Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts.
2018/12/10 20:57:34 fuzzer started
2018/12/10 20:57:39 dialing manager at 10.128.0.26:41043
2018/12/10 20:57:39 syscalls: 1
2018/12/10 20:57:39 code coverage: enabled
2018/12/10 20:57:39 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/10 20:57:39 setuid sandbox: enabled
2018/12/10 20:57:39 namespace sandbox: enabled
2018/12/10 20:57:39 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/10 20:57:39 fault injection: enabled
2018/12/10 20:57:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/10 20:57:39 net packet injection: enabled
2018/12/10 20:57:39 net device setup: enabled
21:00:52 executing program 0:
socketpair$unix(0x1, 0x4000000000002, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000469ffc)=0x7fe, 0x4)
sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e21}, 0x10)
recvmmsg(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x12001, 0x0)

syzkaller login: [  287.933202] IPVS: ftp: loaded support on port[0] = 21
[  289.046948] ip (6864) used greatest stack depth: 53504 bytes left
[  290.351537] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.358255] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.367752] device bridge_slave_0 entered promiscuous mode
[  290.510194] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.516912] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.526139] device bridge_slave_1 entered promiscuous mode
[  290.665303] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  290.804341] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  291.241170] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  291.387640] bond0: Enslaving bond_slave_1 as an active interface with an up link
21:00:56 executing program 1:
recvmmsg(0xffffffffffffffff, &(0x7f0000004540)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002e00)=""/58, 0x3a}}], 0x1, 0x0, 0x0)
sched_setaffinity(0x0, 0xffffffb4, &(0x7f0000000280)=0x5)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x20002, 0x0)
writev(r0, &(0x7f00000023c0), 0x1000000000000252)
syz_open_procfs(0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8001)

[  291.740036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  291.747332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  292.413122] IPVS: ftp: loaded support on port[0] = 21
[  292.430584] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  292.439837] team0: Port device team_slave_0 added
[  292.590484] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  292.599555] team0: Port device team_slave_1 added
[  292.797552] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  292.804828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  292.814415] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  293.036099] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  293.043299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  293.053040] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  293.196024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  293.204122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  293.214049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  293.438436] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  293.446554] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  293.456429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  295.869944] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.876652] bridge0: port 2(bridge_slave_1) entered forwarding state
[  295.884208] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.890808] bridge0: port 1(bridge_slave_0) entered forwarding state
[  295.900784] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  296.172346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  296.269791] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.276513] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.285543] device bridge_slave_0 entered promiscuous mode
[  296.432036] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.438624] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.447803] device bridge_slave_1 entered promiscuous mode
[  296.585390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  296.847187] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  297.452427] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  297.645220] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  297.882094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  297.889192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
21:01:03 executing program 2:
r0 = inotify_init()
r1 = inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
inotify_rm_watch(r0, r1)
write$binfmt_elf64(r2, &(0x7f0000000480)=ANY=[], 0x2e7)

[  298.139417] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  298.146661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  298.963234] IPVS: ftp: loaded support on port[0] = 21
[  299.136315] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  299.145567] team0: Port device team_slave_0 added
[  299.456713] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  299.465941] team0: Port device team_slave_1 added
[  299.741051] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  299.748284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  299.757858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  300.090964] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  300.098208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  300.107740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  300.378361] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  300.386349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  300.395817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  300.621311] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  300.629317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  300.639211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  303.406793] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.413552] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.422739] device bridge_slave_0 entered promiscuous mode
[  303.706378] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.713780] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.722973] device bridge_slave_1 entered promiscuous mode
[  304.000897] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  304.043927] bridge0: port 2(bridge_slave_1) entered blocking state
[  304.050553] bridge0: port 2(bridge_slave_1) entered forwarding state
[  304.057885] bridge0: port 1(bridge_slave_0) entered blocking state
[  304.064578] bridge0: port 1(bridge_slave_0) entered forwarding state
[  304.074572] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  304.103531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  304.326076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  305.238553] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  305.659079] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  305.963549] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  305.970688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  306.255758] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  306.263001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  307.013830] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  307.023048] team0: Port device team_slave_0 added
[  307.185281] 8021q: adding VLAN 0 to HW filter on device bond0
[  307.284677] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  307.293826] team0: Port device team_slave_1 added
21:01:12 executing program 3:
getdents(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002880)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0, 0x36e}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/dev_mcast\x00')
preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0)

[  307.628060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  307.635253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  307.644750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  307.982331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  307.989474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  307.998976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  308.329202] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  308.337081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  308.346702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  308.375487] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  308.663228] IPVS: ftp: loaded support on port[0] = 21
[  308.712773] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  308.720541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  308.730513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  309.730482] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  309.737064] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  309.745543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  311.033707] 8021q: adding VLAN 0 to HW filter on device team0
[  312.651966] bridge0: port 2(bridge_slave_1) entered blocking state
[  312.658581] bridge0: port 2(bridge_slave_1) entered forwarding state
[  312.666017] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.672699] bridge0: port 1(bridge_slave_0) entered forwarding state
[  312.683104] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  312.689842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  314.677032] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.683731] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.693172] device bridge_slave_0 entered promiscuous mode
[  315.078627] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.085378] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.094516] device bridge_slave_1 entered promiscuous mode
[  315.492275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  315.815455] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  316.802598] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  317.111676] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  317.446224] 8021q: adding VLAN 0 to HW filter on device bond0
[  317.469108] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  317.477993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  317.815494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  317.822724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
21:01:23 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
clone(0x0, 0x0, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0x0, 0x0, 0x0)

[  318.793619] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  319.099030] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  319.108213] team0: Port device team_slave_0 added
21:01:24 executing program 0:
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0))
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x6}}, 0xe8)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)
sendmmsg(r0, &(0x7f0000007e00), 0x400000000000105, 0x4000000)

[  319.579763] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  319.588768] team0: Port device team_slave_1 added
[  319.740906] IPVS: ftp: loaded support on port[0] = 21
[  319.997605] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  320.004875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  320.014501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  320.399495] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  320.406784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  320.416686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
21:01:25 executing program 0:
mprotect(&(0x7f0000013000/0x1000)=nil, 0x1000, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x641}, 0x2c)
ioctl$TUNGETIFF(r2, 0x800454d2, &(0x7f0000000040))
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl(r0, 0xffffffffffffffb0, &(0x7f0000000080))

[  320.476021] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  320.482675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  320.491030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
21:01:25 executing program 0:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x1, @random="a14ab814f78a"}}, 0x1e)
fcntl$notify(r0, 0x402, 0x80000012)
r1 = accept4(r0, &(0x7f0000000000)=@generic, &(0x7f0000000080)=0x80, 0x800)
pipe(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r2, 0x40485404, &(0x7f0000000200)={{0x0, 0x1, 0x3ff, 0x3}, 0x3, 0x5})
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000100)={<r4=>0x0, 0x3}, &(0x7f0000000140)=0x8)
perf_event_open$cgroup(&(0x7f0000000280)={0x3, 0x70, 0xfffffffffffffff9, 0x1, 0x8f30, 0x8, 0x0, 0x100, 0x14, 0x4, 0x4, 0x5, 0x6, 0x81, 0x5, 0x7f, 0x188c, 0x100000000, 0x401, 0xff, 0x4, 0x7, 0x10000, 0x5, 0x9, 0xfffffffffffffffc, 0x100000000, 0x800, 0x2, 0x2, 0x5, 0x8, 0x0, 0x4, 0x9, 0x3, 0x8, 0x6, 0x0, 0x8aa, 0x2, @perf_config_ext={0x2, 0x8}, 0x0, 0xa1a, 0x8, 0x3, 0x3, 0x4, 0x3}, r3, 0x8, r3, 0x4)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000180)={0x3, 0x3, 0x2, 0xd32, 0x8, 0xfff, 0x8, 0xfff, r4}, 0x20)

[  320.877927] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  320.885871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  320.895380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  321.256558] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  321.264570] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  321.274030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
21:01:26 executing program 0:
r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
lstat(0x0, 0x0)
lchown(0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fde000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="3a0000000614f000000000009500000000f5ff964d644fb4e03f0d000000000011000000000000006367726f75706d643573287d7b255b0b25a3778fd9e1d36e0000"], 0x3a)
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000100)={0x7b, 0x0, [0x4b564d03, 0x0, 0x48, 0x4]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}, @in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e20, @multicast1}], 0x30)

[  321.677772] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
21:01:27 executing program 0:
r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
lstat(0x0, 0x0)
lchown(0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fde000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="3a0000000614f000000000009500000000f5ff964d644fb4e03f0d000000000011000000000000006367726f75706d643573287d7b255b0b25a3778fd9e1d36e0000"], 0x3a)
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000100)={0x7b, 0x0, [0x4b564d03, 0x0, 0x48, 0x4]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e23, @local}, @in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e20, @multicast1}], 0x30)

[  322.186804] 8021q: adding VLAN 0 to HW filter on device team0
[  322.543960] unchecked MSR access error: RDMSR from 0x48 at rIP: 0xffffffff812ca263 (vmx_vcpu_run+0x63a3/0x7b70)
[  322.554292] Call Trace:
[  322.556990]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  322.562526]  ? depot_save_stack+0x388/0x4a0
[  322.566941]  ? kvm_arch_vcpu_ioctl_run+0xa2c8/0x11ff0
[  322.572203]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  322.577636]  ? rcu_note_context_switch+0x4c8/0x860
[  322.582658]  ? vmx_handle_external_intr+0x250/0x250
[  322.587756]  kvm_arch_vcpu_ioctl_run+0xa357/0x11ff0
[  322.592991]  ? update_load_avg+0x12ab/0x1db0
[  322.597498]  ? rb_erase_cached+0xc32/0x2b60
[  322.602043]  ? __msan_poison_alloca+0x1e0/0x270
[  322.606797]  ? put_pid+0x71/0x380
[  322.610311]  ? kvm_vcpu_ioctl+0x1cfa/0x1d10
[  322.614717]  ? put_pid+0x17b/0x380
[  322.618319]  ? get_task_pid+0x16a/0x250
[  322.622401]  kvm_vcpu_ioctl+0x1063/0x1d10
[  322.626671]  ? do_vfs_ioctl+0x184/0x2d30
[  322.630818]  do_vfs_ioctl+0xf36/0x2d30
[  322.634808]  ? security_file_ioctl+0x92/0x200
[  322.639389]  __se_sys_ioctl+0x1da/0x270
[  322.643459]  __x64_sys_ioctl+0x4a/0x70
[  322.647455]  do_syscall_64+0xcd/0x110
[  322.651365]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  322.656635] RIP: 0033:0x457659
[  322.659907] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  322.678874] RSP: 002b:00007fa03b796c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  322.686669] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659
[  322.693995] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  322.701327] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  322.708759] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa03b7976d4
[  322.716087] R13: 00000000004c0505 R14: 00000000004d1580 R15: 00000000ffffffff
21:01:28 executing program 0:
r0 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2)
ioctl$KVM_GET_SUPPORTED_CPUID(r1, 0xc008ae05, &(0x7f0000000040)=""/108)
perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x0, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, r0, 0x0)

21:01:28 executing program 0:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x480002, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40045108, &(0x7f00000000c0)={{}, {0x0, 0x1a0ffffffff}})

21:01:29 executing program 0:
r0 = open(&(0x7f0000000480)='./file0\x00', 0x42042, 0x0)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000200)=0x1)
write(r0, &(0x7f0000000840)="fc", 0x1)
sendfile(r0, r0, &(0x7f00000000c0), 0x7)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10)

[  325.801857] bridge0: port 2(bridge_slave_1) entered blocking state
[  325.808559] bridge0: port 2(bridge_slave_1) entered forwarding state
[  325.816156] bridge0: port 1(bridge_slave_0) entered blocking state
[  325.822829] bridge0: port 1(bridge_slave_0) entered forwarding state
[  325.832396] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  325.862286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  326.586735] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.593548] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.602750] device bridge_slave_0 entered promiscuous mode
[  326.931231] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.937938] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.947030] device bridge_slave_1 entered promiscuous mode
[  327.270013] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  327.596994] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  328.650556] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  328.919056] 8021q: adding VLAN 0 to HW filter on device bond0
[  329.087633] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  329.388998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  329.396220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  329.768173] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  329.775355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  330.281867] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  330.878934] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  330.888300] team0: Port device team_slave_0 added
[  331.366981] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  331.376059] team0: Port device team_slave_1 added
21:01:36 executing program 1:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioprio_get$pid(0x3, 0x0)
ioctl(0xffffffffffffffff, 0x0, 0x0)

[  331.666259] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  331.673627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  331.683095] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  331.755542] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  331.762167] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  331.770384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  331.950879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  331.958161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  331.967755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  332.278546] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  332.286452] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  332.295963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  332.494845] 8021q: adding VLAN 0 to HW filter on device team0
[  332.576920] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  332.585993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  332.595594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  335.053173] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.059827] bridge0: port 2(bridge_slave_1) entered forwarding state
[  335.067199] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.074016] bridge0: port 1(bridge_slave_0) entered forwarding state
[  335.084203] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  335.090819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  337.006893] 8021q: adding VLAN 0 to HW filter on device bond0
21:01:42 executing program 2:
r0 = inotify_init()
r1 = inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
inotify_rm_watch(r0, r1)
write$binfmt_elf64(r2, &(0x7f0000000480)=ANY=[], 0x2e7)

[  337.699383] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  338.233108] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  338.239802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  338.248230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  338.785278] 8021q: adding VLAN 0 to HW filter on device team0
[  341.733440] 8021q: adding VLAN 0 to HW filter on device bond0
21:01:47 executing program 3:
mknod(&(0x7f0000000180)='./file1\x00', 0x88, 0x0)
syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f")
clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)

[  342.303721] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  342.693158] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  342.699429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  342.707919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  342.990792] 8021q: adding VLAN 0 to HW filter on device team0
21:01:50 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
clone(0x0, 0x0, 0x0, 0x0, 0x0)
clone(0x0, 0x0, 0x0, 0x0, 0x0)

21:01:50 executing program 0:
r0 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000040)=@fragment, 0x8)
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f00000000c0)=@fragment={0x2f, 0x0, 0x0, 0x3, 0x0, 0x1ff, 0x66}, 0xffffffffffffffdc)

21:01:50 executing program 5:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
r1 = accept(r0, &(0x7f0000000000)=@rc, &(0x7f0000000080)=0x80)
r2 = accept4(r0, 0x0, &(0x7f00000000c0), 0x800)
iopl(0x4)
setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f0000000100)={0x2, {{0x2, 0x4e23, @rand_addr=0x5}}}, 0x88)
fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f00000001c0)=0x7)
r3 = syz_open_dev$midi(&(0x7f0000000200)='/dev/midi#\x00', 0x3, 0x840)
ioctl$UI_SET_RELBIT(r3, 0x40045566, 0x0)
getsockopt$sock_int(r3, 0x1, 0x2f, &(0x7f0000000240), &(0x7f0000000280)=0x4)
ioctl$VIDIOC_S_PRIORITY(r3, 0x40045644, 0x3)
ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f00000002c0)={0x716, 0x6})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000300)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1})
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000340)={<r4=>0x0, 0x101, 0x20}, &(0x7f0000000380)=0xc)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000003c0)={r4, 0x3, 0x2}, 0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000400)={r4, 0x200}, 0x8)
ioctl$RTC_PIE_OFF(r3, 0x7006)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000440)={[{0x18f, 0x1f, 0x1, 0xffffffffffffbeb8, 0x8000, 0x7, 0x5, 0x1, 0x1, 0x2, 0x3, 0xabe2, 0x80000001}, {0xfff, 0x7, 0x7fffffff, 0x9, 0x1, 0x6, 0x1, 0x5d, 0x8, 0x0, 0x9, 0xe8}, {0x1ff, 0x6, 0x0, 0x6, 0x5, 0x0, 0x5, 0x6, 0x9, 0x3, 0x2400000000000000, 0x6, 0x100}], 0xdfd})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f00000004c0)={0x3f, 0x9, 0x5, 0x0, 0x7, 0x1, 0x100000000, 0x6, 0x8001, 0xffffffff, 0x9, 0x7, 0x0, 0x27e, 0x8000, 0x6, 0x1ff, 0x7f, 0x2})
ioctl$UI_SET_RELBIT(r3, 0x40045566, 0x6)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x3ff)
r5 = socket$bt_hidp(0x1f, 0x3, 0x6)
setxattr(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)=@random={'system.', '\x00'}, &(0x7f0000000580)='/dev/midi#\x00', 0xb, 0x2)
getsockopt$packet_int(r1, 0x107, 0x0, &(0x7f00000005c0), &(0x7f0000000600)=0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={r3, 0x10, &(0x7f0000000680)={&(0x7f0000000640)=""/41, 0x29, <r6=>0xffffffffffffffff}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000700)=r6, 0x4)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x101ff, 0x2, 0x10d002, 0x1000, &(0x7f0000fff000/0x1000)=nil})
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000780)=0x7, 0x4)
ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
getsockname$packet(r1, &(0x7f00000007c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000800)=0x14)
sendmsg(r1, &(0x7f00000009c0)={&(0x7f0000000840)=@can={0x1d, r7}, 0x80, &(0x7f0000000980)=[{&(0x7f00000008c0)="34e70fb2055d5a3dd96d5e5772414c4577abde9ed75b52acc586368e96a3c8ae6482058b643bd3e710e467a7557e491ccb7d2a84b60889a02ce726a367bdb3f75dd6cac822f976a8df6698359f1ad0329317be2ede029fe198d63854f77d715728529899c047d3c99043b219559f85b1c426a042a4b8b94ededc658834158773f8c5c37f1e1a72bbb8d1bc9f12dde730d220d6ba434e4838f5cdf87718d600a637", 0xa1}], 0x1}, 0x4)

21:01:50 executing program 2:
clone(0x12102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x100000007)
ptrace$cont(0x18, r0, 0x0, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x3d})
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x1f, r0, 0x0, 0x0)

21:01:50 executing program 1:
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
select(0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0))

21:01:50 executing program 3:
socket(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='net/ipv6_route\x00')
preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0)

[  345.209157] ptrace attach of "/root/syz-executor2"[8207] was attempted by "/root/syz-executor2"[8213]
21:01:50 executing program 2:
open(0x0, 0x0, 0x0)
syz_open_dev$loop(0x0, 0x0, 0x0)
memfd_create(0x0, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$unlink(0x9, r0, 0xfffffffffffffffd)

21:01:50 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioprio_get$pid(0x3, 0x0)

21:01:50 executing program 1:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)

21:01:50 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000600)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000640)={0x6c, r1, 0x201, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @remote, 0x1ff}}, {0x20, 0x2, @in6={0x2, 0x0, 0x0, @loopback}}}}]}]}, 0x6c}}, 0x0)

[  345.783208] mmap: syz-executor1 (8234) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
21:01:50 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000080)=""/196, 0xc4}, {&(0x7f0000000400)=""/4096, 0x1000}], 0x2)

[  345.980820] Started in network mode
[  345.984880] Own node identity fe8000000000000000000000000000bb, cluster identity 4711
[  345.993697] ==================================================================
[  346.001097] BUG: KMSAN: uninit-value in __inet6_bind+0xb72/0x1ad0
[  346.007427] CPU: 1 PID: 8238 Comm: syz-executor2 Not tainted 4.20.0-rc5+ #111
[  346.014735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  346.024101] Call Trace:
[  346.026720]  dump_stack+0x284/0x3b0
[  346.030379]  ? __inet6_bind+0xb72/0x1ad0
[  346.034495]  kmsan_report+0x12d/0x290
[  346.038333]  __msan_warning+0x76/0xc0
[  346.042222]  __inet6_bind+0xb72/0x1ad0
[  346.046186]  inet6_bind+0x27f/0x390
[  346.049861]  ? ipv6_mod_enabled+0x60/0x60
[  346.054039]  kernel_bind+0xc6/0xf0
[  346.057645]  udp_sock_create6+0x2ee/0x890
[  346.061868]  tipc_udp_enable+0x166f/0x1d70
[  346.066218]  ? tipc_udp_send_msg+0x7d0/0x7d0
[  346.070682]  __tipc_nl_bearer_enable+0x1213/0x1da0
[  346.075723]  tipc_nl_bearer_enable+0x6c/0xb0
[  346.080166]  ? __tipc_nl_bearer_enable+0x1da0/0x1da0
[  346.085310]  genl_rcv_msg+0x185f/0x1a60
[  346.089395]  ? __msan_poison_alloca+0x1e0/0x270
[  346.094124]  netlink_rcv_skb+0x444/0x640
[  346.098221]  ? genl_unbind+0x390/0x390
[  346.102165]  genl_rcv+0x63/0x80
[  346.105497]  netlink_unicast+0xfc5/0x10a0
[  346.109745]  netlink_sendmsg+0x1298/0x13e0
[  346.114055]  ___sys_sendmsg+0xdbc/0x11d0
[  346.118165]  ? netlink_getsockopt+0x1830/0x1830
[  346.122926]  ? __fdget+0x2c6/0x430
[  346.126521]  __se_sys_sendmsg+0x305/0x460
[  346.130747]  __x64_sys_sendmsg+0x4a/0x70
[  346.134844]  do_syscall_64+0xcd/0x110
[  346.138694]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  346.143905] RIP: 0033:0x457659
[  346.147138] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  346.166056] RSP: 002b:00007f4c73d77c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  346.173806] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659
[  346.181111] RDX: 0000000000000000 RSI: 00000000200008c0 RDI: 0000000000000003
[  346.188401] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  346.195696] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c73d786d4
[  346.203004] R13: 00000000004c421b R14: 00000000004d7160 R15: 00000000ffffffff
[  346.210321] 
[  346.211969] Local variable description: ----udp6_addr@udp_sock_create6
[  346.218795] Variable was created at:
[  346.222534]  udp_sock_create6+0x80/0x890
[  346.226653]  tipc_udp_enable+0x166f/0x1d70
[  346.230902] ==================================================================
[  346.238269] Disabling lock debugging due to kernel taint
[  346.243736] Kernel panic - not syncing: panic_on_warn set ...
[  346.249658] CPU: 1 PID: 8238 Comm: syz-executor2 Tainted: G    B             4.20.0-rc5+ #111
[  346.258340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  346.267742] Call Trace:
[  346.270365]  dump_stack+0x284/0x3b0
[  346.274052]  panic+0x533/0xb02
[  346.277330]  kmsan_report+0x290/0x290
[  346.281177]  __msan_warning+0x76/0xc0
[  346.285016]  __inet6_bind+0xb72/0x1ad0
[  346.288978]  inet6_bind+0x27f/0x390
[  346.292660]  ? ipv6_mod_enabled+0x60/0x60
[  346.296842]  kernel_bind+0xc6/0xf0
[  346.300464]  udp_sock_create6+0x2ee/0x890
[  346.304718]  tipc_udp_enable+0x166f/0x1d70
[  346.309075]  ? tipc_udp_send_msg+0x7d0/0x7d0
[  346.313537]  __tipc_nl_bearer_enable+0x1213/0x1da0
[  346.318606]  tipc_nl_bearer_enable+0x6c/0xb0
[  346.323071]  ? __tipc_nl_bearer_enable+0x1da0/0x1da0
[  346.328209]  genl_rcv_msg+0x185f/0x1a60
[  346.332247]  ? __msan_poison_alloca+0x1e0/0x270
[  346.337002]  netlink_rcv_skb+0x444/0x640
[  346.341101]  ? genl_unbind+0x390/0x390
[  346.345045]  genl_rcv+0x63/0x80
[  346.348358]  netlink_unicast+0xfc5/0x10a0
[  346.353079]  netlink_sendmsg+0x1298/0x13e0
[  346.357393]  ___sys_sendmsg+0xdbc/0x11d0
[  346.361494]  ? netlink_getsockopt+0x1830/0x1830
[  346.366240]  ? __fdget+0x2c6/0x430
[  346.370841]  __se_sys_sendmsg+0x305/0x460
[  346.375066]  __x64_sys_sendmsg+0x4a/0x70
21:01:51 executing program 3:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070")
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={<r1=>0x0, <r2=>0x0})
recvmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/174, 0xae}], 0x1}, 0x0)
close(r1)
write$binfmt_aout(r2, &(0x7f0000001140), 0x20)

[  346.377579] IPVS: ftp: loaded support on port[0] = 21
[  346.379195]  do_syscall_64+0xcd/0x110
[  346.388220]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  346.393432] RIP: 0033:0x457659
[  346.396687] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  346.415631] RSP: 002b:00007f4c73d77c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  346.423397] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659
21:01:51 executing program 4:
epoll_create(0x0)
pipe(0x0)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000002640)=""/207, 0xfffffede, 0x0)

[  346.430686] RDX: 0000000000000000 RSI: 00000000200008c0 RDI: 0000000000000003
[  346.437973] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  346.445314] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c73d786d4
[  346.452605] R13: 00000000004c421b R14: 00000000004d7160 R15: 00000000ffffffff
[  346.460926] Kernel Offset: disabled
[  346.464558] Rebooting in 86400 seconds..