[   56.446897] audit: type=1800 audit(1538979661.482:27): pid=6069 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   58.162384] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   61.553219] random: sshd: uninitialized urandom read (32 bytes read)
[   62.006271] random: sshd: uninitialized urandom read (32 bytes read)
[   63.816932] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts.
[   69.611184] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/08 06:21:16 fuzzer started
[   74.253109] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/08 06:21:21 dialing manager at 10.128.0.26:36867
2018/10/08 06:21:21 syscalls: 1
2018/10/08 06:21:21 code coverage: enabled
2018/10/08 06:21:21 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/08 06:21:21 setuid sandbox: enabled
2018/10/08 06:21:21 namespace sandbox: enabled
2018/10/08 06:21:21 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/08 06:21:21 fault injection: enabled
2018/10/08 06:21:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/08 06:21:21 net packed injection: enabled
2018/10/08 06:21:21 net device setup: enabled
[   80.015285] random: crng init done
06:23:19 executing program 0:

[  195.651461] IPVS: ftp: loaded support on port[0] = 21
[  198.142235] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.148803] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.157439] device bridge_slave_0 entered promiscuous mode
[  198.318006] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.324571] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.333145] device bridge_slave_1 entered promiscuous mode
[  198.470972] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  198.612227] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  199.046815] bond0: Enslaving bond_slave_0 as an active interface with an up link
06:23:24 executing program 1:
r0 = syz_open_dev$sndtimer(&(0x7f0000000440)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000001c0)={{0x0, 0x3}})

[  199.223425] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  199.793166] IPVS: ftp: loaded support on port[0] = 21
[  199.804118] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  199.811263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  200.466604] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  200.474785] team0: Port device team_slave_0 added
[  200.624413] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  200.632882] team0: Port device team_slave_1 added
[  200.813418] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  200.820461] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  200.829462] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  200.994843] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  201.002006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  201.010854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  201.248028] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  201.256027] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  201.265242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  201.426643] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  201.434430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  201.443803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  203.666972] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.673569] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.682276] device bridge_slave_0 entered promiscuous mode
[  203.889918] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.896495] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.903525] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.909974] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.919013] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  203.974238] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.980750] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.989425] device bridge_slave_1 entered promiscuous mode
[  204.185116] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  204.383743] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  204.652569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
06:23:29 executing program 2:
r0 = socket$inet6(0xa, 0x80003, 0x800200000000006)
ioctl(r0, 0x8912, &(0x7f0000000380)="153f6234488dd25d746070")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r2 = accept$alg(r1, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmmsg(r2, &(0x7f0000004740)=[{{&(0x7f00000007c0)=@pptp={0x18, 0x2, {0x0, @rand_addr}}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000840)=""/82, 0xf7c0}, {&(0x7f0000000940)=""/191, 0x89}, {&(0x7f0000000a00)=""/164, 0x5fffe6af}, {&(0x7f0000000b40)=""/166, 0xa6}, {&(0x7f0000000c00)=""/197, 0xc5}], 0x5, &(0x7f0000000ec0)=""/210, 0xd2}}], 0x1e000, 0x0, &(0x7f0000004840))

[  205.176568] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  205.495189] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  205.807198] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  205.814412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  205.948732] IPVS: ftp: loaded support on port[0] = 21
[  206.078516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  206.085754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  206.868214] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  206.876485] team0: Port device team_slave_0 added
[  207.168160] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  207.176366] team0: Port device team_slave_1 added
[  207.462982] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  207.470049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  207.479211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.819778] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  207.827039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.836042] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  208.147401] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  208.155150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  208.164210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  208.466463] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  208.474350] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  208.483413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  210.757416] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.764066] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.772686] device bridge_slave_0 entered promiscuous mode
[  211.074905] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.081387] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.090034] device bridge_slave_1 entered promiscuous mode
[  211.339109] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  211.706555] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  211.729192] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.735766] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.742832] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.749380] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.758195] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  212.451026] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  212.572302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  212.783254] bond0: Enslaving bond_slave_1 as an active interface with an up link
06:23:38 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-simd\x00'}, 0x58)
r1 = accept4(r0, 0x0, &(0x7f00000000c0), 0x0)
sendmsg$rds(r1, &(0x7f0000001f00)={&(0x7f00000003c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000500)=""/73, 0xf}, {&(0x7f0000000580)=""/11, 0xb}, {&(0x7f00000005c0)=""/30, 0x200005de}, {&(0x7f0000000600)=""/127, 0x7f}, {&(0x7f0000000680)=""/23, 0x17}], 0x5, &(0x7f0000001bc0)}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  213.028994] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  213.036324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  213.433795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  213.440882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  214.168448] IPVS: ftp: loaded support on port[0] = 21
[  214.498655] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  214.506846] team0: Port device team_slave_0 added
[  214.872188] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  214.880068] team0: Port device team_slave_1 added
[  215.274985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  215.282152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  215.290830] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  215.570358] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  215.577539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  215.586490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  215.915142] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  215.922881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  215.932044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  216.251091] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  216.258844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  216.268101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  216.735122] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.100530] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  219.261192] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  219.267681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  219.275825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  219.593874] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.600351] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.609100] device bridge_slave_0 entered promiscuous mode
[  219.992103] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.998612] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.007252] device bridge_slave_1 entered promiscuous mode
[  220.333006] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.339494] bridge0: port 2(bridge_slave_1) entered forwarding state
[  220.346555] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.353105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  220.362190] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  220.453857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  220.518542] 8021q: adding VLAN 0 to HW filter on device team0
[  220.794156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  220.862661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  221.748373] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  222.135234] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  222.465120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  222.472517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  222.903370] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  222.910566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
06:23:48 executing program 4:
r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308", 0xba, 0xfffffffffffffffe)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xffffffffffffffff)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x80000, 0x0)
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
clone(0x0, &(0x7f00000001c0), &(0x7f0000000340), &(0x7f0000000280), &(0x7f00000002c0))
add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz'}, &(0x7f0000000180), 0x0, 0x0)
add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x9a, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={0x0, r0}, &(0x7f00000009c0)=""/240, 0x4a3, 0x0)

[  224.032189] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  224.040212] team0: Port device team_slave_0 added
[  224.476277] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  224.484671] team0: Port device team_slave_1 added
[  224.882082] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  224.889135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  224.898135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  225.337866] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  225.345205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  225.353958] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  225.415136] IPVS: ftp: loaded support on port[0] = 21
[  225.744106] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  225.751882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  225.760962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  226.156997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  226.164942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  226.174288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  227.017066] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.587958] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
06:23:55 executing program 0:
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000010207031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[  230.309287] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  230.315936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  230.323868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
06:23:55 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt(r0, 0x8000000000000001, 0x9, &(0x7f00000000c0)="890528e4", 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f000063a000)=0x7fff, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x34, 0x0, {"e6c29593c967971d6658374cf7a599fed95d16054e825ca0646574"}}, {0x0, "81c01fcdd179a3617dda47f91030928e2fbf6eac3dcd5a15abb5d96b4a5e1fc9a76bb7f62e68590f5b532154421d2a2512922cb1e337eac276b0c9c909fff455f674f896be23244a86602807b26b95fb27a3dc3bc0bf26a558703f3a3a4cf98c779cd85a14c445a0d78847cc9d0c14a341591e430d3b4b95ffa1cda3f67bd50a899c1f12832cdd73ac0d0f9b03a69ef17f23577e0c0e205ad008b23fb50c8c5b708772e579022bb1e3c99cfb218185e283730ab11b6904d13c52a65d610dfdd8c3641e796110876c209c7cfdb800ac8bef901046721b0a8fd3ffa60ed2691a06cf6f18b69009341e9b0f"}}, &(0x7f0000000240)=""/255, 0x120, 0xff, 0x1}, 0x20)
bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
listen(r1, 0x0)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
madvise(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x10)

[  231.009516] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.016102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.023151] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.029620] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.038303] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  231.082981] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  231.371908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
06:23:56 executing program 0:
add_key(&(0x7f0000000740)="93431747bf70a52ba6e52dda17012d3eae80741e9c0e37e8562ddd5c611ce0c7f7dc1a920641c128d61e051472128747966f1160fd7053e4ede708f600dc93bd27fefc5295fd26701e226b01218d8bc44e0fbe2e7645d3a8ed842d62e22b7ed62d454fa2c95e7e342700c07b452677b1a419dee1b7d73a4fe417fd9894219cac651c796460dbd7471db958635a34ae13d799ef67d952a017e10ac23a34216fa4302ccdbbc4d07514e03296edfe97c1f1e38562c7ff860ff5ebb7", &(0x7f0000000180)={'syz'}, &(0x7f0000000500), 0x0, 0xfffffffffffffffb)
add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000140)="03", 0x1, 0x0)
ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, "db835aba4e0c698b497aeb019987e4b2efa4fa470876400af718e3edd01414a92ae74a565f16c3a21684ebdbfcb00b689785f4ad442b5a7f510f6a206455054f3e538c4cce109262bf4b4fb9f4005beee51248bd20463640a668c3d2800df6b6323684350497b63030efc846c8e76c56fd02e81f518e3ca39fabf5c94e780d3d3234893c85a7"})
lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x0)
r0 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000002c0)="71b16869c2d36a25370ded8a6cfb5391f0fdcabc48bb453972fd0a660f789d43b6d758d398213af479c2f2d21ce6f18f8e4e55bd4eedf5a9e29e5832c72a0000000000000000000000000000", 0x8c, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r0, r0}, &(0x7f00000006c0)=""/83, 0x53, &(0x7f0000000240)={&(0x7f00000000c0)={'crc32\x00'}, &(0x7f00000001c0)})

[  232.057610] 8021q: adding VLAN 0 to HW filter on device team0
06:23:57 executing program 0:
add_key(&(0x7f0000000740)="93431747bf70a52ba6e52dda17012d3eae80741e9c0e37e8562ddd5c611ce0c7f7dc1a920641c128d61e051472128747966f1160fd7053e4ede708f600dc93bd27fefc5295fd26701e226b01218d8bc44e0fbe2e7645d3a8ed842d62e22b7ed62d454fa2c95e7e342700c07b452677b1a419dee1b7d73a4fe417fd9894219cac651c796460dbd7471db958635a34ae13d799ef67d952a017e10ac23a34216fa4302ccdbbc4d07514e03296edfe97c1f1e38562c7ff860ff5ebb7", &(0x7f0000000180)={'syz'}, &(0x7f0000000500), 0x0, 0xfffffffffffffffb)
add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000140)="03", 0x1, 0x0)
ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, "db835aba4e0c698b497aeb019987e4b2efa4fa470876400af718e3edd01414a92ae74a565f16c3a21684ebdbfcb00b689785f4ad442b5a7f510f6a206455054f3e538c4cce109262bf4b4fb9f4005beee51248bd20463640a668c3d2800df6b6323684350497b63030efc846c8e76c56fd02e81f518e3ca39fabf5c94e780d3d3234893c85a7"})
lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x0)
r0 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000002c0)="71b16869c2d36a25370ded8a6cfb5391f0fdcabc48bb453972fd0a660f789d43b6d758d398213af479c2f2d21ce6f18f8e4e55bd4eedf5a9e29e5832c72a0000000000000000000000000000", 0x8c, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r0, r0}, &(0x7f00000006c0)=""/83, 0x53, &(0x7f0000000240)={&(0x7f00000000c0)={'crc32\x00'}, &(0x7f00000001c0)})

[  232.357648] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.364408] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.373024] device bridge_slave_0 entered promiscuous mode
06:23:57 executing program 0:
r0 = socket$inet(0x10, 0x2, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="24000000070a07041dfffd946fa2830020200a0009000100001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0)

[  232.868100] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.875067] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.883526] device bridge_slave_1 entered promiscuous mode
06:23:58 executing program 0:
ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000140)={'bond_slave_0\x00', {0x2, 0x4e21}})
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180))
r1 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e59073487cf36ad576e32926b04894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa22a505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd687928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c", 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', &(0x7f00000001c0), &(0x7f00000001c0), 0x0)
ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000040))
creat(&(0x7f0000000700)='./bus\x00', 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f00000003c0)={0x53, 0xffffffffffffffff, 0x0, 0x9, @buffer={0x0, 0xaa, &(0x7f0000000200)=""/170}, &(0x7f0000000040), &(0x7f00000002c0)=""/239, 0x6, 0x10, 0x0, &(0x7f00000000c0)})
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6b}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = socket$inet6(0xa, 0x8000b, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff}, 0x20)
setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x88d9, @loopback}, 0x1c)
times(&(0x7f0000000540))
ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000440)={'syzkaller1\x00', {0x2, 0x4e21, @rand_addr=0x1}})

[  233.364866] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
06:23:58 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={<r2=>0x0}, &(0x7f00000001c0)=0xc)
r3 = getpid()
r4 = syz_open_dev$dspn(&(0x7f0000000280)='/dev/dsp#\x00', 0x6, 0x6200)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r1, &(0x7f00000002c0)={r4, r1, 0x101})
bind$alg(r1, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'rmd128\x00'}, 0x58)
r5 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x1c000000000000, 0x1)
write$eventfd(r5, &(0x7f0000000080)=0x3, 0x8)
r6 = dup3(r0, r1, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f0000000100)={0x40000, 0x0, [0x4, 0x100000000, 0x0, 0x619, 0x9, 0x7, 0x8, 0x1000]})
accept4$vsock_stream(r6, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10, 0x0)

[  233.904677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
06:23:59 executing program 0:
r0 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x3f, 0x101081)
clock_getres(0xdfeffffffffffff3, &(0x7f0000000140))
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x200000, 0x0)
ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f00000000c0)='syz0\x00')
ioctl$TCSETA(r1, 0x5406, &(0x7f0000000040)={0x6, 0x101, 0x1d21, 0x1, 0x5, 0x59e8, 0x80000001, 0x80000, 0x2, 0x1})

[  235.104115] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  235.483041] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  235.827591] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  235.834759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  236.187417] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  236.194652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  237.118913] 8021q: adding VLAN 0 to HW filter on device bond0
[  237.270613] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  237.278804] team0: Port device team_slave_0 added
[  237.595951] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  237.604230] team0: Port device team_slave_1 added
[  237.900177] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  237.907342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  237.916126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  238.108508] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  238.115645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  238.124358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  238.308539] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  238.316278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  238.325228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  238.356931] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  238.558367] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  238.566039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  238.574966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  239.604525] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  239.610933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  239.618928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
06:24:05 executing program 1:

[  240.754413] 8021q: adding VLAN 0 to HW filter on device team0
[  241.753945] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.760441] bridge0: port 2(bridge_slave_1) entered forwarding state
[  241.767546] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.774086] bridge0: port 1(bridge_slave_0) entered forwarding state
[  241.782873] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  241.789900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  243.142552] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.881796] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  244.533099] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  244.540422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  244.548371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  245.393672] 8021q: adding VLAN 0 to HW filter on device team0
06:24:11 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x80000000000000a}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
sendmmsg(r1, &(0x7f0000005fc0)=[{{&(0x7f0000005680)=@sco, 0x80, &(0x7f0000005b00), 0x7}}, {{&(0x7f0000005b80)=@l2, 0x80, &(0x7f0000005c40), 0x1f4, &(0x7f0000005c80), 0x3a00}}], 0x3e8, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8)
ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")

06:24:14 executing program 3:
syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x0, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000600)=""/246)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$EVIOCGREP(r0, 0x40047451, &(0x7f0000000000)=""/174)

[  249.447350] 8021q: adding VLAN 0 to HW filter on device bond0
[  249.831320] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  250.104369] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  250.110588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  250.118533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  250.390506] 8021q: adding VLAN 0 to HW filter on device team0
[  252.182391] hrtimer: interrupt took 51151 ns
06:24:17 executing program 4:
r0 = socket(0x40000000015, 0x805, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt(r0, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x7ffff000)

06:24:17 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
getsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000040), &(0x7f0000000000)=0x4)
fsync(r0)
r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x2, 0x24001)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x7f, @ipv4, 0x1}, @in={0x2, 0x4e22}], 0x2c)

06:24:17 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='task\x00')
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getdents64(r0, &(0x7f0000000340)=""/57, 0x39)

06:24:17 executing program 5:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x200000, 0x0)
write$P9_RLOPEN(r0, &(0x7f0000000040)={0x18, 0xd, 0x1, {{0x2, 0x4, 0x4}, 0x5ce}}, 0x18)
splice(r0, &(0x7f0000000080), r0, &(0x7f00000000c0), 0x8, 0x4)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000100)={'ip6gre0\x00', {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1e}}})
setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f0000000140)={0x0, {{0x2, 0x4e23}}, {{0x2, 0x4e22, @rand_addr=0x200}}}, 0x108)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x6}})
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e23, @local}, 0x10)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000300)={'icmp\x00'}, &(0x7f0000000340)=0x1e)
setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000380)={0x0, @remote, 0x4e20, 0x1, 'lc\x00', 0x2, 0x9, 0x23}, 0x2c)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f00000003c0)={0x0, <r1=>0x0, 0xfffffffffffffff7})
ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40086409, &(0x7f0000000400)={r1})
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000440)={0x2, 0x4e20, @broadcast}, 0x10)
r2 = getegid()
r3 = getegid()
getresgid(&(0x7f0000000480), &(0x7f00000004c0)=<r4=>0x0, &(0x7f0000000500))
setresgid(r2, r3, r4)
recvfrom$inet(r0, &(0x7f0000000540)=""/4096, 0x1000, 0x40000000, &(0x7f0000001540)={0x2, 0x4e22, @remote}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000001580)={0xfffffffffffffffa, 0x5, 0xe95d})
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000001680)={{{@in6=@dev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@broadcast}, 0x0, @in=@remote}}, &(0x7f0000001780)=0xe8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000017c0)={'veth0_to_bond\x00', r5})
setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000001800)={0x3, 0x1, 0x5, 0x0, 0x8}, 0xc)
ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000001840)=0xe77)
fallocate(r0, 0x0, 0x4, 0x80000001)
ioctl$SCSI_IOCTL_TEST_UNIT_READY(r0, 0x2)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001880)={<r6=>0x0}, &(0x7f00000018c0)=0xc)
write$cgroup_pid(r0, &(0x7f0000001900)=r6, 0x12)
r7 = syz_open_dev$dspn(&(0x7f0000001940)='/dev/dsp#\x00', 0x7, 0x12201)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f00000019c0)='IPVS\x00')
sendmsg$IPVS_CMD_GET_DEST(r7, &(0x7f0000001ac0)={&(0x7f0000001980)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001a80)={&(0x7f0000001a00)={0x70, r8, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x5c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7f}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x44}, 0x1)

06:24:17 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x80000000000000a}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
sendmmsg(r1, &(0x7f0000005fc0)=[{{&(0x7f0000005680)=@sco, 0x80, &(0x7f0000005b00), 0x7}}, {{&(0x7f0000005b80)=@l2, 0x80, &(0x7f0000005c40), 0x1f4, &(0x7f0000005c80), 0x3a00}}], 0x3e8, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8)
ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")

06:24:17 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e20}, 0x1c)
socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x6)
listen(r0, 0x20000003)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @ipv4}, 0x1c)
r2 = accept4(r0, &(0x7f0000000100)=@nl=@proc, &(0x7f0000000000)=0x80, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000003c0)='veth1_to_team\x00', 0x10)

06:24:17 executing program 0:
accept(0xffffffffffffffff, &(0x7f0000000200)=@in={0x2, 0x0, @rand_addr}, &(0x7f0000000280)=0x80)
clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff)
request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb), &(0x7f0000001fee)="520972697374e363757367725669643a4465", 0x0)

06:24:17 executing program 1:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x8d4, 0x10}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x6, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x48, 0x1, 0x10}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14)

06:24:17 executing program 3:
socket$vsock_dgram(0x28, 0x2, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082)
r1 = memfd_create(&(0x7f00000002c0)="000000008c00000000000000000000", 0x0)
pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, &(0x7f00000ddff8)=0x1c00, 0x102000000)

06:24:18 executing program 0:
clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff)
request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb), &(0x7f0000001fee)="520972697374e363757367725669643a4465", 0x0)

06:24:18 executing program 4:
write$P9_RWALK(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="7e00cae8c225000900010000000000000000000000004002000000050000000000000001030000000800000000000000300000000006000000000000002004000000040000000000000098010000000700000000000000410100000001000000000000000802000000000000000000000012"], 0x72)
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, &(0x7f00000003c0), 0x80000000, &(0x7f0000000340))
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x1b)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x1f, r0, 0x0, 0x0)

06:24:18 executing program 0:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x0, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000600)=""/246)
ioctl$EVIOCGREP(r0, 0x40047451, &(0x7f0000000000)=""/174)

06:24:18 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000))
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
clone(0x820002102013fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff)
read(r1, &(0x7f00000001c0)=""/105, 0x69)
ioctl$KVM_SET_NR_MMU_PAGES(r1, 0x9208, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000))
tkill(r0, 0x15)

06:24:18 executing program 4:

06:24:18 executing program 3:
socket$vsock_dgram(0x28, 0x2, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082)
r1 = memfd_create(&(0x7f00000002c0)="000000008c00000000000000000000", 0x0)
pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, &(0x7f00000ddff8)=0x1c00, 0x102000000)

[  254.097329] IPVS: ftp: loaded support on port[0] = 21
[  255.557074] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.563610] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.571099] device bridge_slave_0 entered promiscuous mode
[  255.646562] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.653068] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.660479] device bridge_slave_1 entered promiscuous mode
[  255.734250] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  255.808024] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  256.028079] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  256.106369] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  256.249202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  256.256307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  256.479460] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  256.487112] team0: Port device team_slave_0 added
[  256.562016] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  256.569528] team0: Port device team_slave_1 added
[  256.645476] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  256.724159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  256.801340] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  256.808702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  256.817781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  256.887177] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  256.894459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  256.903516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  257.726796] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.733338] bridge0: port 2(bridge_slave_1) entered forwarding state
[  257.740072] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.746662] bridge0: port 1(bridge_slave_0) entered forwarding state
[  257.754612] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  258.241820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  260.765688] 8021q: adding VLAN 0 to HW filter on device bond0
[  261.039816] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  261.319502] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  261.325803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  261.333675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  261.613365] 8021q: adding VLAN 0 to HW filter on device team0
06:24:28 executing program 5:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4d}, 0xffffffffffffffe7)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x3, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x6c00000000000700}}, &(0x7f0000000000)="1d4e4cc000", 0x20000, 0xfb, &(0x7f00001a7f05)=""/251, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)

06:24:28 executing program 1:

06:24:28 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket(0x10, 0x802, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c00000031000103000000000000000000000000180001001400010000000c0001006373756d01000000000027f2ef5468e7bf741bcd3d1bd29dacbd964e2381385b58a39dfc0d2ca2f2f4e48dec884eee46b3029bde3dff4fd5c57c4999625aac02549f98c66923f33ddb154d6ec2dffc8847cb585e5e36fa74d9cda6841a5d7a802921f00ccb0214e1e4454c937ff2674cc2cfcd5ffa8673ef679def3d0a6121664134199f37b5266593fb3ab7eb85a939e51a42432c61b43f1e2de32cb871"], 0x1}}, 0x0)

06:24:28 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='cpuset\x00')
pread64(r0, &(0x7f0000000040)=""/12, 0xc, 0x0)

06:24:28 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040), 0x0)

06:24:28 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x80000000000000a}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
sendmmsg(r1, &(0x7f0000005fc0)=[{{&(0x7f0000005680)=@sco, 0x80, &(0x7f0000005b00), 0x7}}, {{&(0x7f0000005b80)=@l2, 0x80, &(0x7f0000005c40), 0x1f4, &(0x7f0000005c80), 0x3a00}}], 0x3e8, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8)
ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")

06:24:28 executing program 1:

06:24:28 executing program 0:

06:24:28 executing program 3:

06:24:29 executing program 4:

06:24:29 executing program 5:

06:24:29 executing program 0:

06:24:29 executing program 1:

06:24:29 executing program 4:

06:24:29 executing program 3:

06:24:29 executing program 5:

06:24:29 executing program 0:

06:24:30 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x80000000000000a}, 0x1c)
r1 = socket$l2tp(0x18, 0x1, 0x1)
connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
sendmmsg(r1, &(0x7f0000005fc0)=[{{&(0x7f0000005680)=@sco, 0x80, &(0x7f0000005b00), 0x7}}, {{&(0x7f0000005b80)=@l2, 0x80, &(0x7f0000005c40), 0x1f4, &(0x7f0000005c80), 0x3a00}}], 0x3e8, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8)
ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")

06:24:30 executing program 4:

06:24:30 executing program 1:

06:24:30 executing program 5:

06:24:30 executing program 3:

06:24:30 executing program 0:

06:24:30 executing program 4:

06:24:30 executing program 1:

06:24:30 executing program 5:

06:24:30 executing program 3:

06:24:30 executing program 0:

06:24:30 executing program 4:

06:24:31 executing program 2:

06:24:31 executing program 1:

06:24:31 executing program 5:

06:24:31 executing program 0:

06:24:31 executing program 3:

06:24:31 executing program 4:

06:24:31 executing program 1:

06:24:31 executing program 0:

06:24:31 executing program 3:

06:24:31 executing program 5:

06:24:31 executing program 2:

06:24:31 executing program 4:

06:24:31 executing program 1:

06:24:32 executing program 0:

06:24:32 executing program 4:

06:24:32 executing program 1:

06:24:32 executing program 2:

06:24:32 executing program 3:

06:24:32 executing program 5:

06:24:32 executing program 4:

06:24:32 executing program 0:

06:24:32 executing program 2:

06:24:32 executing program 1:

06:24:32 executing program 3:

06:24:32 executing program 4:

06:24:32 executing program 2:

06:24:32 executing program 1:

06:24:33 executing program 0:

06:24:33 executing program 5:

06:24:33 executing program 1:

06:24:33 executing program 3:

06:24:33 executing program 2:

06:24:33 executing program 0:

06:24:33 executing program 4:

06:24:33 executing program 5:

06:24:33 executing program 1:

06:24:33 executing program 0:

06:24:33 executing program 4:

06:24:33 executing program 2:

06:24:34 executing program 3:

06:24:34 executing program 1:

06:24:34 executing program 0:

06:24:34 executing program 5:

06:24:34 executing program 4:

06:24:34 executing program 2:

06:24:34 executing program 1:

06:24:34 executing program 3:

06:24:34 executing program 5:

06:24:34 executing program 0:

06:24:34 executing program 4:

06:24:34 executing program 2:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000000)="66b9800000c00f326635008000000f30660ffd4900bad004b8df00efb873000f00d866b8010000000f01d90f005ed46764cf6400fd2e0f01cb3e0f32", 0x3c}], 0x1, 0x0, &(0x7f0000000280), 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000008f00)={'tunl0\x00'})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0x1, 0x0, &(0x7f00000000c0), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

06:24:34 executing program 3:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x0, &(0x7f0000000280)="153f6234488d")
r1 = socket$inet6(0xa, 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000001780)}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000001c0))
setsockopt$inet_tcp_int(r2, 0x6, 0xc0000000000002, &(0x7f0000000140)=0x75, 0x4)
bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r2, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10)
recvmsg(r2, &(0x7f00000000c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000000)=[{&(0x7f0000003ac0)=""/4096, 0x395b}], 0x1, &(0x7f0000000200)=""/20, 0xfffffffffffffec4}, 0x100)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000500)='bbr\x00', 0x218)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000009c0)=@assoc_value, &(0x7f0000000a00)=0x8)

06:24:35 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000013000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000010000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0xe, 0xbe, &(0x7f0000000280)="6ff1a86487e1831e21547d59830b", &(0x7f0000000480)=""/190, 0x40001}, 0x28)

06:24:35 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000640)="0a0775b0d5e383e5b3b60ced5c54dbb7295df0df8217ad4000000000000000e6", 0x20)

[  270.022840] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
06:24:35 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000590fa8)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000640)="0a0775b0d5e383e5b3b60ced5c54dbb7295df0df8217ad4000000000000000e6", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_elf32(r1, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x58)
recvmmsg(r1, &(0x7f0000004b80)=[{{&(0x7f0000000680)=@ax25, 0x80, &(0x7f0000000bc0)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000c40)=""/112, 0x70}}], 0x1, 0x0, &(0x7f0000004dc0)={0x77359400})

06:24:35 executing program 4:
syz_open_dev$evdev(&(0x7f0000000180)='/dev/input/event#\x00', 0x0, 0x0)
unshare(0x400)
pselect6(0x1c, &(0x7f0000000300), &(0x7f0000000380), &(0x7f00000003c0)={0x8}, &(0x7f0000000400)={0x0, 0x989680}, &(0x7f0000000100)={&(0x7f0000000440), 0x8})

[  270.203204] ==================================================================
[  270.210637] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920
[  270.217242] CPU: 1 PID: 8090 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #63
[  270.224442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  270.233810] Call Trace:
[  270.236455]  dump_stack+0x306/0x460
[  270.240122]  ? _raw_spin_lock_irqsave+0x227/0x340
[  270.245023]  ? vmx_create_vcpu+0x10df/0x7920
[  270.249478]  kmsan_report+0x1a3/0x2d0
[  270.253323]  __msan_warning+0x7c/0xe0
[  270.257223]  vmx_create_vcpu+0x10df/0x7920
[  270.261512]  ? kmsan_set_origin_inline+0x6b/0x120
[  270.266403]  ? __msan_poison_alloca+0x17a/0x210
[  270.271120]  ? vmx_vm_init+0x340/0x340
[  270.275047]  kvm_arch_vcpu_create+0x25d/0x2f0
[  270.279587]  kvm_vm_ioctl+0x13fd/0x33d0
[  270.283603]  ? __msan_poison_alloca+0x17a/0x210
[  270.288348]  ? do_vfs_ioctl+0x18a/0x2810
[  270.292441]  ? __se_sys_ioctl+0x1da/0x270
[  270.296630]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  270.301500]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  270.306382]  do_vfs_ioctl+0xcf3/0x2810
[  270.310313]  ? security_file_ioctl+0x92/0x200
[  270.314865]  __se_sys_ioctl+0x1da/0x270
[  270.318903]  __x64_sys_ioctl+0x4a/0x70
[  270.322888]  do_syscall_64+0xbe/0x100
[  270.326742]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  270.331963] RIP: 0033:0x457579
[  270.335185] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  270.354106] RSP: 002b:00007fc4b8a21c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.361851] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  270.369150] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000008
[  270.376463] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  270.383809] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4b8a226d4
[  270.391115] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  270.398416] 
[  270.400080] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu
[  270.407042] Variable was created at:
[  270.410778]  vmx_create_vcpu+0xd5/0x7920
[  270.414873]  kvm_arch_vcpu_create+0x25d/0x2f0
[  270.419382] ==================================================================
[  270.426785] Disabling lock debugging due to kernel taint
[  270.432247] Kernel panic - not syncing: panic_on_warn set ...
[  270.432247] 
[  270.439679] CPU: 1 PID: 8090 Comm: syz-executor2 Tainted: G    B             4.19.0-rc4+ #63
[  270.448286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  270.457655] Call Trace:
[  270.460288]  dump_stack+0x306/0x460
[  270.463980]  panic+0x54c/0xafa
[  270.467250]  kmsan_report+0x2cd/0x2d0
[  270.471094]  __msan_warning+0x7c/0xe0
[  270.474948]  vmx_create_vcpu+0x10df/0x7920
[  270.479232]  ? kmsan_set_origin_inline+0x6b/0x120
[  270.484114]  ? __msan_poison_alloca+0x17a/0x210
[  270.488823]  ? vmx_vm_init+0x340/0x340
[  270.492754]  kvm_arch_vcpu_create+0x25d/0x2f0
[  270.497306]  kvm_vm_ioctl+0x13fd/0x33d0
[  270.501361]  ? __msan_poison_alloca+0x17a/0x210
[  270.506108]  ? do_vfs_ioctl+0x18a/0x2810
[  270.510235]  ? __se_sys_ioctl+0x1da/0x270
[  270.514425]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  270.519308]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  270.524340]  do_vfs_ioctl+0xcf3/0x2810
[  270.528303]  ? security_file_ioctl+0x92/0x200
[  270.532865]  __se_sys_ioctl+0x1da/0x270
[  270.536882]  __x64_sys_ioctl+0x4a/0x70
[  270.540800]  do_syscall_64+0xbe/0x100
[  270.544648]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  270.549861] RIP: 0033:0x457579
[  270.553084] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  270.572036] RSP: 002b:00007fc4b8a21c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.579777] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  270.587067] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000008
[  270.594371] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  270.601659] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4b8a226d4
[  270.608949] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  270.617309] Kernel Offset: disabled
[  270.620958] Rebooting in 86400 seconds..