[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 57.119529] sshd (6057) used greatest stack depth: 53392 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 57.286290] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 58.569155] random: sshd: uninitialized urandom read (32 bytes read) [ 58.895364] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 60.483987] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. [ 66.206266] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 08:59:23 fuzzer started [ 70.741382] random: cc1: uninitialized urandom read (8 bytes read) [ 71.225580] as (6149) used greatest stack depth: 53184 bytes left 2018/10/08 08:59:27 dialing manager at 10.128.0.26:36867 2018/10/08 08:59:27 syscalls: 1 2018/10/08 08:59:27 code coverage: enabled 2018/10/08 08:59:27 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 08:59:27 setuid sandbox: enabled 2018/10/08 08:59:27 namespace sandbox: enabled 2018/10/08 08:59:27 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 08:59:27 fault injection: enabled 2018/10/08 08:59:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 08:59:27 net packed injection: enabled 2018/10/08 08:59:27 net device setup: enabled [ 76.586756] random: crng init done 09:02:08 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000100)='/dev/md0\x00', 0x0, 0x0) ioctl$BLKPG(r1, 0x40140921, &(0x7f0000000040)={0x0, 0x1, 0x0, &(0x7f00000000c0)}) [ 234.700486] IPVS: ftp: loaded support on port[0] = 21 [ 237.116949] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.123592] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.132390] device bridge_slave_0 entered promiscuous mode [ 237.275571] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.282254] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.290879] device bridge_slave_1 entered promiscuous mode [ 237.430397] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 237.574471] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 238.015666] bond0: Enslaving bond_slave_0 as an active interface with an up link 09:02:13 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20000010, 0x0, 0x500000000000000}, 0xc, &(0x7f0000000000)={&(0x7f00000002c0)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@local}, {@in=@multicast1=0xe0000004, 0x0, 0x2b}, @in=@rand_addr, {}, {}, {}, 0x0, 0x0, 0xa, 0x2}}, 0xf0}}, 0x0) [ 238.232763] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 238.616844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 238.623953] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.770952] IPVS: ftp: loaded support on port[0] = 21 [ 239.348426] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 239.356957] team0: Port device team_slave_0 added [ 239.539944] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 239.548077] team0: Port device team_slave_1 added [ 239.722790] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 239.729833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.738864] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.950881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 239.958011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.967172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.225665] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 240.233436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.242670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.455706] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 240.463414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.472572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.324241] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.330753] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.339742] device bridge_slave_0 entered promiscuous mode [ 242.513620] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.520094] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.529039] device bridge_slave_1 entered promiscuous mode [ 242.668830] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 242.847903] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 243.266734] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.273328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 243.280288] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.286896] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.295860] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 243.313398] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 243.504862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 243.589839] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 243.836882] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 243.844059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.015573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 244.022750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:02:19 executing program 2: r0 = socket$inet6(0xa, 0x801, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) setitimer(0x2, &(0x7f000000bfe0)={{}, {0x77359400}}, &(0x7f000002c000)) [ 244.510455] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 244.518688] team0: Port device team_slave_0 added [ 244.850604] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 244.858951] team0: Port device team_slave_1 added [ 245.024932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 245.032177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.040913] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.371528] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 245.378745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.387567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.558663] IPVS: ftp: loaded support on port[0] = 21 [ 245.774289] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 245.782000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.791074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 246.068762] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 246.076560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.085770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 249.196107] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.202711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.209686] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.216323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.225291] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 249.652047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.238720] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.245378] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.253936] device bridge_slave_0 entered promiscuous mode [ 250.579514] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.586209] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.594979] device bridge_slave_1 entered promiscuous mode [ 250.907425] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 251.197423] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 251.934234] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 252.316985] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 252.543340] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 252.550416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 252.776476] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 252.783904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 09:02:28 executing program 3: readlinkat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', &(0x7f00000004c0)=""/212, 0xd4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x8) capset(&(0x7f00000000c0), &(0x7f0000000140)={0x7, 0x2, 0x5}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000380)={0x0, 0x100}, 0x8) write$binfmt_misc(r1, &(0x7f0000000600)=ANY=[], 0x0) r2 = accept4(r0, 0x0, &(0x7f0000000040), 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$fou(&(0x7f00000003c0)='fou\x00') getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000440), &(0x7f00000005c0)=0x4) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000400)={0x1, 0xffffffffffffffff, 0x1}) sendmsg$key(r2, &(0x7f0000000200)={0xa00, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x40000000, 0xf003, 0x0, 0x2}, 0x10}}, 0x0) [ 253.808415] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 253.816591] team0: Port device team_slave_0 added [ 254.231476] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 254.239740] team0: Port device team_slave_1 added [ 254.240510] IPVS: ftp: loaded support on port[0] = 21 [ 254.625004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 254.632117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 254.640919] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 254.976928] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 254.984172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 254.993165] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 255.424344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 255.432299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 255.441380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 255.671185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.739785] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 255.748607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 255.759060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 257.057547] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 258.450937] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 258.457947] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 258.466413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 259.849187] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.869285] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.875871] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.884646] device bridge_slave_0 entered promiscuous mode [ 259.927998] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.934569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.941453] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.948025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.956758] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 260.255550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 260.288078] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.294704] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.304246] device bridge_slave_1 entered promiscuous mode [ 260.631507] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 260.929488] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 262.087007] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 262.540367] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 262.749474] 8021q: adding VLAN 0 to HW filter on device bond0 [ 262.836512] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 262.843702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 263.269166] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 263.276652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 263.999675] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 09:02:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x12, 0xc0, 0x4, 0x400000000078}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r1, &(0x7f0000000040), &(0x7f0000000200)=""/70}, 0x18) [ 264.320438] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 264.328655] team0: Port device team_slave_0 added [ 264.765758] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 264.774122] team0: Port device team_slave_1 added [ 265.234139] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 265.241229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 265.250375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 265.499990] IPVS: ftp: loaded support on port[0] = 21 [ 265.690095] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 265.696677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 265.704984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 265.726909] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 265.753807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 265.762743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 266.199825] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 266.207623] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 266.217053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 266.677569] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 266.685394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 266.694693] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 267.348395] 8021q: adding VLAN 0 to HW filter on device team0 09:02:44 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000100)={'veth1_to_bond\x00'}) [ 269.592327] veth1_to_bond: mtu less than device minimum [ 269.600459] veth1_to_bond: mtu less than device minimum 09:02:44 executing program 0: r0 = socket$inet_tcp(0x2, 0x3, 0x6) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup2(r1, r2) ioctl$KVM_RUN(r3, 0xae80, 0x0) write$binfmt_script(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="2321202e2f66696c65302047504c21776c616e312d73797374656d70726f637d6b6e8c6bb66e67287b2c747275737465640a"], 0x32) 09:02:45 executing program 0: sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100), 0xc, &(0x7f0000000000)={&(0x7f00000001c0)={0x48, 0x0, 0x0, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ipddp0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8}]}]}, 0x48}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)) sendmsg$nl_generic(r0, &(0x7f00003cefe4)={&(0x7f0000000300)={0x10, 0x36200}, 0xc, &(0x7f0000007ff0)={&(0x7f0000000180)={0xffce, 0x2e, 0x6fd, 0x0, 0x0, {0x2004}, [@nested={0xc, 0x0, [@typed={0x62, 0x0, @ipv4}]}]}, 0xffce}}, 0x0) r1 = accept$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000040)) ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000080)) [ 270.415227] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 270.422868] netlink: 65350 bytes leftover after parsing attributes in process `syz-executor0'. [ 270.527663] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 270.535227] netlink: 65350 bytes leftover after parsing attributes in process `syz-executor0'. 09:02:45 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x806, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x40) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0xfffffffffffffffe) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, "73797a300000000000000000000000000000000000000000000000000300"}) [ 271.175633] input: syz1 as /devices/virtual/input/input5 [ 271.264839] input: syz1 as /devices/virtual/input/input6 [ 271.572821] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.579320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.586354] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.592888] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.601227] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 09:02:46 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x806, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x40) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0xfffffffffffffffe) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, "73797a300000000000000000000000000000000000000000000000000300"}) [ 271.883863] input: syz1 as /devices/virtual/input/input7 09:02:47 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000200)="6d656d6f72792e737761702e6d617800b6b1b9f8a2018c839c710320012a073c914e1e915956c2a23eccef1ca5aea3237517e1eea78038b4da712337ee94d45b6a4ed1a96baeacd39fe226fd4c3b3eb0e0376c47f0459a8cc12eeef2613eef08ba9f0f0000000000006323e2e634b7b9ef6296c9c81dcf466542e6292c234a85a61910c5aa2bb184526e9ac53837e19f97da0b49938fdc6169ae476cf31c638036e0e0e49a1e13e57a2c97160eec2ba0b4c7c6", 0x2, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000300)='trusted.overlay.origin\x00', &(0x7f0000000340)='y\x00', 0x2, 0x2) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x5c961562, 0x402c0) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r2, 0x40045731, &(0x7f0000000080)=0x5) openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) sendfile(r1, r1, &(0x7f00000000c0), 0xfdef) r3 = dup(r0) ioctl$EVIOCGKEYCODE(r3, 0x80084504, &(0x7f0000000100)=""/200) [ 272.414048] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 272.557683] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.564300] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.572848] device bridge_slave_0 entered promiscuous mode 09:02:47 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x80) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x22, &(0x7f000001bc78)=@raw={"0500000002000200000000000000000018050000030300000000ffffffff00", 0x9, 0x3, 0xffffffffffffff22, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x258, 0xffffffff, 0xffffffff, 0x258, 0xffffffff, 0x3, &(0x7f000002cfd0), {[{{@uncond, 0x0, 0xa8, 0x52}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00'}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x4, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e) setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x1) setxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x1) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000180)={0x0, 0x5, 0x30, 0xda7, 0xf94}, &(0x7f00000001c0)=0x18) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000200)=@assoc_id=r1, &(0x7f0000000240)=0x4) [ 273.000527] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.007147] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.015707] device bridge_slave_1 entered promiscuous mode 09:02:48 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x80) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x22, &(0x7f000001bc78)=@raw={"0500000002000200000000000000000018050000030300000000ffffffff00", 0x9, 0x3, 0xffffffffffffff22, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x258, 0xffffffff, 0xffffffff, 0x258, 0xffffffff, 0x3, &(0x7f000002cfd0), {[{{@uncond, 0x0, 0xa8, 0x52}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00'}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x4, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e) setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x1) setxattr$trusted_overlay_redirect(&(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x1) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000180)={0x0, 0x5, 0x30, 0xda7, 0xf94}, &(0x7f00000001c0)=0x18) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000200)=@assoc_id=r1, &(0x7f0000000240)=0x4) [ 273.491942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 273.943268] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 275.018298] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 275.371280] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 275.759393] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 275.766611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 276.151319] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 276.158506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 276.418916] 8021q: adding VLAN 0 to HW filter on device bond0 09:02:52 executing program 1: [ 277.357379] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 277.365781] team0: Port device team_slave_0 added [ 277.541375] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 277.720797] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 277.728947] team0: Port device team_slave_1 added [ 277.973203] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 277.980250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 277.989075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 278.235267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 278.242472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 278.251309] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 278.451622] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 278.458170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 278.466115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 278.519184] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 278.527248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 278.536304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 278.818299] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 278.826106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 278.835040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 279.150460] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.318454] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.324996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 281.332047] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.338482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.347038] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 281.353691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 283.108257] 8021q: adding VLAN 0 to HW filter on device bond0 [ 283.887990] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 09:02:59 executing program 2: [ 284.658082] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 284.664577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 284.672473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 285.205738] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.468582] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.889309] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 289.245822] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 289.252214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 289.260075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 09:03:04 executing program 3: [ 289.740759] 8021q: adding VLAN 0 to HW filter on device team0 09:03:06 executing program 4: 09:03:06 executing program 0: r0 = epoll_create1(0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x2) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000140)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @remote}}}}, 0x80, &(0x7f0000002740)=[{&(0x7f00000001c0)=""/215, 0xd7}, {&(0x7f00000002c0)=""/250, 0xfa}, {&(0x7f00000003c0)=""/188, 0xbc}, {&(0x7f0000000480)=""/101, 0x65}, {&(0x7f0000000500)=""/127, 0x7f}, {&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000001580)=""/237, 0xed}, {&(0x7f0000001680)=""/168, 0xa8}, {&(0x7f0000001740)=""/4096, 0x1000}], 0x9, 0x0, 0x0, 0x4}, 0x40000100) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f00000000c0)=0x2, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000080)={0x80000000}) 09:03:06 executing program 5: r0 = gettid() migrate_pages(r0, 0x2, &(0x7f0000000000)=0x400000000000000, &(0x7f0000000040)=0x7fff) r1 = msgget$private(0x0, 0x20) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@remote, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@loopback}}, &(0x7f0000000180)=0xe8) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000240)={{{@in=@rand_addr, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@rand_addr}}, &(0x7f0000000340)=0xe8) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0xc) msgctl$IPC_SET(r1, 0x1, &(0x7f0000000400)={{0x200, r2, r4, r6, r8, 0x2, 0x400}, 0x5, 0x894a, 0x26, 0x7, 0x3f, 0x3, r0, r0}) r9 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000480)='/dev/autofs\x00', 0x0, 0x0) connect$pppoe(r9, &(0x7f00000004c0)={0x18, 0x0, {0x3, @remote, 'vcan0\x00'}}, 0x1e) flistxattr(r9, &(0x7f0000000500)=""/173, 0xad) ioctl$EVIOCSABS3F(r9, 0x401845ff, &(0x7f00000005c0)={0x6, 0x1, 0x3ff, 0x1, 0x8, 0x1}) r10 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000600)='/dev/rtc0\x00', 0x40, 0x0) write$P9_RREMOVE(r10, &(0x7f0000000640)={0x7, 0x7b, 0x2}, 0x7) write$P9_RSETATTR(r9, &(0x7f0000000680)={0x7, 0x1b, 0x2}, 0x7) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000800)={r9, &(0x7f00000006c0)="7f4645f46260ee91b89d0da78464f5c8ad744c541a9001e002d30efd4d149112c9a40d96d78ece8ce5844513588cc00c039dea9f6c2ca3cabbabd5a56fd9b0ca42dd43b988d3d8baa641f85b971f9842e495dbf640d76ceb04816ee09074cd4176b22db59110dcd26565fb302acfa224e5b99692b6a4b69acfdd5ef604e831c67bd65d860f90a8df1f497d32f0fa42175833cb83a1bafe7f92d7a0de3095dbd82f37a7ae250b5cb1c6880961173326533a69d50191dec2918018d957a5d83cb448d4b25b1fde0cd14103e0a707544538323d414e180a4d95652907d529c2684b01e136f36a628d411a74fd839b", &(0x7f00000007c0)=""/11}, 0x18) ioctl$SG_GET_RESERVED_SIZE(r9, 0x2272, &(0x7f0000000840)) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r10, 0x80045300, &(0x7f0000000880)) ioctl$SG_GET_COMMAND_Q(r10, 0x2270, &(0x7f00000008c0)) prctl$setptracer(0x59616d61, r7) kcmp$KCMP_EPOLL_TFD(r0, r3, 0x7, r10, &(0x7f0000000900)={r10, r9, 0xf2c5}) fgetxattr(r10, &(0x7f0000000940)=@known='trusted.overlay.opaque\x00', &(0x7f0000000980)=""/4096, 0x1000) write$9p(r9, &(0x7f0000001980)="3903399a726f9b952cefd996f44d53cf515c5e5ab09a61d1f5ff2b85888b5b59b8ef9d4df52e1a0290b09740f6ea693a91e72b7d63d6c2008daaadc0bbc12f786de364c3b63e20cdfcae1912750ec7d1d6d7655f9610c86c73892dcfdf83cb0a1921eef33592e19ecf6f3a97b3c7fe826c6337f2705097903ec221f62920425b126725394de484063e5496fb7c5c38034b6bd97c8ee02b496f597480bf366eb3185d5bfbed5db7926eac190e321f48dd9adc0f85db03790a4caaf5fe1ed01b21a3f62b06b249ec5a9d6a42896e3ac536dd42c4", 0xd3) setsockopt$sock_timeval(r10, 0x1, 0x15, &(0x7f0000001a80)={0x77359400}, 0x10) ioctl$sock_inet6_SIOCDELRT(r9, 0x890c, &(0x7f0000001ac0)={@ipv4={[], [], @local}, @mcast1, @ipv4, 0xffffffffffff7731, 0x7c, 0x375, 0x100, 0x3, 0x200000, r5}) r11 = add_key$keyring(&(0x7f0000001c00)='keyring\x00', &(0x7f0000001c40)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) request_key(&(0x7f0000001b40)='id_resolver\x00', &(0x7f0000001b80)={'syz', 0x2}, &(0x7f0000001bc0)='\x00', r11) ioctl$RTC_IRQP_READ(r10, 0x8008700b, &(0x7f0000001c80)) ioctl$sock_inet_SIOCSIFDSTADDR(r9, 0x8918, &(0x7f0000001cc0)={'veth1_to_bond\x00', {0x2, 0x4e22, @loopback}}) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r9, 0x84, 0x22, &(0x7f0000001d00)={0x0, 0x8203, 0xff, 0x1, 0x0}, &(0x7f0000001d40)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r9, 0x84, 0x70, &(0x7f0000001d80)={r12, @in6={{0xa, 0x4e22, 0x7, @loopback, 0x800}}, [0x9f, 0x7, 0x7, 0x6, 0xab, 0xb449, 0x80000001, 0x101, 0x8, 0x2a6a, 0x9, 0x0, 0x6, 0x10000]}, &(0x7f0000001e80)=0x100) 09:03:06 executing program 2: 09:03:06 executing program 1: 09:03:06 executing program 3: 09:03:06 executing program 1: 09:03:06 executing program 3: 09:03:07 executing program 0: 09:03:07 executing program 2: 09:03:07 executing program 4: 09:03:07 executing program 3: 09:03:07 executing program 1: 09:03:07 executing program 0: [ 293.086540] IPVS: ftp: loaded support on port[0] = 21 [ 294.409040] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.415556] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.423722] device bridge_slave_0 entered promiscuous mode [ 294.502570] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.508997] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.517219] device bridge_slave_1 entered promiscuous mode [ 294.594941] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 294.673886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 294.908057] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 294.989594] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 295.068211] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 295.075370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 295.150820] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 295.157867] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 295.382493] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 295.390036] team0: Port device team_slave_0 added [ 295.466952] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 295.474813] team0: Port device team_slave_1 added [ 295.551154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 295.629439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 295.705683] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 295.713162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 295.721991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 295.800603] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 295.807993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 295.817187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 296.689218] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.695706] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.702620] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.709025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.717467] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 297.072026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 299.905380] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.199030] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 300.495335] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 300.501652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 300.509701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 300.805933] 8021q: adding VLAN 0 to HW filter on device team0 09:03:17 executing program 5: 09:03:17 executing program 2: 09:03:17 executing program 4: 09:03:17 executing program 1: 09:03:17 executing program 0: 09:03:17 executing program 3: 09:03:18 executing program 3: 09:03:18 executing program 0: 09:03:18 executing program 2: 09:03:18 executing program 1: 09:03:18 executing program 4: 09:03:18 executing program 5: 09:03:18 executing program 3: 09:03:18 executing program 2: 09:03:18 executing program 4: 09:03:18 executing program 0: 09:03:18 executing program 1: 09:03:18 executing program 5: 09:03:19 executing program 4: 09:03:19 executing program 1: 09:03:19 executing program 2: 09:03:19 executing program 3: 09:03:19 executing program 5: 09:03:19 executing program 0: 09:03:19 executing program 4: 09:03:19 executing program 0: 09:03:19 executing program 1: 09:03:19 executing program 3: 09:03:19 executing program 2: 09:03:19 executing program 4: 09:03:19 executing program 5: 09:03:19 executing program 0: 09:03:20 executing program 3: 09:03:20 executing program 1: 09:03:20 executing program 2: 09:03:20 executing program 3: 09:03:20 executing program 0: 09:03:20 executing program 4: 09:03:20 executing program 5: 09:03:20 executing program 1: 09:03:20 executing program 3: 09:03:20 executing program 2: 09:03:20 executing program 4: 09:03:21 executing program 0: 09:03:21 executing program 5: 09:03:21 executing program 1: 09:03:21 executing program 3: 09:03:21 executing program 2: 09:03:21 executing program 0: 09:03:21 executing program 4: 09:03:21 executing program 1: 09:03:21 executing program 2: 09:03:21 executing program 5: 09:03:21 executing program 0: 09:03:21 executing program 3: 09:03:21 executing program 1: 09:03:22 executing program 4: 09:03:22 executing program 2: 09:03:22 executing program 0: 09:03:22 executing program 1: 09:03:22 executing program 3: 09:03:22 executing program 5: 09:03:22 executing program 4: 09:03:22 executing program 2: 09:03:22 executing program 0: 09:03:22 executing program 3: clone(0x2102001ff6, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)="2f65786500e1ffffff0409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f02acc7edbcd7a071fbbc7864c3cf7318e89c6e97ca49e2523f8d54c646dd47000000000000000000000082c8ed780fc8de13aac81a5293802cac9b30bd34f4b1aa91950e3321095ed1dc0609f379617d65d54e4900f041cf05b8b29c725e548eba7414e6686d0e4d0eb54ffbecf9b6cb56df37daad793393cdf96d60c334d7dee99d58bb98ec8fbae88509abe32fd44239abb4ccf659f55c76c288ae1d12b8aef689f19c39d9cdd8a249969185b3f229a48ef301365dc6762a1967eb3241f49796f3f6ceb28fd1833071281f0d81aee58fc8a61050486d5641c3dfc84c25baa2b3712cb8251267e70159894f6dd8f293e8cd44ea35ca1c52f1c165b6391d779405fabfaf835c2928c61282a10cfee523c694139d9b158c8ac9c2068deae9563a8661cef5dfb87149694d3b000cd5cc727f52139996dd2f575b0af9cc013f275d3651") fsetxattr(r0, &(0x7f0000000000)=@known='user.syz\x00', &(0x7f00000000c0)='\x00', 0xfe9, 0x0) 09:03:22 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioprio_get$uid(0x3, 0x0) 09:03:23 executing program 5: request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000080)='\x00', 0x0) 09:03:23 executing program 0: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000180), 0xffffffffffffffff) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000002000)={{0xa, 0x0, 0x0, @ipv4={[], [], @local}}, {0xa, 0x0, 0x0, @empty, 0x1}}, 0x5c) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000002000)={0xfffffffffffffffc, 0x0, 0x40}, 0x14) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x7, &(0x7f0000000140)='timers\x00'}, 0x30) splice(0xffffffffffffffff, &(0x7f0000000040), 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) socket$netlink(0x10, 0x3, 0xa) openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x40, &(0x7f0000001fde), 0x4) 09:03:23 executing program 4: getresuid(&(0x7f0000000380), &(0x7f0000000300), &(0x7f0000000400)) r0 = socket(0x10, 0x2, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000100)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f7980584303d01f0549a8b878dc4af89ed554fa07424adee901d2da75af1f02acc7edbcd7a071fb35331ce39c5ad3657818feb0279188b92b2e6b035cde4c66c6b00081bd106f6adfe58108a8be89d3695670374e304c071de17635f3034de8c2372e769fd1d57d1b83e77d656f") sendfile(r0, r1, &(0x7f00000000c0), 0x80000002) ioctl$TIOCCONS(r1, 0x541d) 09:03:23 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x0, 0x400000000032, 0xffffffffffffffff, 0x0) ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000080)) 09:03:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x4000000003, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)="24000000220007031dfffd946f610500020000000000fd21fe1c4095421ba3a20400ff7e280000001100ffffba16a0aa1ce208b3ef090000000000008e3141eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f000000b680)={&(0x7f000000b4c0), 0xc, &(0x7f000000b640)={&(0x7f000000b540)={0x14}, 0x14}}, 0x4000040) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f000000b6c0)={0x0, 0x1, 0x6}, 0x10) 09:03:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x200031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000000c0)) ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, &(0x7f0000000480)) [ 308.437525] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. 09:03:23 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000002c0)="2f65786500e1ffffff0409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424adee901d2da75af1f02acc7edbcd7a071fbbc7864c3cf7318e89c6e97ca49e2523f8d54c646dd47000000000000000000000082c8ed780fc8de13aac81a5293802cac9b30bd34f4b1aa91950e3321095ed1dc0609f379617d65d54e4900f041cf05b8b29c725e548eba7414e6686d0e4d0eb54ffbecf9b6cb56df37daad793393cdf96d60c334d7dee99d58bb98ec8fbae88509abe32fd44239abb4ccf659f55c76c288ae1d12b8aef689f19c39d9cdd8a249969185b3f229a48ef301365dc6762a1967eb3241f49796f3f6ceb28fd1833071281f0d81aee58fc8a61050486d5641c3dfc84c25baa2b3712cb8251267e70159894f6dd8f293e8cd44ea35ca1c52f1c165b6391d779405fabfaf835c2928c61282a10cfee523c694139d9b158c8ac9c2068deae9563a8661cef5dfb87149694d3b000cd5cc727f52139996dd2f575b0af9cc013f275d3651") fsetxattr(r0, &(0x7f0000000000)=@known='user.syz\x00', &(0x7f0000000100)="5f65f4cfa3244a8dac138751505a3d25126510", 0x13, 0x0) [ 308.522193] netlink: 8 bytes leftover after parsing attributes in process `syz-executor1'. 09:03:23 executing program 2: pselect6(0x65e, &(0x7f0000f33fc0)={0x0, 0x0, 0x0, 0x1000000000000}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000000000)={0x0, 0x1c9c380}, &(0x7f0000f14000)={&(0x7f00000000c0), 0x8}) 09:03:23 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000880)="2f6409002f7572616e646f6d02c4c3861a178eec9f45dcea2e13d2c842d0cc97902bd80b13a19c1b0a251aefb19defaa7bb61b5aa25efda6bd035d88cff9a27e8a2b19d31f153660e7ac4dedc0524a57d58cd8", 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f0000000300), &(0x7f0000000240), 0x1000) [ 308.703864] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 308.927684] ================================================================== [ 308.935125] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 308.941739] CPU: 0 PID: 7956 Comm: syz-executor5 Not tainted 4.19.0-rc4+ #63 [ 308.948950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.958323] Call Trace: [ 308.960949] dump_stack+0x306/0x460 [ 308.964616] ? _raw_spin_lock_irqsave+0x227/0x340 [ 308.969515] ? vmx_create_vcpu+0x10df/0x7920 [ 308.973974] kmsan_report+0x1a3/0x2d0 [ 308.977823] __msan_warning+0x7c/0xe0 [ 308.981666] vmx_create_vcpu+0x10df/0x7920 [ 308.985944] ? kmsan_set_origin_inline+0x6b/0x120 [ 308.990825] ? __msan_poison_alloca+0x17a/0x210 [ 308.995548] ? vmx_vm_init+0x340/0x340 [ 308.999492] kvm_arch_vcpu_create+0x25d/0x2f0 [ 309.004032] kvm_vm_ioctl+0x13fd/0x33d0 [ 309.008052] ? __msan_poison_alloca+0x17a/0x210 [ 309.012756] ? do_vfs_ioctl+0x18a/0x2810 [ 309.016878] ? __se_sys_ioctl+0x1da/0x270 [ 309.021066] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 309.025938] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 309.030817] do_vfs_ioctl+0xcf3/0x2810 [ 309.034755] ? security_file_ioctl+0x92/0x200 [ 309.039312] __se_sys_ioctl+0x1da/0x270 [ 309.043346] __x64_sys_ioctl+0x4a/0x70 [ 309.047270] do_syscall_64+0xbe/0x100 [ 309.051116] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 309.056334] RIP: 0033:0x457579 [ 309.059561] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 309.078482] RSP: 002b:00007f59cdb26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 309.086221] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 309.093513] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 309.100802] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 309.108090] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f59cdb276d4 [ 309.115383] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 309.122705] 09:03:24 executing program 3: 09:03:24 executing program 1: [ 309.124351] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 309.131286] Variable was created at: [ 309.135048] vmx_create_vcpu+0xd5/0x7920 [ 309.139150] kvm_arch_vcpu_create+0x25d/0x2f0 [ 309.143660] ================================================================== [ 309.151030] Disabling lock debugging due to kernel taint [ 309.156501] Kernel panic - not syncing: panic_on_warn set ... [ 309.156501] [ 309.163903] CPU: 0 PID: 7956 Comm: syz-executor5 Tainted: G B 4.19.0-rc4+ #63 [ 309.172507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.181874] Call Trace: [ 309.184500] dump_stack+0x306/0x460 [ 309.188178] panic+0x54c/0xafa [ 309.191476] kmsan_report+0x2cd/0x2d0 [ 309.195347] __msan_warning+0x7c/0xe0 [ 309.199189] vmx_create_vcpu+0x10df/0x7920 [ 309.203458] ? kmsan_set_origin_inline+0x6b/0x120 [ 309.208339] ? __msan_poison_alloca+0x17a/0x210 [ 309.213053] ? vmx_vm_init+0x340/0x340 [ 309.216976] kvm_arch_vcpu_create+0x25d/0x2f0 [ 309.221510] kvm_vm_ioctl+0x13fd/0x33d0 [ 309.225525] ? __msan_poison_alloca+0x17a/0x210 [ 309.230238] ? do_vfs_ioctl+0x18a/0x2810 [ 309.234329] ? __se_sys_ioctl+0x1da/0x270 [ 309.238510] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 309.243387] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 309.248275] do_vfs_ioctl+0xcf3/0x2810 [ 309.252237] ? security_file_ioctl+0x92/0x200 [ 309.256779] __se_sys_ioctl+0x1da/0x270 [ 309.260810] __x64_sys_ioctl+0x4a/0x70 [ 309.264732] do_syscall_64+0xbe/0x100 [ 309.268581] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 309.273809] RIP: 0033:0x457579 09:03:24 executing program 4: [ 309.277035] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 309.296063] RSP: 002b:00007f59cdb26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 309.303812] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 309.311101] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 309.318393] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 309.325698] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f59cdb276d4 [ 309.332984] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 309.341216] Kernel Offset: disabled [ 309.344871] Rebooting in 86400 seconds..