[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 57.266944] sshd (6036) used greatest stack depth: 53392 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 57.507233] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 59.404796] random: sshd: uninitialized urandom read (32 bytes read) [ 59.824499] random: sshd: uninitialized urandom read (32 bytes read) [ 61.339456] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. [ 67.105528] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/03 04:52:43 fuzzer started [ 71.573191] random: cc1: uninitialized urandom read (8 bytes read) [ 71.709638] cc1 (6124) used greatest stack depth: 53184 bytes left 2018/10/03 04:52:47 dialing manager at 10.128.0.26:45967 2018/10/03 04:52:47 syscalls: 1 2018/10/03 04:52:47 code coverage: enabled 2018/10/03 04:52:47 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/03 04:52:47 setuid sandbox: enabled 2018/10/03 04:52:47 namespace sandbox: enabled 2018/10/03 04:52:47 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/03 04:52:47 fault injection: enabled 2018/10/03 04:52:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/03 04:52:47 net packed injection: enabled 2018/10/03 04:52:47 net device setup: enabled [ 77.799457] random: crng init done 04:54:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x11, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) [ 200.833398] IPVS: ftp: loaded support on port[0] = 21 [ 203.140916] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.147490] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.156136] device bridge_slave_0 entered promiscuous mode [ 203.313002] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.319474] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.328020] device bridge_slave_1 entered promiscuous mode [ 203.465136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.602073] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:54:58 executing program 1: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x81, 0x2001) splice(0xffffffffffffffff, &(0x7f0000000080), 0xffffffffffffffff, &(0x7f00000000c0), 0x1, 0x0) r0 = inotify_init1(0x0) syz_open_dev$loop(&(0x7f0000002a80)='/dev/loop#\x00', 0x0, 0x20000) sched_setaffinity(0x0, 0xfffffffffffffcbf, &(0x7f00000000c0)=0x8000009) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='sit0\x00', 0x10) socket$nl_generic(0x10, 0x3, 0x10) setxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000000200)=@sha1={0x1, "117dc13ff3842e1bf4e7fe1ae548209ddd7d9b53"}, 0x15, 0x3) sendto$inet(r1, &(0x7f0000000100), 0x0, 0x404c0c0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r1, &(0x7f0000000080), 0xfe7a, 0x0, &(0x7f00000001c0)={0x2, 0x0, @rand_addr}, 0x10) stat(&(0x7f0000002c40)='./file0\x00', &(0x7f0000002c80)) fcntl$setstatus(r0, 0x4, 0x40000) fcntl$getown(0xffffffffffffffff, 0x9) syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000140)={0x0, 'veth1\x00'}, 0x18) gettid() [ 204.026360] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 204.233707] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 204.514958] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 204.522193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.661916] IPVS: ftp: loaded support on port[0] = 21 [ 204.804408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 204.811451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.418260] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 205.426558] team0: Port device team_slave_0 added [ 205.620802] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 205.628905] team0: Port device team_slave_1 added [ 205.863546] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 205.870583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.879592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 206.033235] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 206.040243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 206.049172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 206.316411] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 206.324235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.333246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.579554] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 206.587241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.596409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.098373] ip (6253) used greatest stack depth: 53056 bytes left [ 208.374570] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.381060] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.389711] device bridge_slave_0 entered promiscuous mode [ 208.645560] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.652398] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.661056] device bridge_slave_1 entered promiscuous mode [ 208.907700] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.914274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.921209] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.927812] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.936854] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 208.993824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.153867] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:55:03 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, "ba850408c6196f4e82cee6784217828cafe684ae7eb6acec9726c36ccbfd04f39b28c843f8ec005953808ebca967324a1b5ab5dce0963144c61c8644ce3bc4d1", "d99f026a5fbed66a3f30f3aa8e24df32cf9b17dff14589cc1563edbaa24bbb6ab340ccb1bc7cb3d67733ce54361839dd2d9846930f0c07c26789a7cb6f42a1bf", "65465985e11662d3c8297a5d5ca0990e01d625c126074127e039de05b88f0ba9"}) [ 209.623168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.752590] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.011352] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.158296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.165581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.480105] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.487612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.515446] IPVS: ftp: loaded support on port[0] = 21 [ 211.330916] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.339353] team0: Port device team_slave_0 added [ 211.548372] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.556553] team0: Port device team_slave_1 added [ 211.852020] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.859066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.868212] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.146660] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.153975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.163031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.445220] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.452898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.461758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.759468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.767355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.776750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.307697] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.314361] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.323068] device bridge_slave_0 entered promiscuous mode [ 215.654258] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.660742] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.669382] device bridge_slave_1 entered promiscuous mode [ 215.990998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 216.058117] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.064726] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.071674] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.078349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 216.087202] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 216.360004] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.983029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 217.083059] bond0: Enslaving bond_slave_0 as an active interface with an up link 04:55:11 executing program 3: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mount(&(0x7f0000001140)=ANY=[], &(0x7f0000cbeff8)='./file0\x00', &(0x7f00005f7ffa)='ramfs\x00', 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x20000031, 0xffffffffffffffff, 0x0) [ 217.432720] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.755876] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 217.763125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.112487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.119677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.360478] IPVS: ftp: loaded support on port[0] = 21 [ 219.119637] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.127908] team0: Port device team_slave_0 added [ 219.516189] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.524578] team0: Port device team_slave_1 added [ 219.806741] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 219.814005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.822735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.166691] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 220.173956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.183138] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.448286] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.456054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.465256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.784045] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 220.791579] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.801003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.944624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.239639] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 223.567389] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 223.573910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.581963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.182924] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.189430] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.197974] device bridge_slave_0 entered promiscuous mode [ 224.524503] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.530990] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.539795] device bridge_slave_1 entered promiscuous mode [ 224.697788] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.704391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.711305] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.717931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.726929] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 224.882039] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 224.989058] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.209754] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 225.622124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 226.152581] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 226.460509] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 226.835960] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 226.843431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 227.125607] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 227.132998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:55:21 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) r0 = socket$kcm(0x2, 0x3, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) setsockopt$sock_attach_bpf(r0, 0x1, 0x25, &(0x7f0000000140)=r1, 0x4) sendmsg(r0, &(0x7f0000001b80)={&(0x7f00000001c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x80, &(0x7f0000001580), 0x0, &(0x7f0000001600)}, 0x0) recvmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x8000a0, &(0x7f0000000040), 0x8, &(0x7f0000000500)=""/4096, 0x1000}, 0x2000) [ 228.338458] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 228.346712] team0: Port device team_slave_0 added [ 228.669257] IPVS: ftp: loaded support on port[0] = 21 [ 228.850292] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 228.858440] team0: Port device team_slave_1 added [ 229.286640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 229.294022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.303045] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.708687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 229.715976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.725211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.084469] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 230.092156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.100997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.531450] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 230.539220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.548418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.434078] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.117913] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 234.759314] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.765815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.773813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:55:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x11, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) [ 235.050623] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.057166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.064217] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.070678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.079009] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 04:55:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x11, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) [ 235.703069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 04:55:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x11, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) [ 235.781683] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.788360] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.796875] device bridge_slave_0 entered promiscuous mode 04:55:30 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x11, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) [ 236.294797] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.301256] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.309704] device bridge_slave_1 entered promiscuous mode [ 236.473861] 8021q: adding VLAN 0 to HW filter on device team0 04:55:30 executing program 0: socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x11, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) [ 236.744198] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 04:55:31 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x0, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) [ 237.103336] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:55:31 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x0, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) 04:55:31 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x0, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) [ 238.475050] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 238.837691] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 239.146733] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 239.153942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.523503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 239.530535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.439452] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 240.447773] team0: Port device team_slave_0 added [ 240.595825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.696361] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 240.704607] team0: Port device team_slave_1 added [ 240.953770] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 240.960874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.969923] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 241.283608] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 241.290722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 241.299543] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 241.571111] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 241.578815] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.587694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.650359] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.838499] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 241.849004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.859395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 242.789719] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 242.796296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.804311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.026019] 8021q: adding VLAN 0 to HW filter on device team0 04:55:38 executing program 1: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) syz_open_dev$evdev(&(0x7f00000009c0)='/dev/input/event#\x00', 0x81, 0x2001) splice(0xffffffffffffffff, &(0x7f0000000080), 0xffffffffffffffff, &(0x7f00000000c0), 0x1, 0x0) r0 = inotify_init1(0x0) syz_open_dev$loop(&(0x7f0000002a80)='/dev/loop#\x00', 0x0, 0x20000) sched_setaffinity(0x0, 0xfffffffffffffcbf, &(0x7f00000000c0)=0x8000009) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='sit0\x00', 0x10) socket$nl_generic(0x10, 0x3, 0x10) setxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='security.ima\x00', &(0x7f0000000200)=@sha1={0x1, "117dc13ff3842e1bf4e7fe1ae548209ddd7d9b53"}, 0x15, 0x3) sendto$inet(r1, &(0x7f0000000100), 0x0, 0x404c0c0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r1, &(0x7f0000000080), 0xfe7a, 0x0, &(0x7f00000001c0)={0x2, 0x0, @rand_addr}, 0x10) stat(&(0x7f0000002c40)='./file0\x00', &(0x7f0000002c80)) fcntl$setstatus(r0, 0x4, 0x40000) fcntl$getown(0xffffffffffffffff, 0x9) syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000140)={0x0, 'veth1\x00'}, 0x18) gettid() [ 244.844597] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.851096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.858704] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.865339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.874234] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 244.880844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 247.593702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.272604] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 248.968434] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 248.975401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 248.983410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:55:43 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000240)={@link_local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=0x8060000, @broadcast}, @udp={0x0, 0x0, 0x28}}}}}, &(0x7f0000000380)) [ 249.699516] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.203486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 252.742377] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 04:55:47 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000080)) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000480)={"73797a6b616c6c65723000000500"}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000300)="6c6f00966fd651b959a9c84a2c00d2970403dc0d") write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000900)=ANY=[], 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280), 0xfffffffffffffd4b) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000680)="6c6f00966f380f64a1e3d75d627d1fa159ad34909d60d298000000202759175d1563ca52dd984f43891be784e2058077d27c448d4b144278cb7548c2ee63bf3c3e591afc1f394f4281891836c571406eb4b673b00000fc0000080000daefec45ecd549b29bfe8d903f00e9e47e673ac1b2616a96bba7e2c0dcf95108eb167f5411d30d37e62266cf8eab640f747082aed2158e2b63f6bfe1343ea62da563ded7abea1ff873329c5646d518fe0e8f20010000792efc2a82a5a17035c87bf7efabe899eb77238a741c80fcb095a2a7d72c595d45388358f546dc882df5b0b55edb1ab6aa14e2b90d685e4a2dd1ba556e04276c1be06fdbc891251cb5bfb690b4c27f5d2fb3e7c92794cf496fdf0495b506841f483edac504209488eb27d43b367fd9992d1b7c478dd4b925aa51a04b100393e1cce76d8027f0a5ed280da80f26b1f3ff300c82255f928b44b9d9e7f2e4c16923dc8741b9c70d92fa1111b51f039ddd1b6adfac67e3a053d38ae16e97eaf5a0270be9a0f12066aa6ecfb569b664bc920bd5381608b35f3aa4210a79c4260a574d4da8c40b9f016ff4ab26b6170250c3214ea18622d704f1c021edffee24c8398c4230d16444e0495088a2f2599a662424f18196f750acca803a21b49423cb5e9f2703e393b982bfcfc4e3f7034f68f272ca8f66bb2f9f2aaf1a20a5a03f254da58698fa342731c70c3ccc40e88aac2edee4c7f59c6ba43021e91424b3056db56ded0c7493d8a3802759b905bb747cbebc7a0af3f570f89f7e1bd00b1c51") perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800"}) gettid() perf_event_open(&(0x7f0000000380)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x28, &(0x7f0000000140)}, 0x5) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000640)='cgroup.type\x00', 0x2, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000004c0), 0xc) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000580)) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f00000000c0)) [ 253.246348] device lo entered promiscuous mode [ 253.261025] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 253.267678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 253.275743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 253.634617] 8021q: adding VLAN 0 to HW filter on device team0 04:55:49 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) r0 = socket$kcm(0x2, 0x3, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1}]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x299, &(0x7f00001a7f05)=""/251}, 0x18) setsockopt$sock_attach_bpf(r0, 0x1, 0x25, &(0x7f0000000140)=r1, 0x4) sendmsg(r0, &(0x7f0000001b80)={&(0x7f00000001c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x80, &(0x7f0000001580), 0x0, &(0x7f0000001600)}, 0x0) recvmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x8000a0, &(0x7f0000000040), 0x8, &(0x7f0000000500)=""/4096, 0x1000}, 0x2000) 04:55:49 executing program 5: syz_open_procfs(0x0, &(0x7f0000000280)='net/ip_tables_matches\x00') 04:55:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x11, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) 04:55:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getgid() getgroups(0x0, &(0x7f0000000380)) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000600), &(0x7f0000000640)=0xc) fstat(0xffffffffffffffff, &(0x7f0000000680)) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f00000007c0)={{0x2, 0x0, @multicast2}, {0x0, @local}, 0x0, {0x2, 0x0, @multicast1}, 'bond_slave_1\x00'}) vmsplice(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@text32={0x20, &(0x7f00000000c0)="66ba430066ed0f0866baf80cb8a4d77485ef66bafc0cb800000100ef66b857008ed8c4c1b56de70f71e3000f01cb66baf80cb890f27f87ef66bafc0cb800800000efc7442400ce400a98c744240208000000c7442406000000000f011c24c4c279248801000000"}], 0xaaaaaaaaaaaacb6, 0x0, &(0x7f0000000180), 0x11fb) 04:55:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000240)={@link_local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x0, 0x0, @empty=0x8060000, @broadcast}, @udp={0x0, 0x0, 0x28}}}}}, &(0x7f0000000380)) 04:55:49 executing program 3: openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x8, 0x0) getxattr(&(0x7f0000000700)='./file0\x00', &(0x7f0000000340)=@known='security.capability\x00', &(0x7f0000000380)=""/88, 0x58) mkdir(&(0x7f00000009c0)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", 0x0) pipe2(&(0x7f0000004180), 0x800) sendto$inet6(0xffffffffffffffff, &(0x7f00000041c0)="622e059cb963e5ae35e6a41eeb0bac03d762529f4b842718daa73732d5a9b2065666a04c5f08158a59c266067a5d0747a5ee04c9fc58499d1dc56c56c489afaf6d10a1ed190cccadad35168ccc2586f678969856d855ab4bc3ea88f14c1c9fa12bad480c5e52aa4d410862f79982a0d845", 0x71, 0x0, &(0x7f0000004240)={0xa, 0x4e23, 0x9, @mcast1}, 0x1c) mount(&(0x7f0000000a80), &(0x7f0000000a40)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000580)) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[]}}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000640)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(0xffffffffffffffff, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) umount2(&(0x7f00000004c0)='./file0\x00', 0x3) stat(&(0x7f0000000480)='./file0\x00', &(0x7f00000005c0)) socket$inet(0x2, 0x3, 0x5) recvmmsg(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000500)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000840)=""/223, 0xdf}, {&(0x7f0000002000)=""/4096, 0x1000}, {&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f0000000940)=""/100, 0x64}, {&(0x7f0000000580)=""/44, 0x2c}, {&(0x7f0000000a80)=""/244, 0xf4}], 0x6, 0x0, 0x0, 0xfffffffffffffffd}}], 0x1, 0x10000, &(0x7f0000004000)={0x0, 0x989680}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000004140)={&(0x7f0000000440), 0xc, &(0x7f0000004100)={&(0x7f0000004040)=@ipv6_newaddr={0x68, 0x14, 0x0, 0x70bd25, 0x25dfdbfb, {0xa, 0x0, 0x90, 0xff, r2}, [@IFA_CACHEINFO={0x14, 0x6, {0x0, 0x0, 0x1, 0x4}}, @IFA_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, [], 0x1b}}, @IFA_ADDRESS={0x14}, @IFA_CACHEINFO={0x14, 0x6, {0x1, 0x2, 0x5, 0x80000001}}]}, 0x68}}, 0x4000000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={&(0x7f0000000240), 0xc, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) [ 255.644976] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 255.787682] device lo left promiscuous mode 04:55:49 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x138, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, &(0x7f0000000240), &(0x7f00000003c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{{{0x3, 0x0, 0x0, 'ifb0\x00', 'dummy0\x00', 'ip_vti0\x00', 'ip6tnl0\x00', @remote, [], @link_local, [], 0x25, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev}}}}]}]}, 0x1b0) [ 255.809113] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 255.815914] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 255.932816] ================================================================== [ 255.940325] BUG: KMSAN: uninit-value in vmx_vcpu_load+0x10d5/0x1cf0 [ 255.946756] CPU: 1 PID: 7479 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #63 [ 255.953956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.963320] Call Trace: [ 255.965937] dump_stack+0x306/0x460 [ 255.969591] ? vmx_vcpu_load+0x10d5/0x1cf0 [ 255.973876] kmsan_report+0x1a3/0x2d0 [ 255.977722] __msan_warning+0x7c/0xe0 [ 255.981560] vmx_vcpu_load+0x10d5/0x1cf0 [ 255.985684] ? vmx_prepare_switch_to_guest+0x1720/0x1720 [ 255.991161] kvm_arch_vcpu_load+0x3c8/0xff0 [ 255.995531] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 255.998368] kernel msg: ebtables bug: please report to author: entry offsets not in right order [ 256.001024] vcpu_load+0x5f/0x70 [ 256.001061] kvm_arch_vcpu_ioctl_set_sregs+0x50/0xd0 [ 256.001097] kvm_vcpu_ioctl+0x19ac/0x20b0 [ 256.001146] ? do_vfs_ioctl+0x18a/0x2810 [ 256.001189] ? __se_sys_ioctl+0x1da/0x270 [ 256.030908] ? kvm_vm_release+0x90/0x90 [ 256.034913] do_vfs_ioctl+0xcf3/0x2810 [ 256.038850] ? security_file_ioctl+0x92/0x200 [ 256.043385] __se_sys_ioctl+0x1da/0x270 [ 256.047405] __x64_sys_ioctl+0x4a/0x70 [ 256.051323] do_syscall_64+0xbe/0x100 [ 256.055154] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 256.060366] RIP: 0033:0x4573e7 [ 256.063591] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 256.082511] RSP: 002b:00007f071811f098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.090245] RAX: ffffffffffffffda RBX: 0000000020fe8000 RCX: 00000000004573e7 [ 256.097532] RDX: 00007f071811f6f0 RSI: 000000004138ae84 RDI: 0000000000000006 [ 256.104818] RBP: 0000000020fe8800 R08: 0000000000000038 R09: 0000000000000038 [ 256.112101] R10: 0000000000000038 R11: 0000000000000246 R12: 0000000000000038 [ 256.119390] R13: 0000000000000030 R14: 00000000004d7cf8 R15: 00000000ffffffff [ 256.126697] [ 256.128344] Local variable description: ----error.i@vmx_vcpu_load [ 256.134584] Variable was created at: [ 256.138317] vmx_vcpu_load+0x1a0/0x1cf0 [ 256.142320] kvm_arch_vcpu_load+0x3c8/0xff0 [ 256.146653] ================================================================== [ 256.154019] Disabling lock debugging due to kernel taint [ 256.159482] Kernel panic - not syncing: panic_on_warn set ... [ 256.159482] [ 256.166875] CPU: 1 PID: 7479 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #63 [ 256.175465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.184833] Call Trace: [ 256.187455] dump_stack+0x306/0x460 [ 256.191129] panic+0x54c/0xafa [ 256.194395] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 256.199885] kmsan_report+0x2cd/0x2d0 [ 256.203728] __msan_warning+0x7c/0xe0 [ 256.207560] vmx_vcpu_load+0x10d5/0x1cf0 [ 256.211687] ? vmx_prepare_switch_to_guest+0x1720/0x1720 [ 256.217164] kvm_arch_vcpu_load+0x3c8/0xff0 [ 256.221523] ? __msan_metadata_ptr_for_store_8+0x13/0x20 [ 256.227030] vcpu_load+0x5f/0x70 04:55:50 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x138, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, &(0x7f0000000240), &(0x7f00000003c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x2, [{{{0x3, 0x0, 0x0, 'ifb0\x00', 'dummy0\x00', 'ip_vti0\x00', 'ip6tnl0\x00', @remote, [], @link_local, [], 0x25, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@dev}}}}]}]}, 0x1b0) 04:55:50 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) socket$inet6(0xa, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='stat\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) exit(0x0) sendfile(r2, r1, &(0x7f0000000100), 0x2007ff) 04:55:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x11, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, [@FRA_FLOW={0x8, 0xb, 0x6}, @FRA_DST={0x8, 0x1, @broadcast}]}, 0x30}}, 0x0) [ 256.230434] kvm_arch_vcpu_ioctl_set_sregs+0x50/0xd0 [ 256.235579] kvm_vcpu_ioctl+0x19ac/0x20b0 [ 256.239782] ? do_vfs_ioctl+0x18a/0x2810 [ 256.243875] ? __se_sys_ioctl+0x1da/0x270 [ 256.248022] ? kvm_vm_release+0x90/0x90 [ 256.252010] do_vfs_ioctl+0xcf3/0x2810 [ 256.255946] ? security_file_ioctl+0x92/0x200 [ 256.260484] __se_sys_ioctl+0x1da/0x270 [ 256.264497] __x64_sys_ioctl+0x4a/0x70 [ 256.268406] do_syscall_64+0xbe/0x100 [ 256.272244] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 256.277460] RIP: 0033:0x4573e7 [ 256.280683] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 256.299609] RSP: 002b:00007f071811f098 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.307359] RAX: ffffffffffffffda RBX: 0000000020fe8000 RCX: 00000000004573e7 [ 256.314659] RDX: 00007f071811f6f0 RSI: 000000004138ae84 RDI: 0000000000000006 [ 256.321947] RBP: 0000000020fe8800 R08: 0000000000000038 R09: 0000000000000038 [ 256.329237] R10: 0000000000000038 R11: 0000000000000246 R12: 0000000000000038 [ 256.336523] R13: 0000000000000030 R14: 00000000004d7cf8 R15: 00000000ffffffff [ 256.344825] Kernel Offset: disabled [ 256.348479] Rebooting in 86400 seconds..