea5a99df90755e5caf59185794ed6419a22fe36d9070ed6558b090cb871914491e2a135047b729107896b784bf87c941f7b993033898b993c83b8bcec93aed20e900921e8c8e65939b23a0f84c837a71633aad5664665e7f89839258d1477a2e8fceaa9280b9c9dc53b5ed4bd907c3948f04ac1eff961bf3040ae0faed3985bccc355506dfcd52907750828fc988e60aec5b577af9769cebc8d6e87a826826f8362c84fe7ec9e6d3cc39c1b6b6b9005eaaf0d9037fa576757018d3f60fbab576284cd7343e70a4b8143dc67e94c1090b7376eec330f5995c4b3a119646b4a953cf0669d6e52264827bbbae2c7565529a68f46f5e1a23137059867d0192caf6b22e2d74f8fbe12a139bc90a0d12b6acc0a106ba4fc2baf87c254bb540835206fc5f63dbc82581cec68813c331af00086cae971610587c4683d5f1b0dd68b8a419f581f0387cc9d1a435e329a0595d73a4489b1ea23c331ca752bfd46de13faee26e7e2e9b11dd7151883ac8112c0ba049070bcf00881cc0a37395f1a102cddda4b0b903b0233461e70254e6a75b9c29c02fce51b630d5cd58867e5f8e5b47fdb2fb53e0b9485f1079ddb39d7b3ef5d8d37be9a08714575e454274581a8ad758ba53da32d2c893e8a40de0febf31f84016558a9db7c53dec27895d69fa1a34e4b5b856f4d0974a9dd4031e28632a245b921a576f1a19f47d7ba08e9ca94a7ae46c89b379d90e0dfdcffb790586d920ea79f94af735aa51695dfe0c9c73a44b277e877b473b43f5c3a960d7c5e22678ab3f7cf46bdf23cbbd31df613827f8e23f7b2c71be25eab7dbd56f7b426b78f8e5afe72366ffcd05c29b92ad591e35a19df805a2b89b9b87a13109c19ea941e9b9f6ee1c47708870abfda2debce7eae0f356bc896a5a207f6bc3ed4186117e1ae9b861d3a9a94520a6df99fd700c6fc3b82467a1257c2040dd34b2fb30c032224e6b864900f93168e387edaeeedaebf8b7b40d4caaa97c85229e63770ced3382013fd11010d0ee46333666aaec98aacc511c92be9e55eee400c74ab4614552624ad88f5d63b6f87e85826ee7cf6f15418f9712c6d07f36a54f097d9bc48b3035ae569af4753e7831dc520fe4726d0c96d0cb7b45e5ca5002884d38ed8e8ead8d4a7da76f9bcfd848fd27345bec7dd4356ef7b11a0cd3113bd9c581e7e647eddd060553fd6e9194bc07ffc5ca9eb6e9ce36aa545ac0f6e242e381282522481668f05909a69db9c8f417ce2446fb727c11fa8ed3ec6f097fed51414f3286075c414753979f58a70d97539c1215ad15f4f24e9921c3fc4636f4fb616d5b871cbdc9cb27e00245bb2291f767d4c581387a63022c727026043c0180a848edd1c3fffff21c3fe0b11c65caca8941959536882277e3dc9e61da52527a24e2d79a497a80b33b24f1ca184d56ad13194867d7a0a424977b5f256a4643460a03007ccf2abb042c6a8f357e8c67298f4ee68fa10d82aeec9c63884f43927692db04bfa6651a630ff1e945d5c2ceb1552d0cd69830f257e5d2b500e4447f03edc78938d82871b7075be875dee546cd23ae617356f51fe8f1fb11417e63a436d7ca0ecd22fab3719ab5b4a4fa0ac2b6a44002fdddb61f7d6fe2beac291455b144cff1da4cb487c430a42cd6dee2b0752536175bdeb3abf2a393823dddf4567d7a6ac785662eb272ea9ea223e0d63a2d027fc3bfa6da9c1537a5c207c9f2495bd45ee28be938ad3dbdadee778875ba641ceb20f3fb23d57269a4e40e0baea56d0b4247f12ebb7cf6ee0e64b0d521c8636ca845287f752adfde004e37bee0451540bcabf455b43233e287e4ce36ebbf2cf0aa8325b72b90c40cc5bdf77f66b07bf5423a80409e1e95424e2d63c09e621354d87d29d28758c290f29746e00e72e1f6ee9fc93841a7a4ec7420c1d78c09f9355b41c5b6a2e94d84218428a4e4a40bcab84f0cdc9a230101146a11e1f36367b4b5f21e76b5e58c31aec27a47e7ce6c22d29c553f03d0515199b541750e92718c53542cb8c0e4202c89b5bc2a4e3cd4ed1e33ba846b2d2d1c94d2e73327b1d327fe80ff1113634e2e94769b97a1088c2f00001fd26ffbf3b4b92036e960a01efd1eecb0e4cff79c5943cb7f3390757f2eba7406b5c30228494fe25d9d26631795f3b0a16ac6c8c27e37a75bce127c592beed29fe6137efe5ac28a2a89be263d7b121d4eca6d597db794c570055e318e92f17f36e3fcbc68c8233d2f0c433f9e11b2819ade8026682c9c966d13605ba9cfa66d91f8203260ed06d8c53912b2c25be01165ebda24e3b70c4fa4a99c56470ee400000092272d6ba4a0906d5b8df7039b82bf83378b78ce124aca8b7944fffdd65bfca51e33614282fb1738dd43c6b95f2bc5e9b24605ff3fb5a06ece40c2c4a86b93acdde534777d47c5196e7ef7d65ff45606324b402aa6b81afa463f63f96bc442cd25a033b7b6feed08de0f00bccb16c439813c6c4b1d1733bb55a6245a9180ec71a7f31631613c60af161f5ef64493b859a6c4baa9e3811250984db538168b6e033dc13534fe405836921c9178a4f4cb4141f74e366a28b4fdeef59bb22f6f525c493912a044bd99a3b4b86b2834a40437d58d4292a22a730b6a2e5ec7bf358c2016326fff4889d5d5e1beec898a3888d0f4a450d86548a1a9b1cc1bee45e6a4e2c4e0c8d69a51d46190755bd42c1e53d4a1f80010da651d6c500a066afa9c98755acf643ff381af66742c6e091746c77e0f14f2583d6d70339ed50e9da34a0aa8820359872132179f087f16cdaf3636688927e39a857a99f911d08406b6addefa9f895f3b29812234eaf4d5a93b9363fa02a4ee9fe8676811004fabc8121f7639e9f92c0d7f796a6355e984d7a85aadc638b3b17d74fa96eb571516eb1a9fc487e918956411823e1edef555a61ba7d45931457b221bdcc8aaad58e8007497a8846278e0aed68926d3ea9fd96a89ccc89627c86da315c3eb5445bf799df613befe958390660f6c9f7ac02e3187100f18eb3bfacf9662601fc9868329b3524cb8c07850726355bd748f7c51b32e6c4341676cef6af55351e599d196d38d63bf0cd20b85f4bc79a2895b9c5c4d46090b4e1a10394f8ba7201d45d3878dc9b3e7ec3510073424b92a7448f9d8d9c15fff2a1c0e6dde7e6ad83f6243b21c6c14bd1b36e834b9cdc2b09022c0ddad8b5cdedb4ade2e81d79456e11360da181cfce8588814cfefa8bda9ccea60f525df175ec58edf1b0719a37f1cecf5f01b1eac336e8e6292f21690a9038f109031d85b2688fbfcb8ae93a45190b4e959c04cf66261202e5d9904113dfd8bfad578695b96f6035c432b32aeab4769a81eba583d4c1e558c50d6ba8b04d12920a3917b3fe0bf961ff3851ea3c9ce318961578cd4b6124e71e765e951a17a0e0faaa3a73638a24874e9d5a23c599cc02ca1aed22635b11c772c59d37c611de5ac04aa80b89fad8255a5c05b7f7eee2bce192cf9802cbdca70f2728bfa5706300cd42262204e28877e8ae3bae756a22a58b1767605929f35d05c929157c92d14e9f269cee4dd082d60f92b1a5ffc9f8bc9e71374161b308b6bb9fceba51b8a4e0e3b41f40f4960561df1932ed760a8a66fba68541fa677d0cba5cecdf044f2477ba9a326830f441eb950430ef4343ef5f1ca45a58127f6f7e5dd5a97bb5683d311287b8f27d6ad943c472b77cc514d33acc1045ab65c8301c95c5578766e"], 0xd6e)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="ce15e37fa505b652718070")
r3 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x105000, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r3, 0x28, 0x6, &(0x7f0000000480), 0x10)

[  307.139588] 8021q: adding VLAN 0 to HW filter on device team0
[  309.100499] ==================================================================
[  309.107944] BUG: KMSAN: kernel-infoleak in kvm_write_guest_page+0x373/0x500
[  309.115055] CPU: 0 PID: 8109 Comm: syz-executor4 Not tainted 4.20.0-rc3+ #93
[  309.122250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  309.131638] Call Trace:
[  309.134246]  dump_stack+0x32d/0x480
[  309.137907]  ? kvm_write_guest_page+0x373/0x500
[  309.142606]  kmsan_report+0x19f/0x300
[  309.146439]  kmsan_internal_check_memory+0x9dc/0xa60
[  309.151608]  kmsan_copy_to_user+0x7c/0xe0
[  309.155756]  kvm_write_guest_page+0x373/0x500
[  309.160256]  kvm_write_guest+0x1e1/0x360
[  309.164346]  kvm_emulate_hypercall+0x19c9/0x1ac0
[  309.169185]  handle_vmcall+0x41/0x50
[  309.172938]  ? handle_rdpmc+0x80/0x80
[  309.176751]  vmx_handle_exit+0x21bd/0xb980
[  309.180984]  ? vmalloc_to_page+0x585/0x6c0
[  309.185255]  ? kmsan_get_shadow_origin_ptr+0x142/0x410
[  309.190567]  ? vmx_flush_tlb_gva+0x480/0x480
[  309.194980]  kvm_arch_vcpu_ioctl_run+0xaeee/0x12040
[  309.200178]  ? futex_wait+0x942/0xc50
[  309.204003]  ? task_kmsan_context_state+0x51/0x90
[  309.208850]  ? INIT_BOOL+0xc/0x30
[  309.212318]  ? _raw_spin_lock_irqsave+0x320/0x490
[  309.217188]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  309.222691]  ? depot_save_stack+0x398/0x4b0
[  309.227038]  ? __msan_poison_alloca+0x1e0/0x270
[  309.231716]  ? put_pid+0x71/0x410
[  309.235179]  ? kvm_vcpu_ioctl+0x1f85/0x1f90
[  309.239503]  ? put_pid+0x330/0x410
[  309.243057]  ? get_task_pid+0x19d/0x290
[  309.247050]  kvm_vcpu_ioctl+0xfb1/0x1f90
[  309.251125]  ? do_vfs_ioctl+0x184/0x2f70
[  309.255181]  ? __se_sys_ioctl+0x1da/0x270
[  309.259327]  ? kvm_vm_release+0x90/0x90
[  309.263298]  do_vfs_ioctl+0xfbc/0x2f70
[  309.267197]  ? security_file_ioctl+0x92/0x200
[  309.271698]  __se_sys_ioctl+0x1da/0x270
[  309.275712]  __x64_sys_ioctl+0x4a/0x70
[  309.279615]  do_syscall_64+0xcf/0x110
[  309.283430]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  309.288615] RIP: 0033:0x457569
[  309.291802] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  309.310710] RSP: 002b:00007ff8403d1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  309.318426] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  309.325690] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  309.332953] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  309.340244] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff8403d26d4
[  309.347532] R13: 00000000004c034e R14: 00000000004d0d60 R15: 00000000ffffffff
[  309.354811] 
[  309.356432] Local variable description: ----clock_pairing.i@kvm_emulate_hypercall
[  309.364050] Variable was created at:
[  309.367796]  kvm_emulate_hypercall+0x62/0x1ac0
[  309.372401]  handle_vmcall+0x41/0x50
[  309.376106] 
[  309.377746] Bytes 28-63 of 64 are uninitialized
[  309.382403] Memory access of size 64 starts at ffff88812633f3d0
[  309.388453] Data copied to user address 0000000020000000
[  309.393892] ==================================================================
[  309.401252] Disabling lock debugging due to kernel taint
[  309.406690] Kernel panic - not syncing: panic_on_warn set ...
[  309.412589] CPU: 0 PID: 8109 Comm: syz-executor4 Tainted: G    B             4.20.0-rc3+ #93
[  309.421182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  309.430552] Call Trace:
[  309.433189]  dump_stack+0x32d/0x480
[  309.436822]  panic+0x624/0xc08
[  309.440044]  kmsan_report+0x300/0x300
[  309.443874]  kmsan_internal_check_memory+0x9dc/0xa60
[  309.449001]  kmsan_copy_to_user+0x7c/0xe0
[  309.453166]  kvm_write_guest_page+0x373/0x500
[  309.457669]  kvm_write_guest+0x1e1/0x360
[  309.461738]  kvm_emulate_hypercall+0x19c9/0x1ac0
[  309.466557]  handle_vmcall+0x41/0x50
[  309.470274]  ? handle_rdpmc+0x80/0x80
[  309.474118]  vmx_handle_exit+0x21bd/0xb980
[  309.478380]  ? vmalloc_to_page+0x585/0x6c0
[  309.482662]  ? kmsan_get_shadow_origin_ptr+0x142/0x410
[  309.487950]  ? vmx_flush_tlb_gva+0x480/0x480
[  309.492376]  kvm_arch_vcpu_ioctl_run+0xaeee/0x12040
[  309.497478]  ? futex_wait+0x942/0xc50
[  309.501296]  ? task_kmsan_context_state+0x51/0x90
[  309.506140]  ? INIT_BOOL+0xc/0x30
[  309.509587]  ? _raw_spin_lock_irqsave+0x320/0x490
[  309.514436]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  309.519947]  ? depot_save_stack+0x398/0x4b0
[  309.524286]  ? __msan_poison_alloca+0x1e0/0x270
[  309.528954]  ? put_pid+0x71/0x410
[  309.532400]  ? kvm_vcpu_ioctl+0x1f85/0x1f90
[  309.536722]  ? put_pid+0x330/0x410
[  309.540261]  ? get_task_pid+0x19d/0x290
[  309.544249]  kvm_vcpu_ioctl+0xfb1/0x1f90
[  309.548317]  ? do_vfs_ioctl+0x184/0x2f70
[  309.552367]  ? __se_sys_ioctl+0x1da/0x270
[  309.556554]  ? kvm_vm_release+0x90/0x90
[  309.560545]  do_vfs_ioctl+0xfbc/0x2f70
[  309.564446]  ? security_file_ioctl+0x92/0x200
[  309.568943]  __se_sys_ioctl+0x1da/0x270
[  309.572920]  __x64_sys_ioctl+0x4a/0x70
[  309.576813]  do_syscall_64+0xcf/0x110
[  309.580651]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  309.585836] RIP: 0033:0x457569
[  309.589036] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  309.607949] RSP: 002b:00007ff8403d1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  309.615691] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  309.622990] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  309.630288] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  309.637570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff8403d26d4
[  309.644834] R13: 00000000004c034e R14: 00000000004d0d60 R15: 00000000ffffffff
[  309.653165] Kernel Offset: disabled
[  309.656807] Rebooting in 86400 seconds..