[ 51.384913] audit: type=1800 audit(1538951662.420:27): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 52.796401] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 57.164985] random: sshd: uninitialized urandom read (32 bytes read) [ 57.607936] random: sshd: uninitialized urandom read (32 bytes read) [ 59.428854] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. [ 65.218152] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/07 22:34:38 fuzzer started [ 69.475579] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/07 22:34:42 dialing manager at 10.128.0.26:36867 2018/10/07 22:34:42 syscalls: 1 2018/10/07 22:34:42 code coverage: enabled 2018/10/07 22:34:42 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/07 22:34:42 setuid sandbox: enabled 2018/10/07 22:34:42 namespace sandbox: enabled 2018/10/07 22:34:42 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/07 22:34:42 fault injection: enabled 2018/10/07 22:34:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/07 22:34:42 net packed injection: enabled 2018/10/07 22:34:42 net device setup: enabled [ 74.251539] random: crng init done 22:36:28 executing program 0: [ 178.537920] IPVS: ftp: loaded support on port[0] = 21 [ 180.642424] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.648898] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.657310] device bridge_slave_0 entered promiscuous mode [ 180.830579] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.837261] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.845608] device bridge_slave_1 entered promiscuous mode [ 180.968041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 181.098226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 181.470887] bond0: Enslaving bond_slave_0 as an active interface with an up link 22:36:32 executing program 1: [ 181.603661] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 182.275720] IPVS: ftp: loaded support on port[0] = 21 [ 182.420500] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.428540] team0: Port device team_slave_0 added [ 182.605512] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.613437] team0: Port device team_slave_1 added [ 182.756454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.925580] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.077225] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.084879] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.093778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.316240] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.323901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.332857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.558062] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.564629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.571504] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.578074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.586736] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.593857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.654911] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.661380] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.669805] device bridge_slave_0 entered promiscuous mode [ 185.951646] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.958266] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.966675] device bridge_slave_1 entered promiscuous mode [ 186.152288] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 186.344881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 22:36:37 executing program 2: [ 187.097077] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 187.396826] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.536244] IPVS: ftp: loaded support on port[0] = 21 [ 187.648075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.656148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.883562] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.890656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.538598] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.546749] team0: Port device team_slave_0 added [ 188.726275] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.734316] team0: Port device team_slave_1 added [ 189.015959] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 189.023228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.032119] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.255522] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.262691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.271270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.568216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.576043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.584898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.886176] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.893893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.902910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.073599] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.080123] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.088748] device bridge_slave_0 entered promiscuous mode [ 192.376993] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.383559] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.391993] device bridge_slave_1 entered promiscuous mode [ 192.529013] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.535566] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.542540] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.548992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.557549] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.660613] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 192.744187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.919998] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 193.727551] bond0: Enslaving bond_slave_0 as an active interface with an up link 22:36:44 executing program 3: [ 194.049221] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 194.375217] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 194.382533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.676015] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 194.683263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.005997] IPVS: ftp: loaded support on port[0] = 21 [ 195.775603] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 195.783869] team0: Port device team_slave_0 added [ 196.095851] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 196.104010] team0: Port device team_slave_1 added [ 196.425746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 196.432935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.441557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.479345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.758438] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 196.765700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.774409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.105812] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 197.113540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.122484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 197.446613] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 197.454700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 197.463624] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 197.697566] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.874661] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.881097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.889201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.068815] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.331317] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.337968] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.346335] device bridge_slave_0 entered promiscuous mode [ 200.706981] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.713697] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.721960] device bridge_slave_1 entered promiscuous mode [ 200.999565] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 201.053195] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.059686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.066699] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.073213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.081696] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 201.354494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 201.862044] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 22:36:53 executing program 4: [ 202.271255] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 202.730322] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.125674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.133053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.457547] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 203.465036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.660976] IPVS: ftp: loaded support on port[0] = 21 [ 204.574914] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.582954] team0: Port device team_slave_0 added [ 204.984175] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.992131] team0: Port device team_slave_1 added [ 205.444394] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 205.451550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.460453] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.816477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 205.823767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.832635] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 206.158902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.257914] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 206.265682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.275641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.648580] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 206.656497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.665961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.800205] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 22:36:59 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-512-generic\x00'}, 0x58) r1 = socket$inet6(0xa, 0x3, 0xb6) ioctl(r1, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r2 = accept$alg(r0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)="2f02726f75702e7374617000", 0x2761, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) sendfile(r2, r3, &(0x7f0000000240), 0xfdef) accept$packet(r2, &(0x7f0000008b00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000008b40)=0x14) 22:37:00 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000340)='/dev/audio\x00', 0x20001, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000380)={0x0, 0x6614fa1e}, &(0x7f00000003c0)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000440)={r1, 0xb92}, &(0x7f0000000480)=0x8) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000004c0)={@mcast2, @empty, @empty, 0x260, 0x6, 0xfffffffffffffffd, 0x401, 0x80000000, 0x100000, r2}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000280), &(0x7f00000002c0)=0x4) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r6, 0x11b, 0x2, &(0x7f0000000040)=0x800, 0x4) bind$xdp(r6, &(0x7f0000000300)={0x2c, 0x0, r5}, 0x10) [ 209.107439] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.114017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.121991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.692500] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.699077] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.707593] device bridge_slave_0 entered promiscuous mode 22:37:00 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070") r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000340)={{{@in6=@mcast2, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x6e6bb8}, {{@in6=@remote, 0x0, 0x32}}}, 0xe8) fcntl$setpipe(r1, 0x407, 0x5) [ 210.168479] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.175190] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.183828] device bridge_slave_1 entered promiscuous mode 22:37:01 executing program 0: r0 = socket$inet6(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000100)={&(0x7f0000000080)=@nl=@kern={0x10, 0x7003, 0x6c00000000000000}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000240)="5500000018007f5e00fe01b2a4a280930a600800ffa84302910000002d00090023000c000b0000000d000500fe8000000000c78b80082314e9030b9d566885b167320b00dc1338d54400009b84136ef75afb83de44", 0x55}], 0x1, &(0x7f0000000080), 0x365}, 0x0) [ 210.577838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.596026] 8021q: adding VLAN 0 to HW filter on device team0 22:37:01 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x4570, &(0x7f0000000280)="153f6234488dd25d766070") socketpair(0x5, 0x6, 0x2, &(0x7f0000000000)) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000280)=@nat={"6e6174000000000000000300", 0x19, 0x1, 0x1b8, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, &(0x7f0000000240), &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000030000000000000008006966623000000000000000000000000064756d6d79300000000000000069705f76746930000000000000000000696c30000000000000000000aaaaaaaaaabb0000000000000180c20000000000000000000000b8000000f000000028010000697000000000000000000000000000000000000000000000000000000000000020000000000000007f000001ac1414000000000000000000008420000000000000000000000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa00000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa0000000000000000000000"]}, 0x229) [ 210.913392] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.919876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.926869] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.933391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.941631] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.948474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.962273] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.969735] kernel msg: ebtables bug: please report to author: Wrong len argument [ 211.044907] kernel msg: ebtables bug: please report to author: Wrong len argument 22:37:02 executing program 0: mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x72, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x2000000088) sendto$inet(r0, &(0x7f0000000080), 0x0, 0x8081, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000000)="dd", 0x1, 0x0, &(0x7f000082dff0)={0x2, 0x0, @local}, 0x10) 22:37:02 executing program 0: unshare(0x8000400) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x80, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x80) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_GET_SYSNAME(r1, 0x8040552c, &(0x7f0000000040)) 22:37:03 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='\x00\x00\x00\x00\x00') r1 = openat$cgroup_ro(r0, &(0x7f0000000240)="686fae7374617400fa0c63", 0x0, 0x0) preadv(r1, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c) shmdt(0x0) [ 212.172872] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.567144] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.901313] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.908890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.227396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.234569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.002800] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 214.010682] team0: Port device team_slave_0 added [ 214.307291] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 214.316463] team0: Port device team_slave_1 added [ 214.490537] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.498275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.506916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.738746] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.746078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.754698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.024562] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 215.032268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.040922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.325321] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 215.333289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.342219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.628187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.630826] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 22:37:08 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000600)=0x80000, 0x4) [ 217.552492] hrtimer: interrupt took 44930 ns [ 217.697781] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 217.704815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 217.712875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.975618] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.982202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.989102] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.995678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.003966] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 218.530879] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.743618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.507040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.234535] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 22:37:13 executing program 2: mkdir(&(0x7f0000000080)='./file1\x00', 0x0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000180)='./file1\x00', r0, &(0x7f00000003c0)='./file0\x00', 0x2) [ 223.024230] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 223.030652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.038556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.513436] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.994359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.474521] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 225.949059] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 225.955597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.963578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:37:17 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000600)=0x80000, 0x4) [ 226.473184] 8021q: adding VLAN 0 to HW filter on device team0 22:37:19 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x14, r1, 0x1}, 0x14}}, 0x0) 22:37:19 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000040), &(0x7f0000013000)=0x4) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)="636c6561725f72656673007edb") ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f0000000080)) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)='2', 0x1}], 0x1) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f0000000100)) 22:37:19 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7, 0x200000) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0x9}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000140)={r1, 0x8}, &(0x7f0000000180)=0x8) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f00000001c0)={0x3, 0x1000}) write(r0, &(0x7f0000000200)="7559b21f7fe56b0405a785f25d0fa17f4a5830984d31", 0x16) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000240)=0x5, 0x4) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000280)) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000340)) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000380)=0x4, 0x4) socket$vsock_dgram(0x28, 0x2, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000003c0)={0x3}) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000440), &(0x7f0000000480)=0x4) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f00000004c0)={0x4f9, 0x3f, 0xfff}) getsockopt$inet6_dccp_buf(r0, 0x21, 0xce, &(0x7f0000000500)=""/1, &(0x7f0000000540)=0x1) r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/attr/exec\x00', 0x2, 0x0) ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f00000005c0)) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000600)=0x3ff, 0x4) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000640)={0x6, [0xfffffffffffffffc, 0x3fd2, 0x3, 0xffff, 0x1, 0x2]}, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000800)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x889000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0xa8, r5, 0x304, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3a}]}, @IPVS_CMD_ATTR_DEST={0x4}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1000}, @IPVS_CMD_ATTR_SERVICE={0x60, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x19d3625c4ff6bebe, 0x10}}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast2}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x12}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x6c}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1f}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) ioctl$NBD_SET_SIZE(r0, 0xab02, 0xffffffff00000000) socket$key(0xf, 0x3, 0x2) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000840)={r1, 0x9}, 0x8) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000880)={0x0, 0x3}) vmsplice(r2, &(0x7f0000000c00)=[{&(0x7f00000008c0)="2c29d3f041a0a59cfacece4990dcdf04c7e985e0ea73087433227836d14f04f6bc9743307669a116799a154fcece3935ebb9524fecf753e9505436468fde876d8787af94fe104bf3d16756701447247d156022b318b6cf13d70f8f82b691b63e97ad80b031371f6d392ab3b00525f4229f714b88b5", 0x75}, {&(0x7f0000000940)="4cdf21bada0d4fcf132da2a0e967e94351870783b118ab0b1474c98301c1810beab07c1e98242fe8e8a7c136d0173bf09cdf84be14dae298c85a1e4eb019daf174bf610d4aed8f5c32bf24202a3349aed2be9f9495684c725c92", 0x5a}, {&(0x7f00000009c0)="334d1bf6a9d190d95dca1ab18a52a3904aaa30ec60b4a043ebdd08ab879ad21202aab4fa88e930f24c101125731804f92b367d636ed6127a2fb8cdc343fe8548158bf23f5ed50db947de59d56c10bc85908cdbb3fe191f38e5bb760d5e515003f577e532644d06b15df8248a87808eb9ecbb9b861e769f64d0fe326e477079de258acdd9303166e16b4b1f0b0ac320499542f401e1b1832d4fae4aa11f8710455c66cf71b788fe56b9c84920cec486b315b61a4027119eabac55eb96994556797d3b751f61ac03ee208d624ca573639e749ff6194d2084c2eb49ab47dc5bf3115f804f58b8a4feed90", 0xe9}, {&(0x7f0000000ac0)="5293fa6364d5b27805a947c2039c00c6f99a9d2bf2503228fb", 0x19}, {&(0x7f0000000b00)="44acc9ce874b8174111f482ffe302272bb34e9c67101b7bf01011eb0a5cd09907fa597a7aedf8315b6458e0034ef0285df5c78bf7eddf30ddf5923dfd50441f438dab75b6f80cb110181b5bec218efd73889069189f98c0ff2eec3473ac34b01b825e026ef3d23e3224787698f78cb02eb9b155b671dc53868c6b4befff0a48ed5452a5c4137b21983c1859ca77ac243c170120891ebad93510a7517791883d331456be1e550fe79e773df69870656cc8feeb302721db07d06ff076e766ea17d331add73452e4366c4700cdd75d2c14b129da3c36f598b196e877606a9d0d7", 0xdf}], 0x5, 0xf) getsockopt$netlink(r0, 0x10e, 0x7, &(0x7f0000000c80)=""/85, &(0x7f0000000d00)=0x55) rename(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000d80)='./file0\x00') syz_open_dev$mice(&(0x7f0000000dc0)='/dev/input/mice\x00', 0x0, 0x10000) 22:37:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f00000002c0), 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) connect$can_bcm(0xffffffffffffffff, &(0x7f0000002ff0), 0x10) r1 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x0, 0x8000) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000100)={'ah\x00'}, &(0x7f0000000180)=0x1e) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f00000004c0)={0x4, [0x7, 0x91, 0x0, 0x0]}) write$binfmt_misc(r0, &(0x7f0000000440)={'syz1'}, 0x1200e) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000480)='/dev/mixer\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000002480), 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev}}, {{@in6=@dev}, 0x0, @in=@loopback}}, &(0x7f00000003c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000009c0), &(0x7f00000007c0)=0xc) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000540)={{{@in6=@mcast1, @in=@remote}}, {{@in=@remote}, 0x0, @in6=@loopback}}, &(0x7f0000000640)=0xe8) bind$vsock_dgram(r1, &(0x7f0000000780)={0x28, 0x0, 0x2710, @host}, 0x10) geteuid() getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f00000001c0)=""/212, &(0x7f0000000740)=0xd4) getresuid(&(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000800), &(0x7f0000000840)=0xc) stat(&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000400)={0x0, 0x4}, &(0x7f0000000500)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x19, &(0x7f0000000a00)={r3, 0x3}, 0x8) fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000940)=ANY=[@ANYBLOB="1000020000000000200002000000"], 0x1, 0x2) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, &(0x7f0000000000)={0x0, r2}) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000380), 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0xffffffffffffffff) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000140)=0x200, 0x4) 22:37:19 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480), 0xc, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000022000100000300000000000001000000"], 0x1}}, 0x0) 22:37:19 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000440)=@allocspi={0xf8, 0x16, 0x123, 0x0, 0x0, {{{@in6=@ipv4={[], [], @local}}, {@in6=@ipv4={[], [], @broadcast}, 0x0, 0x6c}, @in6}, 0x0, 0xf0}}, 0xf8}, 0x8}, 0x0) 22:37:19 executing program 0: 22:37:19 executing program 1: 22:37:19 executing program 3: 22:37:20 executing program 4: 22:37:20 executing program 2: 22:37:20 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f00000002c0), 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) connect$can_bcm(0xffffffffffffffff, &(0x7f0000002ff0), 0x10) r1 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000100)={'ah\x00'}, &(0x7f0000000180)=0x1e) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f00000004c0)={0x2, [0x91, 0x0]}) write$binfmt_misc(r0, &(0x7f0000000440)={'syz1'}, 0x1200e) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000480)='/dev/mixer\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000002480), 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000540)={{{@in6=@mcast1, @in=@remote}}, {{@in=@remote}, 0x0, @in6=@loopback}}, &(0x7f0000000640)=0xe8) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f00000001c0)=""/212, &(0x7f0000000740)=0xd4) getresuid(&(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000400)={0x0, 0x4}, &(0x7f0000000500)=0x8) fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000940)=ANY=[@ANYBLOB="100002000000000020"], 0x1, 0x2) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000380), 0x0) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000140)=0x200, 0x4) 22:37:20 executing program 3: 22:37:20 executing program 0: [ 229.851535] IPVS: ftp: loaded support on port[0] = 21 [ 231.120775] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.127305] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.135602] device bridge_slave_0 entered promiscuous mode [ 231.211652] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.218303] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.226336] device bridge_slave_1 entered promiscuous mode [ 231.300857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 231.375795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 231.602138] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.680711] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.827566] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 231.834707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 232.059878] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.067445] team0: Port device team_slave_0 added [ 232.143792] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.152073] team0: Port device team_slave_1 added [ 232.228090] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 232.303567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.380742] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.388141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.397097] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.466846] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.474192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.482921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.333388] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.339856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.346784] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.353356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.361112] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 233.772111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.408484] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.687107] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 236.965735] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 236.972267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 236.979868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.260616] 8021q: adding VLAN 0 to HW filter on device team0 22:37:30 executing program 5: 22:37:30 executing program 4: 22:37:30 executing program 2: 22:37:30 executing program 3: 22:37:30 executing program 0: 22:37:30 executing program 1: 22:37:30 executing program 1: 22:37:30 executing program 4: 22:37:30 executing program 5: 22:37:30 executing program 3: 22:37:30 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) getpid() socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000013000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000010000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x0, 0xe, 0xbe, &(0x7f0000000280)="6ff1a86487e1831e21547d59830b", &(0x7f0000000480)=""/190, 0x1ff}, 0x28) close(r0) socket$kcm(0x2, 0x3, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) 22:37:30 executing program 0: 22:37:30 executing program 5: 22:37:30 executing program 1: 22:37:30 executing program 4: 22:37:30 executing program 3: 22:37:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000008f00)={'tunl0\x00'}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f00000000c0)="0f0f1ba00873850f01d1ba4000b8a989ef660f2ac3ba4000b85700eff3cfbad00466b8b200000066ef3e0f38003abaf80c66b8a206ef8766efbafc0cec", 0x3d}], 0x1, 0x0, &(0x7f0000000200), 0x2b5) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 22:37:31 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x3, 0x2) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000013000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000010000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0xe, 0xbe, &(0x7f0000000280)="6ff1a86487e1831e21547d59830b", &(0x7f0000000480)=""/190, 0x1ff}, 0x28) 22:37:31 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) setsockopt$inet6_int(r2, 0x29, 0x5, &(0x7f0000000040), 0x4) setsockopt$inet6_int(r2, 0x29, 0x0, &(0x7f0000000000), 0x4) 22:37:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85b, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000001b00)="923993844f5f2cef6381d1767eccff349c89cb2b90f33c12be811d6958a6247483aace", 0x0) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f0000000080)) 22:37:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0xa8, 0x0, 0x1}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000008f00)={'tunl0\x00'}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f00000000c0)="0f0f1ba00873850f01d1ba4000b8a989ef660f2ac3ba4000b85700eff3cfbad00466b8b200000066ef3e0f38003abaf80c66b8a206ef8766efbafc0cec", 0x3d}], 0x1, 0x0, &(0x7f0000000200), 0x2b5) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000840)={{0x0, 0x0, 0x1}, 'syz0\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0x1, 0x0, &(0x7f00000000c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 240.354608] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 22:37:31 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x40, 0x82) pwritev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000100)='\'', 0x1}], 0x1, 0x81806) sendfile(r0, r0, &(0x7f0000000000), 0x20000102000007) [ 240.460251] ================================================================== [ 240.467699] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 240.474313] CPU: 0 PID: 7846 Comm: syz-executor5 Not tainted 4.19.0-rc4+ #63 [ 240.481868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 240.491322] Call Trace: [ 240.493934] dump_stack+0x306/0x460 [ 240.497591] ? _raw_spin_lock_irqsave+0x227/0x340 [ 240.502466] ? vmx_create_vcpu+0x10df/0x7920 [ 240.506921] kmsan_report+0x1a3/0x2d0 [ 240.510749] __msan_warning+0x7c/0xe0 [ 240.514559] vmx_create_vcpu+0x10df/0x7920 [ 240.518807] ? kmsan_set_origin_inline+0x6b/0x120 [ 240.523649] ? __msan_poison_alloca+0x17a/0x210 [ 240.528411] ? vmx_vm_init+0x340/0x340 [ 240.532491] kvm_arch_vcpu_create+0x25d/0x2f0 [ 240.536993] kvm_vm_ioctl+0x13fd/0x33d0 [ 240.540972] ? __msan_poison_alloca+0x17a/0x210 [ 240.547215] ? do_vfs_ioctl+0x18a/0x2810 [ 240.551280] ? __se_sys_ioctl+0x1da/0x270 [ 240.555429] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 240.560278] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 240.565136] do_vfs_ioctl+0xcf3/0x2810 [ 240.569119] ? security_file_ioctl+0x92/0x200 [ 240.573619] __se_sys_ioctl+0x1da/0x270 [ 240.577597] __x64_sys_ioctl+0x4a/0x70 [ 240.581484] do_syscall_64+0xbe/0x100 [ 240.585299] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 240.590485] RIP: 0033:0x457579 [ 240.593678] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 240.612579] RSP: 002b:00007fc029a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 240.620288] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 240.628741] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 240.636107] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 240.643376] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc029a306d4 [ 240.650639] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 240.658011] [ 240.659634] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 240.666549] Variable was created at: [ 240.670271] vmx_create_vcpu+0xd5/0x7920 [ 240.674329] kvm_arch_vcpu_create+0x25d/0x2f0 [ 240.678812] ================================================================== [ 240.686162] Disabling lock debugging due to kernel taint [ 240.691696] Kernel panic - not syncing: panic_on_warn set ... [ 240.691696] [ 240.699072] CPU: 0 PID: 7846 Comm: syz-executor5 Tainted: G B 4.19.0-rc4+ #63 [ 240.707639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 240.716994] Call Trace: [ 240.719602] dump_stack+0x306/0x460 [ 240.723248] panic+0x54c/0xafa [ 240.726466] kmsan_report+0x2cd/0x2d0 [ 240.730277] __msan_warning+0x7c/0xe0 [ 240.734079] vmx_create_vcpu+0x10df/0x7920 [ 240.738321] ? kmsan_set_origin_inline+0x6b/0x120 [ 240.743185] ? __msan_poison_alloca+0x17a/0x210 [ 240.747861] ? vmx_vm_init+0x340/0x340 [ 240.751777] kvm_arch_vcpu_create+0x25d/0x2f0 [ 240.756279] kvm_vm_ioctl+0x13fd/0x33d0 [ 240.761908] ? __msan_poison_alloca+0x17a/0x210 [ 240.766581] ? do_vfs_ioctl+0x18a/0x2810 [ 240.770634] ? __se_sys_ioctl+0x1da/0x270 [ 240.774780] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 240.779619] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 240.784458] do_vfs_ioctl+0xcf3/0x2810 [ 240.788353] ? security_file_ioctl+0x92/0x200 [ 240.792850] __se_sys_ioctl+0x1da/0x270 [ 240.796846] __x64_sys_ioctl+0x4a/0x70 [ 240.800736] do_syscall_64+0xbe/0x100 [ 240.805669] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 240.810950] RIP: 0033:0x457579 [ 240.814149] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 240.833048] RSP: 002b:00007fc029a2fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 240.840847] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 240.849935] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 240.857215] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 240.864484] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc029a306d4 [ 240.871768] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 240.880389] Kernel Offset: disabled [ 240.884051] Rebooting in 86400 seconds..