[?25l[?1c7[ ok 8[?25h[?0c. [ 45.735320] kauditd_printk_skb: 4 callbacks suppressed [ 45.735341] audit: type=1800 audit(1539130905.781:29): pid=5789 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 45.760488] audit: type=1800 audit(1539130905.781:30): pid=5789 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 48.652478] random: sshd: uninitialized urandom read (32 bytes read) [ 49.028543] random: sshd: uninitialized urandom read (32 bytes read) [ 50.903795] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.123' (ECDSA) to the list of known hosts. [ 56.571419] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 00:21:58 fuzzer started [ 60.652155] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 00:22:02 dialing manager at 10.128.0.26:44001 2018/10/10 00:22:02 syscalls: 1 2018/10/10 00:22:02 code coverage: enabled 2018/10/10 00:22:02 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 00:22:02 setuid sandbox: enabled 2018/10/10 00:22:02 namespace sandbox: enabled 2018/10/10 00:22:02 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 00:22:02 fault injection: enabled 2018/10/10 00:22:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 00:22:02 net packed injection: enabled 2018/10/10 00:22:02 net device setup: enabled [ 64.661913] random: crng init done 00:23:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffdc6, 0x0, &(0x7f0000000440)}) [ 148.302831] IPVS: ftp: loaded support on port[0] = 21 [ 150.035791] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.042503] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.050352] device bridge_slave_0 entered promiscuous mode [ 150.153587] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.160117] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.168253] device bridge_slave_1 entered promiscuous mode [ 150.270243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 150.372689] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 150.711447] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 150.821656] bond0: Enslaving bond_slave_1 as an active interface with an up link 00:23:31 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000000)={0x100000001, 0x2, 0xffffffff}) [ 151.009526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 151.017980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 151.526095] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 151.534036] team0: Port device team_slave_0 added [ 151.577226] IPVS: ftp: loaded support on port[0] = 21 [ 151.680169] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 151.688114] team0: Port device team_slave_1 added [ 151.920759] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 151.927932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 151.936524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.179940] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 152.187054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 152.195549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 152.303461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 152.310971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.319558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.455319] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 152.462937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 152.471468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.220932] ip (6076) used greatest stack depth: 53056 bytes left [ 154.349305] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.355811] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.363828] device bridge_slave_0 entered promiscuous mode [ 154.529637] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.536276] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.544202] device bridge_slave_1 entered promiscuous mode [ 154.688665] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.695325] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.702238] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.708651] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.716855] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 154.743276] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 154.852681] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:23:35 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x800000000002) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) [ 155.438612] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 155.644641] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 155.703882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 155.884882] IPVS: ftp: loaded support on port[0] = 21 [ 155.921351] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 155.928430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 156.140608] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 156.147774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 156.799557] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 156.807401] team0: Port device team_slave_0 added [ 157.033787] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 157.041562] team0: Port device team_slave_1 added [ 157.324355] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 157.331499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.340200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.490861] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 157.497929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.506496] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.741498] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 157.749167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.757801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.991990] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 157.999517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.008235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.564210] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.570743] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.578697] device bridge_slave_0 entered promiscuous mode [ 159.769515] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.776286] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.784370] device bridge_slave_1 entered promiscuous mode [ 159.979749] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 160.163888] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 160.482826] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.489391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.496276] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.502735] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.510829] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 160.812012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.841661] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 161.028704] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 161.284865] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 161.291987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 00:23:41 executing program 3: ioctl$int_in(0xffffffffffffffff, 0x40000000af01, &(0x7f0000c97ff8)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000001c0)="66b80829a5710f23d00f21f86635300000030f23f8ba200066ed66b9c40800000f3266b98704000066b89b00000066ba000000000f30f30fbdc92ed2770c0f01cb0fc71fb800008ec0baf80c66b85fe6228b66efbafc0cec", 0x58}], 0x1, 0x54, &(0x7f0000000240), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 161.529914] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 161.537119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.169443] ip (6281) used greatest stack depth: 53040 bytes left [ 162.275166] IPVS: ftp: loaded support on port[0] = 21 [ 162.431247] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 162.439216] team0: Port device team_slave_0 added [ 162.694699] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 162.702776] team0: Port device team_slave_1 added [ 162.983177] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 162.990169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.998587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 163.279532] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 163.286843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 163.295337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 163.566210] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 163.573800] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 163.582667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 163.874577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 163.882320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 163.891141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 165.185162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.414640] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 167.453467] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.460103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 167.467088] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.473624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 167.482193] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 167.607237] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 167.613775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 167.621433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 167.685945] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.693054] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.701183] device bridge_slave_0 entered promiscuous mode [ 167.986638] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.993358] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.001531] device bridge_slave_1 entered promiscuous mode [ 168.132286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.322594] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 168.585188] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 168.870449] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.510558] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.802647] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 170.054893] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 170.063480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.326424] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 170.333531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:23:50 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b707000001000000487000000000e0ff48000000000000009500000000000000"], &(0x7f0000000300)="4f50431c4e4c0000eb0000000000000000"}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0xe, 0x5d, &(0x7f0000000380)="580f428c480546fef2a15da7804b", &(0x7f0000000580)=""/93}, 0x28) [ 171.370716] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 171.378722] team0: Port device team_slave_0 added [ 171.726805] IPVS: ftp: loaded support on port[0] = 21 [ 171.757440] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 171.765308] team0: Port device team_slave_1 added [ 172.130323] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 172.137439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.146159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.509759] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 172.516999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.525786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.942546] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 172.950061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.958729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.356052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.391324] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 173.398971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.407774] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 174.753172] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 176.157312] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 176.163791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 176.171567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 177.414380] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.604631] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.611121] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.619554] device bridge_slave_0 entered promiscuous mode [ 177.755367] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.761912] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.768769] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.775308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.784272] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.863147] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.942993] binder_alloc: binder_alloc_mmap_handler: 6706 20001000-20004000 already mapped failed -16 [ 177.995059] binder: BINDER_SET_CONTEXT_MGR already set [ 178.000448] binder: 6706:6711 ioctl 40046207 0 returned -16 [ 178.053336] binder_alloc: 6706: binder_alloc_buf, no vma [ 178.058934] binder: 6706:6708 transaction failed 29189/-3, size 24-8 line 2970 [ 178.081321] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.087924] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.096174] device bridge_slave_1 entered promiscuous mode [ 178.104362] binder: release 6706:6708 transaction 2 out, still active [ 178.133696] binder: send failed reply for transaction 2, target dead 00:23:58 executing program 0: rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x4) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x18e) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x10000, 0x0) ioctl$NBD_CLEAR_QUE(r1, 0xab05) r3 = socket$inet6(0xa, 0x80003, 0x2c) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e20, @broadcast}}}, &(0x7f00000002c0)=0x84) fcntl$addseals(r0, 0x409, 0x1) r4 = getpgrp(0x0) ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f00000001c0)=r4) fcntl$setown(r0, 0x8, r4) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) sendmmsg(r3, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f00000009c0), 0x3e8, &(0x7f00000000c0), 0x0, 0x8dffffff00000000}}], 0x40000000000026a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000300)={0x1ff, 0x2, {0x2, 0x3, 0x2, 0x0, 0x8}}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r5 = getpid() r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2000, 0x184) perf_event_open(&(0x7f00000000c0)={0x5, 0x70, 0xac0, 0xfb, 0xdd7d, 0x6, 0x0, 0x1f, 0x1000, 0x2, 0x0, 0x7ff, 0x8000, 0xfffffffffffffffe, 0x5, 0x6, 0x0, 0x100, 0x2, 0x9, 0x80000000, 0x0, 0x0, 0x0, 0x1000, 0x68a, 0x0, 0x1, 0x2, 0x31, 0x0, 0x9, 0x1, 0x7, 0x1, 0xffffffffffffff7f, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x1, @perf_config_ext={0x0, 0x1b54}, 0x1021, 0x5, 0x1, 0x7, 0x80, 0x2a1, 0x8}, r5, 0x0, r6, 0x0) [ 178.522331] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.667395] hrtimer: interrupt took 33452 ns 00:23:59 executing program 0: rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x4) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x18e) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x10000, 0x0) ioctl$NBD_CLEAR_QUE(r1, 0xab05) r3 = socket$inet6(0xa, 0x80003, 0x2c) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e20, @broadcast}}}, &(0x7f00000002c0)=0x84) fcntl$addseals(r0, 0x409, 0x1) r4 = getpgrp(0x0) ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f00000001c0)=r4) fcntl$setown(r0, 0x8, r4) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) sendmmsg(r3, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f00000009c0), 0x3e8, &(0x7f00000000c0), 0x0, 0x8dffffff00000000}}], 0x40000000000026a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000300)={0x1ff, 0x2, {0x2, 0x3, 0x2, 0x0, 0x8}}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r5 = getpid() r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2000, 0x184) perf_event_open(&(0x7f00000000c0)={0x5, 0x70, 0xac0, 0xfb, 0xdd7d, 0x6, 0x0, 0x1f, 0x1000, 0x2, 0x0, 0x7ff, 0x8000, 0xfffffffffffffffe, 0x5, 0x6, 0x0, 0x100, 0x2, 0x9, 0x80000000, 0x0, 0x0, 0x0, 0x1000, 0x68a, 0x0, 0x1, 0x2, 0x31, 0x0, 0x9, 0x1, 0x7, 0x1, 0xffffffffffffff7f, 0x3, 0x2, 0x0, 0xffffffffffffffff, 0x1, @perf_config_ext={0x0, 0x1b54}, 0x1021, 0x5, 0x1, 0x7, 0x80, 0x2a1, 0x8}, r5, 0x0, r6, 0x0) [ 178.966814] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:24:00 executing program 0: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'syz_tun\x00', 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) r3 = memfd_create(&(0x7f0000000040)='syz_tun\x00', 0x7) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f00000000c0)={0x1, 0x820a, 0x7, 0x5, 0x0}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={r4, 0xcf23}, 0x8) bind$packet(r2, &(0x7f0000000080)={0x11, 0x1b, r1, 0x1, 0x0, 0x6, @remote}, 0x14) bind$packet(r0, &(0x7f0000000240)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_emit_ethernet(0xe, &(0x7f0000000180)=ANY=[@ANYBLOB="400000000600f22b351391fb3dc1303aae68640f42e92921"], &(0x7f0000000000)) [ 179.986579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.252644] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.545082] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.552238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 00:24:00 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000140), 0x1c) mlockall(0x2) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100), 0x28) sendmsg$nl_route_sched(r0, &(0x7f0000000700)={&(0x7f0000000040), 0xc, &(0x7f00000006c0)={&(0x7f0000000200)=@newqdisc={0x24}, 0x24}, 0x11}, 0x0) [ 180.869010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.876311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:24:01 executing program 0: r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x100) write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0', [{0x20, 'eth1md5sum/cmime_type'}], 0xa, "e23ca5a52c10cf7f3b76ea21ef8860c8420b8474085676e30a84f0b29d8b900346a2d61468061fea87f9b146274ea3a20c9acca429a2454e50bcb1767a3b608832dba41654d13820689292af90911685a3a22ad0bf74b58029037b26e4a279685c4fe3fcc2436526bffecf5003e743559d96df7bb33b8373222cc3096dc57abf51259991e888ecd19850c91d4139add7ab9abb539c6e69a76ff4318d53b65c782f13042d6eca78852f"}, 0xca) r1 = socket$netlink(0x10, 0x3, 0x1f) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="390000001300090468fe0704000f00000000ff3f03000000450001070000001419001a0015000a00070008004000000800005d14a4e91ee438", 0x39}], 0x1) write$binfmt_script(r0, &(0x7f0000000200)={'#! ', './file0', [{0x20, '#! '}], 0xa, "b09b4c360911eb3aac96266c58e74bb1c2ec486e3e31a8c3f43642aa4955923c4347fc4be6355d8675bb985d4fcd903eeaf10ac460d038edb3a061a44eea95c4db910d7a77ec47d4366bed6e4073930bd49ca708a1e9519ea859a2eb0738508e23f4f64ca98bb4df333bad692d96e48967318d7d32350056d7d5eb9893dccffe777483354eee818f95baad208725fafb90eae867ac5dc17a1ebfc48b316389b4450ada67ca7dd5223362acca6348d3a172e6417cc9657ca6b741864735d541fe1c4c80478f5e3689d2b1adab10a4a84cd30b8bac917cd112140dc51027eda7961c26e215dffb2ed36ac0d0a58d2f1e945a41f51fdadb153de555128222d198c3b888a87c19e696e0dd13120432cc5d680bb4666e48be1b5e2299bf60c627cdc1c5adf8c40af657974fcc86072b6c2463238c60e32fa58150b1abce2a598d8ec179985a6fd3a2ba610ff02c84bd38cb953f1d42cdd7b03329eeb8c1d66db06ef744eeb8b998aa5473e9a02aefa2a41e62691c5f5731c172fdbabb249fda2f86f5c1cba914d479616900b912903dbfed9f7eb3eb6e563e77e257d7c632958f7b70df9a6fd91a4ae8517d65629a9f9969a89fcd048caef1cb79c440fd786f8dea19f0c3a2f2f243a0dd2ee91d2b5d89a67a1e85de12f61ff04c0f7554d77cd0185eccfd0e07d3761f4b7a715da90dea300dbddc24b165e3e371290756b020416ba1087d6db82948a08ffd367aab130a5a849450d9719a5a1f43b789adce58cf3bc6107aa998fb9c7578d752adc48e34f24646f5f58a9b489751c2d67226e1bb4380d1cfb7193e39d98c32e9f1c6080e9ffc83ce13cfea1c068fdeeaebfae61add7b318c544bdfc2eadfc0152519beb96231e48d5cf6ea406d49a92c4b734434e161aa6567468c8f47e7b95219746d6b6e70e7cb8f0ae40c671409615e607bd384c8318c2e625a9e12ad4d444506a5289b4f0d86a310c36be891ab20506ad3f0288d9d951aad1763d1ffb571a92a0e5416524a7d40d428f39a78b31a81b0082d881eeea2bb2d0178ae8507bc96dbfd77cba949b564bb6494f03d0b3efc8e0c969f76189843ef2f3b0516d4d5d2baf9f4e2dd8749f9361da5ee58d1837eb080550977d0159868cfd0e4f1f56435be72001b0ed19b273a14cdaf89859c62d5b136cb0e6c290ad586ca1c0112937bff55ff509dc2c6ef92f55476bfe1446b1497a1d157842c4b2cb580fce4a3f1ee1dc64482e83098fa9d09fa210d797f75eb418c7a27dedd5266ed42d8bc152f3377e0699805ee0b4997eb0edff992877d7201fc2ce709413b63ac9e6e760536e51b984669c4e6735905138ec700660e1ab3b71320df3ec5403cbb17ded232d60ff20ff15391a9fcec4b6f89618bbada11845a9449d81df491144e8a5d9b31c5aabf70f5cc07d1da10126b795a055dcdef2b6b78e8ab44b88f7e054de66ea36dd99c28763e3e441c24f2e1fbb5ca56d24e4247e30dd2a12a3cec7abd821c41eeafdb3927cf28fcaf288f88c01df3664a3cb18e8a5ee80be0a2fab1341829fbe3466fbfe24388ea90db70b9693c450869449c40c0a1581b2f7e18da96e373f55cf07f1ff22566a85d9de587d4c3b46d51c047ec010b9363d930f6397f73f85f2644042033d2c01dd467edaf84949b938855153323e96ad4a52587d0c59b12e2844d8581a1f8b0b61c10257fb32e4d61f030cc3675c29a503abe39c8fe6e87158b28d86d1945046d9bbc2b7d296188fe7d495427f053fdf7114379dbb7711aded44e7fefc80530a3adfe7521b59f67fc90252692f4befe93ff3c6bb07e27a84aa3d3945407c8f532e7c952eaeede928ef3d8ad8c5003dbd45eca3c55b2fa6b3c00fc5d965e36584fe2fe64e015353536c39eb709c245becab8dd2908364525b0fd2539285a34a79e709b078fa2712368f77152065f595b202e800aacbe80111bdb233d90239e29a215669cbdc8eeb5f7740c71d42869f67b41c66db66bc6b918a20f3248080fdc2e8b1445c3e808f995c2fbf63aeb423ee927a9edb8cc86a62f0e88aa1583c1ac30c3371adb46847c564d98e52752f97cdc0149c6a57c97d13f4f0ef610b95ef2334bd7c833e90be7078b766964e74124e1bf01a96d55e677b732f52abdc0f5410840a82f87bbb004a25b47507b1bb00e71df10ab148f2ca49de2acbe6dfbb9a471ed0550f9787e8db765578aa875e606ba7224846ac9c010689ee6e79edfe2add8c1aa3ac5b73eb5454e8457f2df36544de1f64cef3db067fbe1820facd6ca1798dbcb48a3623ca2f29f2991b1100578602defa15475101491429399c8449d9d77452161066189d7e36a1d6b219ef53f53de01e15940e42fa3a64f4698a35065a6a3d04e2dd45e2d0355539dbda6f01bbdd185c579dc1203dcdb32bbd87e732ccfc5976257f5118f1074abc96bb7dcdddbafdb12b1bfb97ad947cdb8d74cb8a1da7ae7d09a69310422ff97fbf71b4cc2cc64411147a7e26b0e4b8f969d37a85ef849adb12e01f179ff0d48284da72acae72ec878f423cd9288f0e1c8f274cc662b8204905f43dd8d94cdafe2342f9609df3026cd4e67ff9419df3dc4a4ed7953a2769da1aecb51bf8eb2f30ed8f2dddabe1b3a85f137d21c8994cd731ff80fda014b5718028ea5acf7210715036bd45d16d5467cc7ca0b8746c6337d987a0637602980d98f32079f086aef20eacc2072fb4281761301ccc5d7e0c7b3c958f745215143e1f68f761bf2425d5909dd621b1e83cdd88573f90e2a298e7cf7f14e8e8b58d81568eb007bfb4d2e381b32d9945b4fcf4321d8062c6a34b13cec09e07ef2424b99da9f74b1eee6b8a1e0404333e3a0e89e3c612349a73231df0307f87b4de0a905fa50a0782d0a41ca82df759285a237657db4a8208887b85dac0f535b8e1f48a4be799f24e021d6081aebf1a8687448aa0df6141cdca3c4bf9b9322ca55b6f95ab7594f071f9049a2abe5115b13a4200af7944308f283dcb0cece34e61b664bc241a23b7478d1e5498fcf0681b912f76ca72e32428fa3df7510bd10454b1c2540f44658c2ec9d51dbf27f80c1aa84adeba24f43703dee528e00cd79f933a57c472e52b612135c37ba9200ac4427189e321fa7f671fc75510a2fd3f4faf6e9cc703bc116ebae53ba408dfd6aafbb7afa2c8a79ff92bd8fe7f67db9cf51da7cb0d6a5aaafe996879fd3dbe249335df424a5d9bfcf18573e2c514531a6e9d7b3ee16729b8e269efad0ee86f322b54cd3a623e20c547c535fc61a48f60c44571d058f5a8f44b9943451231489ec2f0a6a31fa6478f3796badd9ad55d38dcb235045e3133efb371b749ebbdbe855ee2e97c841019ac55d52af27e6d954430aa4c0554e0ce80d42153aac2a58f8991b14e3de3fe50e35c4645999d7bd5b363103bea356af84bbc7103e8514a4a7c6ef7672ea73a8f4da72a22a61f5c96cd3223847255bb7f30fd12231fc2a80dda838156e2b6d7e006e40a6e0cf56b2a2dbae8f7e30a0c0c454ee92048a557503310bd03d65933b46485cb2e1d152ba9334cad83c54895f921807fcadb0d2c39d2bca935bf3c4d7717086ca5e3a692bd2286b84a0d61a3450dbc25ab497362fa74cc56da48c73896baab84f2d77c7e0d481ad0e25e80e0ee28850ca8297e14c228a67942761276761bbaeed46703d2df407de7256030c99d929e25f244fbaee9907706b0bee81443688a26a4d53a1c2d463a3ced89dc291a212f267947aa9c54fe6c8acdc26d303b50996cacd975839ab54273b5d889db8853315e63a62b4c2ae049fa64b68b04dc3a1986ad4fe21a7c6711ca56fcca2cdf7fbfa02ebcc0ddadbc8e6c758521df0fafc0155ffe1cbf9b5c4c39e60316c10b974e7118c295f26b82394c087ebd8cef307e39172799b1285497d28f57d5ada940835fa04bdc4d23b55de4e8528f6d9a20356f64e3bb0a03c975e7010a221168e8483e20118cd69d7164f8323d3f5c22bc1d838acbfc60a24a243af3915c735a057580c0a6d05c54a833d28085273870e7445dfb278149a1b7365e344fd06d1164b52368c1a4b20762865d396fbddcc69f181208c7695eb9583de235a22611cd25d279d3a3bd994e58aaf7675fb7fcfe61e66512dafc39fd1943ee6b16b8162486e9eca1bf1ace125db5e926c57ec16acff9ec3bfe8b7874f7927f0eb2f7bee48fbbc0c088fda09fdb5a0b46eb0ce3c92554daa29d2a6611ee56da61ca75e06fe3d123b01293ac493d1d8a77d9f177a457ed940aa63e6ba5dea275263de9a5d89ba172117861e42d975bfef1269264eb406ab5f5bf98731a55e8d2674e1dfeae8742587f379bc8e4874accc9b7e212285ce2b64b258cb6f4485a6ceb4c393ba161954dcc20135ca3b30728015cc500e7efc0939dd5d2899f9145c7a7c92b106a01670f28f853cb2c5e607c0d709d478419d15b171f5451d48e1ac05a9b1302da72c4c36b8c2a53d385bf082b0ceacccc78bad5415021bae169299d45f8309625736e9e8e90efbe62a39286547d8d2e21ef75be43b591ea1e9044db59679f1c5408e5ec3137ad7518ec0e533de6d73b277ea65095fa952ae6ca08478513042704f85bce225d398f648e69149cdf0aa140f9407e0d35a63e518ba0c362f1b589cad5a6413a35f2695befd9073ba132b5efe2125eb1f392ee5b4f61b2ebcb5371d49af09962c69d462f98b25e57892d1d9e6eac92469be7371520b130dfd078edb976ce0b78e117f8493d9462db98c9286c1f9abc6565e14bb13b95868fe6fa6e417b3f60ef7a12f63eed863e2a2726b5409f70cbf2e4025794a24561763f81f62fcc58017ca3e5f1d349865d0d89f735bef7f64f8f57fcccae07c0a299777034c231f97b7c21ac7663253baa226d30b17d69d169c61fea9175a8f1d6d624daae82d712de8fe877995c94ed7e3b073455ab7c1afea3aa8666dd46ce43f56408a46109e88a045393e37391c17f973d000298fb5d7ea91e8736a8a86cc43b44e52f382ad5f23d1803c89c1774d798d1b31059b4c1e24fc5ae6760ee6ed7ca236027359bb2e2d7bfa432b9a54aa89df8bf1ca72975a3269d3cbf2486632428cd798cf16f926cb4ea38206432bb291ad1482d35970ad8b1b74ccdd6eba2ca90b53e91c41d81bc34d75a0ed30d3a96bd124bd5bebc21352087ed2d4c17bffd7c3815d54c82e7eff38eace6dedf6f1f295841ba5312729327095aea3a3da6619946c598975435c27fa2a4908fa52fc1ff6e88582492d597414eab3c17a8ecd3634d8d9ab2d4790a6219db06ffe6150f47637c5ec8543229fde44a5c17776548194e1a1ec8603f768ade0e69ec8c4ef940e020c51d1bdf39da261e754cad2f1767c7d32575f799ec0f98dce9da3b2ec131c863071eade929a7cf021268d0e2ce3f37ee17194fa10319ed3ac7536f41acce916e97a5ebfc58dd7cda9b0cc1ecdfbba21fb414f2f7a7f0601c913d9d9afff3237eba7641ed9f926b1899bc15061e2ac05b1302ebe8450ea410a8bdaff2ee6bd36b1e83d66c43bfc7b5a55e34b0265200942070bf4583fbcdce1cc60e7617769955b443e9253e8beab5c21780104eff92460b21211deb744ef19427dea0820a626f31b83210ab2850ee65dc253bbfb8e9dcc9c36403b5016444ea19add7070a99f2ce2a23a06bee64616fb935579b3ed969ac1b2055becde3d62d959dc462d20073d906cebfcece779aac61ad2ee870c124e30706875b5b769c719a885751849889509f57615ffbea2a5292dc01f4e61c66f5ee217c69122f685ea7565f1"}, 0x100f) 00:24:01 executing program 0: r0 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x4, 0x400) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={r0, 0x50, &(0x7f0000000140)}, 0x10) ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f00000000c0)=0x2000000000) r1 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PPPOEIOCDFWD(r0, 0xb101, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000040)='\'\x00') rmdir(&(0x7f0000000100)='./file0\x00') [ 181.875016] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.882964] team0: Port device team_slave_0 added 00:24:02 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x7, 0x0) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000080)={0x4, 0x0, [0x0, 0x0, 0x0, 0x0]}) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000100)={0x0, 0x0, 0x5, &(0x7f00000000c0)=0x69f}) socket$kcm(0x29, 0x7, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000140)=@assoc_id=0x0, &(0x7f0000000180)=0x4) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f00000001c0)={r1, 0x80, 0x30, 0x9, 0xffffffff}, &(0x7f0000000200)=0x18) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000240)={0x10, 0x29, 0x5, 0x17, 0x5, 0xffff, 0x5, 0x67, 0x1}) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f00000002c0)={0x0, 0x5, 0x100, &(0x7f0000000280)=0x100000000}) r3 = getpgid(0x0) move_pages(r3, 0x4, &(0x7f0000000300)=[&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil], &(0x7f0000000340)=[0x6, 0x9, 0x5], &(0x7f0000000380)=[0x0, 0x0, 0x0], 0x4) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f00000003c0)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1}) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000400)) socket$pppoe(0x18, 0x1, 0x0) getsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000440), &(0x7f0000000480)=0x4) r4 = inotify_add_watch(r0, &(0x7f00000004c0)='./file0\x00', 0x80000028) inotify_rm_watch(r0, r4) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000500)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$FUSE_WRITE(r0, &(0x7f0000000540)={0x18, 0x0, 0x2, {0x800}}, 0x18) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000580)={0x7, 0x3, 0xa4, 0x0, 0x0, 0xffffffffffffff01, 0x853, 0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7d6e, 0x5, 0x800, 0x643734d6, 0x0, 0x2}) r5 = msgget$private(0x0, 0x101) msgctl$MSG_INFO(r5, 0xc, &(0x7f00000005c0)=""/151) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000680)=0x26ae, 0x4) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f00000006c0)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x1000, 0x1}) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000c40)={@empty, 0x0}, &(0x7f0000000c80)=0x14) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000cc0)={r6, 0x1, 0x6, @local}, 0x10) r7 = memfd_create(&(0x7f0000000d00)='cpuset{:\\keyring\x00', 0x4) fcntl$getownex(r7, 0x10, &(0x7f0000000d40)) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000d80)={r2, 0x4}, 0x8) syz_open_dev$adsp(&(0x7f0000000dc0)='/dev/adsp#\x00', 0x6, 0x20000) 00:24:02 executing program 0: [ 182.098639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.190195] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.198138] team0: Port device team_slave_1 added [ 182.515483] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.522562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.530837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.721558] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.728876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.737352] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.004958] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.012487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.020963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.045776] IPVS: ftp: loaded support on port[0] = 21 [ 183.227547] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.269065] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.276592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.285017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.244134] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 184.250573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.258289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:24:05 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000000)={0x100000001, 0x2, 0xffffffff}) [ 185.349384] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.209494] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.216077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.222977] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.229396] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.237488] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.122446] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.128977] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.137062] device bridge_slave_0 entered promiscuous mode [ 187.222780] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.345463] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.351990] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.359847] device bridge_slave_1 entered promiscuous mode [ 187.544659] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 187.717166] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.181123] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.330356] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.506842] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 188.514195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.770807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 188.777970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.343083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.499584] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.507474] team0: Port device team_slave_0 added [ 189.720231] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.728299] team0: Port device team_slave_1 added [ 189.880667] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 189.888682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.897326] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.149609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 00:24:10 executing program 2: [ 190.379729] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.387765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.396379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.406558] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.588137] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.595681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.604344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.218798] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.225432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.233286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.839777] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.531315] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.537849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.545549] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.552041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.560304] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.567272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.761102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.411153] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.557673] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 195.579776] ================================================================== [ 195.587174] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 195.595014] CPU: 0 PID: 7351 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #65 [ 195.602222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.611570] Call Trace: [ 195.614162] dump_stack+0x306/0x460 [ 195.617801] ? vmx_set_constant_host_state+0x1778/0x1830 [ 195.623352] kmsan_report+0x1a2/0x2e0 [ 195.627272] __msan_warning+0x7c/0xe0 [ 195.631090] vmx_set_constant_host_state+0x1778/0x1830 [ 195.636377] vmx_create_vcpu+0x3e6f/0x7870 [ 195.640612] ? kmsan_set_origin_inline+0x6b/0x120 [ 195.645459] ? __msan_poison_alloca+0x17a/0x210 [ 195.650154] ? vmx_vm_init+0x340/0x340 [ 195.654065] kvm_arch_vcpu_create+0x25d/0x2f0 [ 195.658581] kvm_vm_ioctl+0x13fd/0x33d0 [ 195.662570] ? __msan_poison_alloca+0x17a/0x210 [ 195.667255] ? do_vfs_ioctl+0x18a/0x2810 [ 195.671322] ? __se_sys_ioctl+0x1da/0x270 [ 195.675476] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 195.680321] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 195.685379] do_vfs_ioctl+0xcf3/0x2810 [ 195.689283] ? security_file_ioctl+0x92/0x200 [ 195.693790] __se_sys_ioctl+0x1da/0x270 [ 195.697774] __x64_sys_ioctl+0x4a/0x70 [ 195.701750] do_syscall_64+0xbe/0x100 [ 195.705554] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 195.710827] RIP: 0033:0x457579 [ 195.714023] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.732939] RSP: 002b:00007f8fe8f64c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 195.740648] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 195.748092] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 195.755371] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 195.762643] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe8f656d4 [ 195.769911] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 195.777187] [ 195.778814] Local variable description: ----dt@vmx_set_constant_host_state [ 195.785833] Variable was created at: [ 195.789638] vmx_set_constant_host_state+0x2b0/0x1830 [ 195.794928] vmx_create_vcpu+0x3e6f/0x7870 [ 195.799156] ================================================================== [ 195.806511] Disabling lock debugging due to kernel taint [ 195.811959] Kernel panic - not syncing: panic_on_warn set ... [ 195.811959] [ 195.819337] CPU: 0 PID: 7351 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #65 [ 195.827908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.837446] Call Trace: [ 195.840211] dump_stack+0x306/0x460 [ 195.843849] panic+0x54c/0xafa [ 195.847076] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 195.852532] kmsan_report+0x2d3/0x2e0 [ 195.856344] __msan_warning+0x7c/0xe0 [ 195.860164] vmx_set_constant_host_state+0x1778/0x1830 [ 195.865452] vmx_create_vcpu+0x3e6f/0x7870 [ 195.869689] ? kmsan_set_origin_inline+0x6b/0x120 [ 195.874533] ? __msan_poison_alloca+0x17a/0x210 [ 195.879216] ? vmx_vm_init+0x340/0x340 [ 195.883114] kvm_arch_vcpu_create+0x25d/0x2f0 [ 195.887618] kvm_vm_ioctl+0x13fd/0x33d0 [ 195.891611] ? __msan_poison_alloca+0x17a/0x210 [ 195.896288] ? do_vfs_ioctl+0x18a/0x2810 [ 195.900357] ? __se_sys_ioctl+0x1da/0x270 [ 195.904515] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 195.909367] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 195.914220] do_vfs_ioctl+0xcf3/0x2810 [ 195.918125] ? security_file_ioctl+0x92/0x200 [ 195.922726] __se_sys_ioctl+0x1da/0x270 [ 195.926714] __x64_sys_ioctl+0x4a/0x70 [ 195.930617] do_syscall_64+0xbe/0x100 [ 195.934432] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 195.939622] RIP: 0033:0x457579 [ 195.942823] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.961728] RSP: 002b:00007f8fe8f64c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 195.969444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 195.976709] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 195.983975] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 195.991332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe8f656d4 [ 195.998599] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 196.007196] Kernel Offset: disabled [ 196.010824] Rebooting in 86400 seconds..