[....] Starting OpenBSD Secure Shell server: sshd[ 52.360529] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 52.729117] audit: type=1800 audit(1538855437.772:29): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 52.748646] audit: type=1800 audit(1538855437.772:30): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [ 53.655245] random: sshd: uninitialized urandom read (32 bytes read) [ 54.041902] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 55.626967] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. [ 61.601358] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/06 19:50:48 fuzzer started [ 65.949852] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/06 19:50:53 dialing manager at 10.128.0.26:36867 2018/10/06 19:50:53 syscalls: 1 2018/10/06 19:50:53 code coverage: enabled 2018/10/06 19:50:53 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/06 19:50:53 setuid sandbox: enabled 2018/10/06 19:50:53 namespace sandbox: enabled 2018/10/06 19:50:53 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/06 19:50:53 fault injection: enabled 2018/10/06 19:50:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/06 19:50:53 net packed injection: enabled 2018/10/06 19:50:53 net device setup: enabled [ 71.013117] random: crng init done 19:52:36 executing program 0: [ 172.625590] IPVS: ftp: loaded support on port[0] = 21 [ 174.690955] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.697662] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.706041] device bridge_slave_0 entered promiscuous mode [ 174.828973] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.835511] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.843825] device bridge_slave_1 entered promiscuous mode [ 174.965547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 19:52:40 executing program 1: [ 175.086061] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 175.541926] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 175.775201] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.917771] IPVS: ftp: loaded support on port[0] = 21 [ 176.765853] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.773911] team0: Port device team_slave_0 added [ 176.975001] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.983312] team0: Port device team_slave_1 added [ 177.134440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 177.365290] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 177.372366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 177.381327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 177.593456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 177.601015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 177.609942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.822366] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.830079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.839005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.588619] ip (6193) used greatest stack depth: 53056 bytes left [ 179.315673] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.322156] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.330540] device bridge_slave_0 entered promiscuous mode [ 179.556934] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.563510] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.571683] device bridge_slave_1 entered promiscuous mode [ 179.784082] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 19:52:44 executing program 2: [ 180.065826] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 180.356190] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.362687] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.369773] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.376319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.384762] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 180.677143] IPVS: ftp: loaded support on port[0] = 21 [ 180.944567] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.246623] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.383318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.433211] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 181.440280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.724836] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.731992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.468040] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 182.476132] team0: Port device team_slave_0 added [ 182.754578] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 182.762497] team0: Port device team_slave_1 added [ 183.011850] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 183.019187] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.028095] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.254360] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 183.261486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.270482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.504766] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 183.512314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.521544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.765704] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 183.773471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.782309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.773974] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.780440] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.788708] device bridge_slave_0 entered promiscuous mode [ 185.045968] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.052425] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.060756] device bridge_slave_1 entered promiscuous mode [ 185.347556] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.594873] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.321310] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.588023] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.628234] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.634779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.641652] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.648244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.656743] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 186.833311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 186.840416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.103945] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.111071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 19:52:52 executing program 3: [ 187.483171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.862808] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 187.870816] team0: Port device team_slave_0 added [ 188.227023] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.235162] team0: Port device team_slave_1 added [ 188.453433] IPVS: ftp: loaded support on port[0] = 21 [ 188.522418] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.529628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.538471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.782740] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 188.790453] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.800447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.131812] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.139511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.148377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.469752] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.477450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.488872] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.689871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.906255] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.107021] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.113700] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.120576] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.127188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.135609] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.143778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.647085] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.653747] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.661925] device bridge_slave_0 entered promiscuous mode [ 194.014021] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.020475] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.030753] device bridge_slave_1 entered promiscuous mode [ 194.060476] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.069091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.079444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.405726] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 194.646968] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 195.161623] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.611682] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.960012] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 196.193465] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 196.200591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 19:53:01 executing program 4: [ 196.612346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 196.619636] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 197.747265] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 197.755365] team0: Port device team_slave_0 added [ 197.809279] IPVS: ftp: loaded support on port[0] = 21 [ 198.194656] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 198.202660] team0: Port device team_slave_1 added [ 198.655120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 198.662247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.671330] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.977708] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 198.985032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.993848] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.276159] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 199.283882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.292655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.667449] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 199.675305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.684216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.349221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.683198] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 203.121285] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 203.127996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.136112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.711209] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.717902] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.726185] device bridge_slave_0 entered promiscuous mode 19:53:09 executing program 0: [ 204.145423] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.151998] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.160331] device bridge_slave_1 entered promiscuous mode [ 204.179304] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.185922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.192818] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.199429] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.208010] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 204.392789] 8021q: adding VLAN 0 to HW filter on device team0 19:53:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x408400, 0x0) execveat(r1, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)=[&(0x7f0000000080)='em0lo-:vmnet1em1proc!}.ppp0%%\x00', &(0x7f0000000140)=':\x00', &(0x7f0000000180)='}selinux,loGPLvmnet0.$eth1eth1$$md5sum(\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)='em1\x00', &(0x7f0000000240)='/eth1\x00', &(0x7f0000000280)='^\x00', &(0x7f00000002c0)='{uservmnet0@\x00'], &(0x7f00000003c0)=[&(0x7f0000000340)='\x00', &(0x7f0000000380)=':vmnet1usersecurityselinuxbdevppp0-em1\\cpuset\x00'], 0x1400) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="290000001800190000003fffffffda0602000000fde80001024000040d0005e3ff0400000005000000", 0x29}], 0x1) [ 204.669936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 19:53:09 executing program 0: syz_emit_ethernet(0x13a, &(0x7f0000000200)=ANY=[@ANYBLOB="65cdce05566d063819ecf9a986dd60427fb4010400000000000000eaffffff00ffff7f000001fe80000000000000000000000000000000000000010490784cc53eed7c05ffe61c3d9170192596c53824b21f968be7ee6745c110640281ef93b5350b367a7c1878580ae6fb9353dcbcec298b9c5295fe08b54e1a928407badd5367e367810e9122f98ddfecbb00f94d22ebfb794ca50a9dd7edc24b4a24c1a5b2a0180eb8e0bc6c03d6adae19be0b691c98e50b0634f0fec36972b9d78ccf8bf1aa23e30587e891ff38f6fa4372f31bce8c6c2769b64d8e468664d4769f4126ffac86d1f60bb9dbdb186fceb066e812fa578176ba6dddb6ceafd5c3109c5db29bf916f08bb3ed40a4d7104ce42ac3f87a9194d997ed4299fc36bfca448729b8ad551d16b72e250f8e7cb2e5a4ee12ef02d49dbca475f003dc04f1"], &(0x7f0000000000)) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x101400, 0x0) write(r0, &(0x7f0000000340)="502a58d778613dae16d03401125045ba9984daf3bb3715d94f839fefe6aae41ebf69927fead3791f7fd7dbc38338f2b454544e639e4eababb3c487f31cf610848e19cb428c694b484aa1e61e802d04c9b37c34d3f62315e2dd11b4fd714d6267c7fee4bb68102e985acf72d6c4fc19932c4b4bf697162bbc59433fe2a8f77ff827", 0x81) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x10000, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f00000001c0)={r1}) fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x1) [ 205.063393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.073104] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 19:53:10 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000940)='/dev/dsp\x00', 0xa000, 0x0) ioctl$BLKPBSZGET(r1, 0x127b, &(0x7f0000000980)) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000040)=0x10000004800, 0x4) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000009c0)={0x0, 0x0}) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000a00)={[], 0x400, 0x2, 0x8001, 0xf1, 0x0, r2}) write$binfmt_aout(r0, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x2e9, 0x206, 0x1, 0x122, 0x9}, "9bc9e311ba4ba17ac18388ac0063376584297e1ebca70672599246e993e5c0f1c5503c52030c454555a4bfcf3c24f71400fa3cc23cc9523f3d7915ac2ef9912d3ac69ee9ebbb3d592ac50364717fdce19dc93049fba72766c15db090d19d0b49d18a9fe07151fc1c4466fb6ddc0b", [[], [], [], [], [], [], [], []]}, 0x88e) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @rand_addr=0xfffffffffffff001}, 0x10) 19:53:10 executing program 0: clone(0x210007fa, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000200)) madvise(&(0x7f0000b45000/0x4000)=nil, 0xfffffffffffffe77, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000000040)={0x4, 0xd4, 0x4d, 0x4, 0x15b, 0xc}) 19:53:11 executing program 0: r0 = socket$inet6(0xa, 0x100007fffffffe, 0x6) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x0, 0x0, @loopback}, 0x16) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x3ff, 0x800) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000040)) [ 206.336388] bond0: Enslaving bond_slave_0 as an active interface with an up link 19:53:11 executing program 0: r0 = memfd_create(&(0x7f0000001fc1)="00ac3d9dd2dbe6bfb408ed634a8e84d44e129b1f09bd112b865416a3b3ae309f393fef6fa46b01323ea19c86781c9f841935de975f097ef3591222705ec10f", 0x0) fallocate(r0, 0x0, 0x2000427, 0x40) write(r0, &(0x7f0000000080)='/', 0x1) sendfile(r0, r0, &(0x7f0000000640), 0xfee) ioctl$NBD_DO_IT(r0, 0xab03) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="29000000030000000000000000000000000000080000000000000073656c696e75784000"], 0x29) ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f00000000c0)={0x2, 0x9}) rmdir(&(0x7f0000000000)='./file0\x00') 19:53:11 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070") r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x101000, 0x100) socketpair(0xc, 0x0, 0x3fd, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000001c0)={0x100004, &(0x7f0000000080), 0x0, r2, 0x2}) getsockname$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000240)=0x1c) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$void(0x1c) [ 206.789800] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.196466] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 207.203721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.587878] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.595282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.348915] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.357024] team0: Port device team_slave_0 added [ 208.389324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.616653] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 208.624722] team0: Port device team_slave_1 added [ 208.883821] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 208.890904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.899715] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.117405] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 209.124639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.133368] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.330289] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.358778] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.366472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.375302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.647159] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.654887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.663766] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.257508] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 210.264675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.272484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.355048] 8021q: adding VLAN 0 to HW filter on device team0 19:53:16 executing program 1: prctl$seccomp(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x40000000006, 0x0, 0x0, 0xffffffffffff7fff}]}) ioprio_set$pid(0x2, 0x0, 0x0) [ 211.962514] audit: type=1326 audit(1538855597.002:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7084 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 212.372819] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.379406] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.386448] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.393037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.401531] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 212.408633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.735505] audit: type=1326 audit(1538855597.782:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7084 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 214.892230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.571215] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 19:53:21 executing program 2: prctl$seccomp(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xfffffffffffffff9}]}) mlockall(0x2) [ 216.322124] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 216.328669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.336717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.425765] audit: type=1326 audit(1538855601.472:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7234 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 216.915713] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.219427] audit: type=1326 audit(1538855602.262:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7234 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 219.193245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.776675] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 19:53:25 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85b, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x41dc, 0x0, 0xfffffffffffffffe, &(0x7f0000000240), 0xffffffffffffffff) [ 220.239346] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.245972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.253958] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.563746] 8021q: adding VLAN 0 to HW filter on device team0 19:53:27 executing program 4: perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="45965a5c4f0f0000000030e12924ad83aa300fc6228476120f3c18"], &(0x7f0000000000)="47504c00bc3047eb525f484f89fc96dd6ca64da40ff023122e66f6", 0x0, 0xce, &(0x7f00000004c0)=""/206, 0x0, 0x0, [], 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="080000000000000000000000028000007a0a00fffffffffd6301"], &(0x7f0000000000)="47504c00bc3047eb525f484f89fc96dd6ca64da40ff023122e66f6", 0x0, 0xce, &(0x7f0000000300)=""/206}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x12, 0x5, &(0x7f0000000040)=@framed={{}, [@jmp]}, &(0x7f0000000200)='syzkaller\x00', 0x80000004, 0x718, &(0x7f0000008d40)=""/187, 0x0, 0x0, [], 0x0, 0x8}, 0x48) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 19:53:27 executing program 0: semctl$SEM_STAT(0x0, 0x0, 0x12, &(0x7f0000000200)=""/195) getrusage(0x1, &(0x7f0000000000)) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000001840)='/dev/input/event#\x00', 0x5, 0x20400) r2 = userfaultfd(0x80000) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000001880)={0xffffffffffffffff}) r4 = accept$inet6(0xffffffffffffff9c, &(0x7f00000018c0), &(0x7f0000001900)=0x1c) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001940)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000001980)={0x0, 0x9890d8c182e06885, 0xffffffffffffff9c}) r7 = open(&(0x7f00000019c0)='./file0\x00', 0x4000, 0xb) r8 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000001a00)={{{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@local}}, &(0x7f0000001b00)=0xe8) r10 = getgid() r11 = socket$nl_crypto(0x10, 0x3, 0x15) r12 = getpgrp(0x0) r13 = geteuid() stat(&(0x7f0000001f80)='./file0\x00', &(0x7f0000001fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r15 = accept$unix(0xffffffffffffffff, &(0x7f0000002040), &(0x7f00000020c0)=0x6e) r16 = socket$bt_bnep(0x1f, 0x3, 0x4) r17 = openat$nullb(0xffffffffffffff9c, &(0x7f0000002100)='/dev/nullb0\x00', 0x10000, 0x0) r18 = openat$ion(0xffffffffffffff9c, &(0x7f0000002140)='/dev/ion\x00', 0xb0400, 0x0) r19 = openat$userio(0xffffffffffffff9c, &(0x7f0000002180)='/dev/userio\x00', 0x105000, 0x0) r20 = syz_open_procfs(0x0, &(0x7f00000021c0)='net/netstat\x00') r21 = openat$ppp(0xffffffffffffff9c, &(0x7f0000002200)='/dev/ppp\x00', 0x400000, 0x0) sendmmsg$unix(r0, &(0x7f00000022c0)=[{&(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000180)=[{&(0x7f0000000300)="0c1076757ff0d618d109b96a923cb51ce0d3e2190755961af66216bc00cf4b56ea40b86be9964f1f778396d11ffe466e4bdbcba2844358776f02cd011db8976b7c66f4c44a578c14ec5cb26b2151411ecbdd61dfbaa90cf22222ea781e2f045afb705d0b0337e9b52ed36cf5cc3c9ec1d4e56a62a0b0f465ecdc78024d409136e8768329860ed4e7b4df6b05f337c2d0ddc49525c8f4e821c7a69befd0f77599dddd9b4026f23cb11c336b15f6d47a91a0d3aaf060f92b651ec031d9188a948e4d38b21d8def1214cbfcc304325624b2e2b056e7581dde378c971c4e2c4861c24f78f7f4f28ddfcc9e42d2d4f573182a7cf3ca965c8f9d", 0xf7}], 0x1, 0x0, 0x0, 0x4050}, {&(0x7f0000000400)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000480)="10b60fdc7fa875a344402f068824465617493a45ac19174d8a6862a80b73a759c46cb96b2659ccbed8e1ee69a419cc0315cd29bda7667b8da505e49404960f8723730ed6660f02a00ba2f988270658a6a0a5d4cddd1f76e1a584b7e8114e98fff4d2d3a8677f102c73e5d4b7c895b7bbb3572cfdd6a74e498d8cda871fefeb0bfafccb78ce438685fb78239d06d892c321b65b2000cb69927e4042472b8fae9164b7550b1f7909abb96d61c924c39f0a3e231d92c1dac298cb68b29b124e12fd76c5843038daa0419375e61ad4395719ccb2ace68e29477a51a2105f54a6627cf3d5b9e7a802ebd1f1dbf6beb577e08a9bc825e1515c61eefca689ac84de53bbd6977ff25c84dc128d5439905d4be0c81eeb376dc7b751ca830cc60940cdb783451345868d47ee1d103739f1207f624ca63f7fd8ea91221410b67419f84c493576f072844917ec056bd9eeb790fca220fd98f3ffac7ee10b597635363e43e72c88baac2964f716d9f7628587346839d8b760bb69f787f793c24504d3fd36e1938756db70564e1650178eaa931e8b6c5100bf472204e22fe237669975df25a36f250071052cf2ed8b7cf75f724b868b1eee6fbb8df5d5a7dc18ae3a9e68e6988474a1c3cd8626c79f10ceb5f22d483788809f4c93051f8f80ac99681ddda5161caef27ba1cfb0f0ed16417307d4ed843f1834fcab23591f1f3d07d1cb384618b4348b291f0cb77a221fd5bf1340132b8c6ef4256f05714fd8d691878fb40f2d901f0644554bfe43e9e7d1380f6a021d2f7a3905d36659e530efe52dad0a4bfc55163d9c0f76c5f8170f9689104eb0646c593018b22d09b6a51ee2ad1e53e2c7b2d70d7572a82222264c897cbe5a859afe75c3ff58437b45a042590a91fadcc1fd4570cbe2c3c445cf75b1aea9edca3af660b11383d6d2dcbb56fb22af292e128fc40f95ad3206833b8530efc17c38cb4415f9ce4f25a2d3931034e071c0e48580f1c117220c05011ac2ed6502341fa24cdba19e9a74d570542ceb55d5e2185331854b171ad68ba48af8d0376ff5706937d30a127b6d38426f2e59889e97827ee8f76d401c242c05d88d9fd1f58fd75156d7521eeaf9ce4f468ad171d1615310a151f2245d49a6b2e34ebcac5cc80c29fa43ccedd37e9379958bf7308cb6cc7e11053320aed6522bd70be6a3e224ead5981e3c1eed6cd8b3f4be99430eefa16b3a03d9237436091c43fa57730a6934abe59e0f7a3c29f9eca5321392bc8c1108df12bb4a8c9f329856d87b4b2b105c28683dc549b674e6d85686eacaa6f53600b0e6d2355c9ac3d7479544b2b2abcb4f0f28b70f422c1412ddb2ba662d04636454fec12332463b7ccbf596bc14d9f9bc3ce1ac2b0fa90399c45fc7c1633915b22aa2b711f5e98b2587e3d77f74604f6954f0cd6e1cfd066ddcf09245169499e08e38440f3e6e5ac4bf668dcbd42423a16d58b2fa35f1cc091d87c73d39dc285cc5f79a20a511c06e601440c49f1999dc91419d86297dd9275e7db6da8a01df28d8ecbe6dbc836f818fd6ffff057a3a0c964502df4307f67268deddb1dc293c9f0a24475b2aa4e6fad3ca7dad83211b2dda2e294829e586e2f2d581e6281996c4caece264c63b6de3d3766b23fdbea9418318178eb0e68562883b052855760db23fa5d9d4bf7b6cfde8ed0ffa185659a35ae1fe8463655169f62a42620695727e261c9d2ab7644e3a5f672e79c0b39f62d917fd1967ad8cdbbe240027b6f09bf701adad8fefd4efd30e750e70ae2e730b13dbb53ae8c7c5467b830686a9a373df2e63867aa1238141f30ce054c24f60def588069334e142edd5f347fe8bb8aaa3922e6fd5073af2e7cb0bedca72587e7438679635947a81149a4b6a16a7b76dca61dc58b85cb52263202fb426cffa6a17fbe2fe3adbf4c5dfafe85f9e9688f8230304851e036f0dceff07afd341b37a92765d423254f9f32d85a53b4e0fd632bd7fcd538692cf976a31ae82ddaf3443910797d9b5e259b4026fcba7f8d9c93dbb47b638c66503115c6e6edee84c3f4ca6d17bc4c640972f60bc82301eeabac294a6330473bb6d8195634e9d4ccb3a41581c3597d953b050f36c73f9eb05d2bc7e7494618ab99946e2b3396f2b3813190334c6f66403d5ad4559f840b465e52f24f2e51111d5ac9f0ddcbf35b83175f28207e572c8a6b5355ef3ae730d5926b3b4dcb6ac38da6f5d0de36bb05bd88475e7853f5a7f7f0bd4b64692cc5103870ba816f0788b1e209f09f771cbdf76f721c1bb2f4b74b56323fe54b274cbba69daf95040f23da935b985453db333c3ba2a657bb6ffbb10cf792b56c745e9af6910408a117de74415685441c56ada68a8b3c3fe1c537d046bf6f6e7e7880cdf8f5d1b7dc605953852da44d96ecaad7214d6d40049967cce5b75793b4c20ba1289de57ca18d6ee6a2792032b392fb34005e79cc2d07b2e594250746ae535c56662ff0b44fe995d15c1942469d796f7aaaf143f978c2312703efcce1db962c5a245c658a90d9bb5e06fd3953369f3580bbf888905f16a7477271595371e213c4ea4f3189fa510292df5f095c6222734c1f8888dcbdad013e6674b1c32e392674c737c779432ce49536edfe32c55027b7f77931e83cb2b6052e4671b8cfdf87482e9d6502542a9ed9737a5160b3407371a1a47d08256d4271eeb238e798c3c3fec6d5ebc94eb8b06f602b645364392b7422ddd48a720461261c52a03a0acdc1192d67315a057d5b03227cf16259b0e580649a759fe7c00e08afe318a2c380c61356b37d9d8866899ecdb2a7581eb1f616e8c1c55b40d4b2be85e5417a866883e8a72c3666916570dfdf0ac8122ecc3e5faa9f306a21db47cb7c9c303ef11cf70c1e76a5bf6d0528916819b6b3dfca1af05eeeb97d46dd4dc4d0fd08f176388de13ce532fbc0a6426e1f9bc78e3d46bed768ffc0f4d367f64da7ee85d08bf0d2d077d76fd222d648aad2d49fe56a20fca7a6577b03d8b96d11e00b439db6c0a6861af9b850495dd000cf1f143dac2b629e9746cde36970a50a2cd9699c47f42605dcdcf24872e8fae977cf806f929e815c36254e3fcef6a0a12cab9fdd70395953f4dd6f3391fab643201cf21746b8b5209b4982e44eccb8b13552623c99a67c9c1e143f79af0b9a915438477c8e06ccf1b5fd0b28fd84278696506803dc7d4cecb7fcda66631f58f4050b396dd1241f1e73d36c183bd935b79f4e79469aaf8a27458c571cca7b2edcf920d9c71babe428497bc6ba58c4c20e48bfbd6b75db7b338e345b6b0aa5c3f04df12fbc94717c8e4fa6b16ff3838bd68326d265e199ad14f769b400ee79494256ea252349fb7b7dc1bbc0e8a4640d4c9aafb67b7b867b21041bd21bed9417641f296e7a2cfc51528e938a0766e09552822862861fcfe05cddc8d0c8346c0384693635cbbecb30358e55b9afe57427516e2982aea8c90348840d9e916ca38be78f1ade552da7e150dd26c5abf6480fe48991d5b1f6ddf0d3cdf05bd70eed963c2b96c3258d0d181e309b1c54e6e18d79439d1fd04041f593c791c659d1bde387b1faa3cc4cf7e16fba8c874c7ad4457556a545343b924d4c75a52d618596dc683480a0c307703ffec1cb1c3edcd883ceb001d3ad57e1bf3adbc7195f20d2539fb0e017dc2d6bf25405439fac4fbd6459e59f7bb625186a23aa761d42d564636ae15b3901321fe957b437c3e5ec3634c5de9719264040f789f4777b2dedccf56566415396359676ca0fcd8918e93b68e861181ae4b2aaed8e47c19f5abda95eb4fe49a6afccdea7595caecda4202aa9bb62ef06b1cc919bb80cfe37dc862e2f0a35fe1eecdfa560b9a00f01774ac9c57bf2c2a89525d43dfc4a85771ef9d658def39dcf81dd696c882a9be3b547b3f7c31585230b19a312f4fb32d38f3de1daf548d40cb26ec19e3bb915c18540825f102351d82405965bd64d19c019473117658248cc8bece0c2d895f8897c2e4e4811ba96bd4a79740c5e12f144bb4a6769d806f77e51a414d36537d6e006d34868f9f028f3e4496a58aa50dfb9f2bb98a179651efd4cea4426de07069e592c0b2bf2a95a91c3b0cc472ed40b449e611b032de6b85e34c2246940f5cb31c3f2bfdb3e2523bcc961a0da050e6b3883cebd2ba6e990d4af662f392d34f93192de498fd1dbc0bf983979f3aeb300afbc2d796cf095881250bd381f6d63ddd6dc30837ab9a9ec699a634ac674c5821aff0b523de495514cd5917736bc9fc49cee0f8f28daf76623ef41cdc64a50fb5418115b3850f94b40e1d659e8915aa4d2b9036543391ecb82a57b721a223947a72e38dc69ee2b01b705dbe6e7290d12b5c6515715a107580ac369edc490d8e1cf9859b48a63a88dbc3a5781924ce93f462bacc7e0bd7516d7cea399a8aaf6fe30c1c4c6d02ae493f530dc3aca1336d82c34c6f10df82eaa4338ef2780ac73347813eff87350835a2da933e0cb08f9e04a1176e4e9b33fba65b616716f35080f1a52a6564f9c2e3d0fda355404ef589e077831330701365556f9c7c042e393524c070741a4613d04d1e1a812c1a7d686f69be2623f4b97bebe52a1a4b213e4df0bc4a935e8e0fafd72af20ea04d6324eaaf42a744aaefcb045ff807ef57e8e2f2f5a975e442714ae15f0bdf91712e91eaf8442cb069b3ff00d1d737201e59f828158e7226f79373da8525adc2bca214abee1f80e585cb0d396dcda09e321ae7421bf9caa36194ec6e9d83cc665ff2cbc97175c41779ff8cb98d5ed6a868d7fccce840d87bd299171c9369041d551b0c883814413d7037cccc7fad72801173d06e17365ee668040eb363019a20026950ca0a662281a2df74094971d403eddfa3eab8488e0cce0babe0c09cae9e6a71bf815edab0f403fb5221149348dfe65cf1290c300e2ac6c2033a2314deeae59fa31ab681223444dcbded882bdef4195b32b2557a6e5901603e5e380770ae5b7df16a2fe7474641e14b7c6e4500aef03316ad269b1561b244fd15fac2eb9ac3a77bfb1fd9417302fe7c4364f6aa197ca2398dadd0dbfcbac234250ba4582df75b3765ec1ec61dc0965a0c81b9d1150f14c4c39ca4435e2edbdfda9284400c672f63b62214ec5853d7f62b62b960300c6fa70d4b872949270db49ad6f2fc60bd1325285c1e940b0dbf5142734b8ba640ea967f6bc5dadf2020523c2a3e1ce510e29f2cd42ca8b9f6de84bbe901dee32e90864a4fa5aec9bb2bbb38afc28af8d281d305a584c799e31f7927cbfa37394ed955cb9dab47b3a34d3aa62fd740e91353deb4767c40eeadb16637c8168de9b218e62459b508583c797e9781c6378e83b85fd4c9c4c80a8cfd069abfa01e64ffdb6e9694944b400924b1481fc3864ea47a148d303acb867518996cb177c719d4f8cb3c6b94f38886d24c9b5ee623c597e511a24bd3f3d0b535ae194f26f0796b444bf3b07f7d552d706e84ff905a1e7833fe730643e8ee4dfadf3fd39a7498f44a21585f98f82ec99db85637424bd15e9e5aa052783893fd270e85720d131bb9b53c3bb6cf458c9f809ad767210d47495495859febaa60aa2d59c00acbdc4efff825ba269fcf094ee34c223fb5683ed6fa5af8c014bd27c948e44896856af3d0ce4dbc467dff9a33fa3c0c91cf178d555a618de0dfe8b7eb6f19ba53a258525ce3c2f5ebd562a9f2bc64c93963368f5203e2f08b7c37ab38b083c70855c9246e26a3181d57d0961637dec7366d3e88d6be5dcd7045884e3c5c46c6dc68a36caa95a321be3f", 0x1000}, {&(0x7f0000001480)="7953bc809061acb8771381bd8ec8386443c0d4c63ddb3d21c997671cb92cf531f494e621c0d44bf75cae7bdaf7c6be3678ecdccaff3f4a528fe0250f1ba59b324b0fda01be34373f", 0x48}], 0x2, &(0x7f0000001500), 0x0, 0x4011}, {&(0x7f0000001540)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001800)=[{&(0x7f00000015c0)="f11b28597ded0622f98c1c9039361d5b0d183129e24ad93b8a07ec454bd7447e63ae48ce13f722e1440fafdc9fe674ad7e08a67fe95de5357de3ba3b92e62707f5f6aadbdb890c59843cb0581c765877ebdacd53bbbf08d73eac44f86f876935fb109622938e598877774ecb17476520d94d32963946", 0x76}, {&(0x7f0000001640)="e8328a934e9ba5422c489ce4f1b4b68f5fa9c26da78c612b89fa78b8f82c9b7702759e1d52b7c089491a9dfe2d1244afb01bd20d7913c49f9c6c37c6e705b2e3da419afdcc5ff6819d602be5c4b8f2378e53863f24d32765f3430f2638d0e3e7c10ca0514ee3c5661d115fdaa21bb3cbb7c151c8d808300aacb1d5262991cd79e1400470a8f3ad853a76da64fe2928044b9b3f1a45a64ec2e4cba7d7d21b77907e8bacea57af5059811e7412d098d31bc9db86b9e3cc8e9fbc0de0c642c1c0999b46f227714512071e5a1eb87c5a0c430356c74eaea0dd4330ad792067288df45ca4d26663c0ac0c7079b9fd1b6a3631feb60f", 0xf3}, {&(0x7f0000001740)="625ab63736f19ddc3cd499b70433551d5f7ad20e4654610f3bba3b7fb8f4871e6af3fe72c69c7f24aef39cf078dafafce7c3b96ad9616fe49cb5315617f770af9a827f34ef00a720cea879e97f099dcc16a78f27e96e721fb636abe39664223a859999bbb8fc7cdaf0d1ffc4c1c4c7fb92843364899875742c29ae9e7544bdf8786888db50c5", 0x86}], 0x3, &(0x7f0000001b40)=[@rights={0x28, 0x1, 0x1, [r1, r2, r3, r4, r5]}, @rights={0x18, 0x1, 0x1, [r6, r7]}, @cred={0x20, 0x1, 0x2, r8, r9, r10}, @rights={0x18, 0x1, 0x1, [r11]}], 0x78, 0x10}, {&(0x7f0000001bc0)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000001f40)=[{&(0x7f0000001c40)="9e1c8e14609dd94e4fa8d9a9eba4f40cef32", 0x12}, {&(0x7f0000001c80)="910c25996a472248fa29c69e60a5abaa19a1c87e5a2f9746f64401c66fbda664d926602f6148129e693577e500c87cb2e2369fa9b03269507ac232685129271b7eac1c82c411eb2e9f4cbbc7fb7e82c28325d97ed7b19945225a46cbc639311bb0c33027a41171afcfe9a5493fa34b5aa5183cf4c04c67ac1070ac80e88da2f6414de5fb3e79f055710c99d9cffb115c43de6bdc3560ce9aa4479372c3212de986b614d77d8feae9e3bb57d1419d6b17b5eaf387bcd4d7d8f59d4866a9a7e776c413", 0xc2}, {&(0x7f0000001d80)="9e19a0a5bcd735b9d4184fe2b2ac2c9baa72be19a4fde5b4a7dca61e824b8defd517bc92779ec730ba0bbac33f0a74fe45da91753dc4c03ff9d1450e17fab57835cd058f765a70afde7e583b4a0a4103a17820ff09fe8425c3ff61e14f93655a970431fdfa7757e4ce387872207ac13f9d034d1e212afe036bbb7a25a8d21fce5e26", 0x82}, {&(0x7f0000001e40)="9c2d6439ede086580e8b6660c71c85b7432c77960002f67226819ea65a122fa164e498dce1c1429932a2465a481c93664ec883c53ce4165d15b8cfb11d6771d135747b7a11d55bcae55a6f6aa29ef4e65157d24764993794a3d9c6ca6756d3f7f908044264b953c6557365521c3892609b049afee2586ee5f14db7da91c14451b2aea2ada525358780f706160286e931a80ddff80697e01dcc59307e8e6889b35fee08f17bbd95cd6e0cfdf778cfa4bbc58ead0ef81a494cd2b5478b9f38bf97401de5d0f13ccf387e213f9a4fddf26d80dd2f7da3bcf3974ee198f7df966301f117c10fd4a2e52c7ca8e37ce389a754e51e5b", 0xf3}], 0x4, &(0x7f0000002240)=[@cred={0x20, 0x1, 0x2, r12, r13, r14}, @rights={0x30, 0x1, 0x1, [r15, r16, r17, r18, r19, r20, r21]}], 0x50, 0x400c040}], 0x4, 0x800) 19:53:27 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000380)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) write$binfmt_misc(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="73797a303e2078855eaf5decbbfefe9ae1a276e261c38eb39f189db71955761e1f474943db69ccb54507bafd644fc6fa2f84fa1ec48a1c1b07769378a75f53471cd0d7bbb84bea1ed76fe1d112b7986f494c7972e320c767f971e3606c224732b57d651843a0f3bfba7e5828ceb0660a788a5523ddb2ea125f"], 0x79) semget$private(0x0, 0x7, 0x0) read(r0, &(0x7f00000004c0)=""/244, 0xfffffea0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$setstatus(r2, 0x4, 0x800) 19:53:27 executing program 5: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9) add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1) socketpair(0xa, 0x80000, 0x6, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)={0x4, 0x0, [{0x359, 0x0, 0x5}, {0x291, 0x0, 0x3}, {0x995, 0x0, 0x401}, {0x572, 0x0, 0x7f}]}) socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@mcast1}}, &(0x7f00000003c0)=0xe8) quotactl(0x7, &(0x7f0000000280)='./file0\x00', r6, &(0x7f0000000400)="5c45bbe053b4b1443718f789094f8e90a430da48d468f69ba31dbd5afc9ff7d3566c572a65f62807e4b93a116e3f22e987ea4bb122c5a98d9fdf6cf494002804d892b22f4e267ec33f333a43f8db3c4ad99665918d2fddd74b2cf73181bd275c4fa3c69e24daa5ebf3f0b51f4ff0433ea531f18592ceba62a403b2f235083e25daa942aba853f39b176f8acd9f8df6461ebd2b7166ce424a31c504ce40f0674740fb83eeb5e872a78cfa1f220c257eb1b3344b587e68b679579afe78e5589c2fb3b703e852a335e5dbee8e0cefac620781917a91b81408211d65f416fe688d585c77d679b4de64b3bfe248489f0c685d265e8d") r7 = syz_open_dev$sndpcmc(&(0x7f0000000500)='/dev/snd/pcmC#D#c\x00', 0x4, 0x60001) r8 = socket$inet_sctp(0x2, 0x5, 0x84) r9 = openat$cgroup_procs(r7, &(0x7f0000000540)='cgroup.threads\x00', 0x2, 0x0) ioctl$KVM_GET_REGS(r3, 0x8090ae81, &(0x7f0000000580)) splice(r4, &(0x7f0000000640), r5, &(0x7f0000000680), 0x233, 0x0) fcntl$getownex(r4, 0x10, &(0x7f00000006c0)) chroot(&(0x7f0000000700)='./file0\x00') r10 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000780)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r7, &(0x7f00000008c0)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000880)={&(0x7f00000007c0)={0x84, r10, 0x30, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x7}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team_slave_0\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xeefc253}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7ad}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x40}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@rand_addr=0x5}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x90) lsetxattr$security_smack_transmute(&(0x7f0000000900)='./file0/file0\x00', &(0x7f0000000940)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000980)='TRUE', 0x4, 0x34edb26a739d9ac2) ioctl$UI_GET_SYSNAME(r7, 0x8040552c, &(0x7f00000009c0)) add_key$keyring(&(0x7f0000000a00)='keyring\x00', &(0x7f0000000a40)={'syz', 0x0}, 0x0, 0x0, r1) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000cc0)={0x1, 0x0, 0x7, 0xfffffffffffffffe, 0x0}, &(0x7f0000000d00)=0x10) sendmsg$inet_sctp(r8, &(0x7f0000000d80)={&(0x7f0000000a80)=@in6={0xa, 0x8, 0x1, @local, 0x54e1ae1a}, 0x1c, &(0x7f0000000c80)=[{&(0x7f0000000ac0)="1919908a8bb292e1a4b3e51e4b0ec68dfe68b89703fa42a32c26c8c3d705d432282681167fc294a3c403e24679dec0116d981b6ae6e17b2e9969c95d099fd6251a51b2d2dd8d688a91068b8b28aab11556b22ccefddf9f73af8d42547a76ffbe7f43bcde5721ade0c391462c27e530366b0efba89c9805e7ea616273987b33b2e61c0762fbe40fe6b3fa41fa003db831937fa5b7c3bbd4b9", 0x98}, {&(0x7f0000000b80)="8bbd8a11104822ecacef7e00a89926b9344f6576a3282ba4c6c10c5eade4abfff552fe7e77dd330d5aba87e43085f2b975300cfc4d807610d37633bc23e02583e1b5deaaae9f03bd14c08aef30de0f7475b8c0296a21e2e8fd93ef3fb17aed04c783a43a0723995882f456a9a2d37ade40697353dde061b99df3e9d9f06e23aff9218e2917325f755230d28fc41524aed4031f00fd7fca523bbc74ea0d96e0a5729197574e38d2fa998617021058508763fa0172543d0a32d593d443eb42b48cb2f1270d7b47", 0xc6}], 0x2, &(0x7f0000000d40)=[@sndrcv={0x30, 0x84, 0x1, {0x9fb, 0x0, 0x1, 0x3, 0x3ff, 0x7, 0x6, 0x20, r11}}], 0x30}, 0x10) write$P9_RLOCK(r2, &(0x7f0000000dc0)={0x8, 0x35, 0x2, 0x3}, 0x8) clock_gettime(0x0, &(0x7f0000000e40)={0x0, 0x0}) utimensat(r9, &(0x7f0000000e00)='./file0/file0\x00', &(0x7f0000000e80)={{r12, r13/1000+30000}, {0x77359400}}, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r3, 0x8919, &(0x7f0000000ec0)={'erspan0\x00', {0x2, 0x4e20, @remote}}) syz_genetlink_get_family_id$ipvs(&(0x7f0000000f00)='IPVS\x00') clock_gettime(0x0, &(0x7f0000001000)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000f40)={0x2, 0x9, 0x6, 0x401, 0x1, 0x8, 0x6, 0xfffffffffffffffe}, &(0x7f0000000f80)={0xfffffffffffffffb, 0x1000, 0x42d8, 0x1f, 0x8001, 0xcc, 0x70a, 0x5}, &(0x7f0000000fc0)={0x9, 0x1ff, 0xffe00000000, 0x0, 0xfffffffffffffff7, 0x4, 0xfffffffffffffe01, 0x1ffe000000}, &(0x7f0000001040)={r14, r15+10000000}, &(0x7f00000010c0)={&(0x7f0000001080)={0x2}, 0x8}) 19:53:27 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x2040000000f, &(0x7f0000000000)=0x100, 0x4) sendto$inet6(r0, &(0x7f0000000240)="040400000700000000000000fff55b4202938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0e385472da7222a2bb42f2dbd94c3b50035060f118d0000f55dc62600009b000000faffffff00000000aeb46245004bae1356642490a7b5fc88046afd77fc7ae664f65bfc370ad30c2750684a7a4938b4b677081c14445c06232055397880d89abad699af485f036c70bbb8a78410e617e9be77", 0xa4, 0x0, &(0x7f0000000080)={0xa, 0x200800800, 0x20000000003, @remote}, 0x1c) 19:53:27 executing program 1: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85b, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000200)={@broadcast, @random="f63cd8d547b4", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d73cde", 0x0, "f53475"}}}}}}, 0x0) [ 222.593526] hrtimer: interrupt took 34987 ns 19:53:27 executing program 0: 19:53:27 executing program 1: 19:53:28 executing program 3: 19:53:28 executing program 4: 19:53:28 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000380)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) write$binfmt_misc(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="73797a303e2078855eaf5decbbfefe9ae1a276e261c38eb39f189db71955761e1f474943db69ccb54507bafd644fc6fa2f84fa1ec48a1c1b07769378a75f53471cd0d7bbb84bea1ed76fe1d112b7986f494c7972e320c767f971e3606c224732b57d651843a0f3bfba7e5828ceb0660a788a5523ddb2ea125f"], 0x79) semget$private(0x0, 0x7, 0x0) read(r0, &(0x7f00000004c0)=""/244, 0xfffffea0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$setstatus(r2, 0x4, 0x800) 19:53:28 executing program 0: 19:53:28 executing program 1: 19:53:28 executing program 3: 19:53:28 executing program 4: [ 223.865162] IPVS: ftp: loaded support on port[0] = 21 [ 225.128504] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.135021] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.142658] device bridge_slave_0 entered promiscuous mode [ 225.219883] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.226473] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.234839] device bridge_slave_1 entered promiscuous mode [ 225.310759] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 225.387905] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 225.618578] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 225.700464] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 225.850370] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 225.857589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 226.086378] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 226.093949] team0: Port device team_slave_0 added [ 226.169396] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 226.177044] team0: Port device team_slave_1 added [ 226.253340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 226.332434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.409351] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.416815] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.425909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.500816] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.508221] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.517196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.368104] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.374652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.381402] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.387937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.396130] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.793357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.587591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.874889] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 231.162261] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 231.168757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 231.176707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 231.462332] 8021q: adding VLAN 0 to HW filter on device team0 19:53:38 executing program 5: 19:53:38 executing program 0: 19:53:38 executing program 1: 19:53:38 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000380)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) write$binfmt_misc(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="73797a303e2078855eaf5decbbfefe9ae1a276e261c38eb39f189db71955761e1f474943db69ccb54507bafd644fc6fa2f84fa1ec48a1c1b07769378a75f53471cd0d7bbb84bea1ed76fe1d112b7986f494c7972e320c767f971e3606c224732b57d651843a0f3bfba7e5828ceb0660a788a5523ddb2ea125f"], 0x79) semget$private(0x0, 0x7, 0x0) read(r0, &(0x7f00000004c0)=""/244, 0xfffffea0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$setstatus(r2, 0x4, 0x800) 19:53:38 executing program 4: 19:53:38 executing program 3: 19:53:38 executing program 4: 19:53:38 executing program 3: 19:53:38 executing program 1: 19:53:38 executing program 0: 19:53:38 executing program 5: 19:53:38 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000380)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) write$binfmt_misc(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="73797a303e2078855eaf5decbbfefe9ae1a276e261c38eb39f189db71955761e1f474943db69ccb54507bafd644fc6fa2f84fa1ec48a1c1b07769378a75f53471cd0d7bbb84bea1ed76fe1d112b7986f494c7972e320c767f971e3606c224732b57d651843a0f3bfba7e5828ceb0660a788a5523ddb2ea125f"], 0x79) semget$private(0x0, 0x7, 0x0) read(r0, &(0x7f00000004c0)=""/244, 0xfffffea0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$setstatus(r2, 0x4, 0x800) 19:53:39 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='personality\x00') perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85b, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000000)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1, 0x0) 19:53:39 executing program 3: prctl$seccomp(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xfffffffffffffff9}]}) shutdown(0xffffffffffffffff, 0x0) 19:53:39 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={r0, 0x0, 0x1, 0x800, &(0x7f0000000080)}, 0x20) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, &(0x7f0000000180), &(0x7f00000001c0)=0xc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 19:53:39 executing program 1: prctl$seccomp(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x40000000006, 0x0, 0x0, 0xffffffffffff7fff}]}) process_vm_readv(0x0, &(0x7f0000002540), 0x0, &(0x7f00000026c0), 0x0, 0x0) 19:53:39 executing program 5: r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced423) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) mount(&(0x7f0000000080)=ANY=[], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='dax\x00', 0x0, &(0x7f00000001c0)='threaded\x00') [ 234.292815] audit: type=1326 audit(1538855619.332:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7767 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 234.342446] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 19:53:39 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f0000014000)='/dev/snd/timer\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x80000100000001, 0x0, 0x0, 0xfffffffffdfffffd}}) [ 234.571111] audit: type=1326 audit(1538855619.612:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7777 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000 [ 234.634764] ================================================================== [ 234.642196] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590 [ 234.648719] CPU: 0 PID: 7768 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63 [ 234.655923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.665286] Call Trace: [ 234.667884] dump_stack+0x306/0x460 [ 234.671531] ? loaded_vmcs_init+0x343/0x590 [ 234.675890] kmsan_report+0x1a3/0x2d0 [ 234.679721] __msan_warning+0x7c/0xe0 [ 234.683551] loaded_vmcs_init+0x343/0x590 [ 234.687733] __loaded_vmcs_clear+0x2fb/0x3c0 [ 234.692176] generic_exec_single+0x17b/0x500 [ 234.696724] ? vmx_get_msr_feature+0x180/0x180 [ 234.701333] smp_call_function_single+0x290/0x500 [ 234.706207] ? vmx_get_msr_feature+0x180/0x180 [ 234.710835] vmx_free_vcpu+0x582/0x8a0 [ 234.714757] ? vmx_create_vcpu+0x7920/0x7920 [ 234.719202] kvm_arch_destroy_vm+0x727/0xcd0 [ 234.723650] kvm_put_kvm+0x100b/0x1cf0 [ 234.727578] kvm_vcpu_release+0xad/0x100 [ 234.731667] ? kvm_vcpu_mmap+0x80/0x80 [ 234.735572] __fput+0x4e8/0xda0 [ 234.738885] ____fput+0x37/0x40 [ 234.742173] ? fput+0x3e0/0x3e0 [ 234.745474] task_work_run+0x467/0x500 [ 234.749390] prepare_exit_to_usermode+0x364/0x470 [ 234.754262] syscall_return_slowpath+0x112/0x880 [ 234.759039] ? __close_fd+0x465/0x4c0 [ 234.762868] ? __se_sys_close+0x72/0x140 [ 234.766946] do_syscall_64+0xe4/0x100 [ 234.770772] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 234.776065] RIP: 0033:0x411051 [ 234.779273] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 234.798364] RSP: 002b:0000000000a3fd90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 234.806188] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000411051 [ 234.813469] RDX: 0000000000000000 RSI: 0000000000731c60 RDI: 0000000000000007 [ 234.820758] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 234.828043] R10: 0000000000a3fcc0 R11: 0000000000000293 R12: 0000000000000000 19:53:39 executing program 5: epoll_create(0x0) r0 = creat(&(0x7f00000003c0)='./file0\x00', 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='trusted.overlay.origin\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='trusted.overlay.redirect\x00', &(0x7f0000000480)='\x00', 0x1, 0x0) 19:53:39 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000380)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) write$binfmt_misc(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="73797a303e2078855eaf5decbbfefe9ae1a276e261c38eb39f189db71955761e1f474943db69ccb54507bafd644fc6fa2f84fa1ec48a1c1b07769378a75f53471cd0d7bbb84bea1ed76fe1d112b7986f494c7972e320c767f971e3606c224732b57d651843a0f3bfba7e5828ceb0660a788a5523ddb2ea125f"], 0x79) semget$private(0x0, 0x7, 0x0) read(r0, &(0x7f00000004c0)=""/244, 0xfffffea0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) 19:53:39 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r0, 0x107, 0x13, &(0x7f0000000200), &(0x7f00000001c0)=0x2) [ 234.835337] R13: 0000000000000001 R14: 000000000000000e R15: 0000000000000000 [ 234.842729] [ 234.844369] Local variable description: ----error.i@loaded_vmcs_init [ 234.850866] Variable was created at: [ 234.854608] loaded_vmcs_init+0x8a/0x590 [ 234.858703] __loaded_vmcs_clear+0x2fb/0x3c0 [ 234.863114] ================================================================== [ 234.870480] Disabling lock debugging due to kernel taint [ 234.875944] Kernel panic - not syncing: panic_on_warn set ... [ 234.875944] [ 234.883339] CPU: 0 PID: 7768 Comm: syz-executor0 Tainted: G B 4.19.0-rc4+ #63 [ 234.891932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.901301] Call Trace: [ 234.903931] dump_stack+0x306/0x460 [ 234.907613] panic+0x54c/0xafa [ 234.910851] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 234.916327] kmsan_report+0x2cd/0x2d0 [ 234.920265] __msan_warning+0x7c/0xe0 [ 234.924101] loaded_vmcs_init+0x343/0x590 [ 234.928282] __loaded_vmcs_clear+0x2fb/0x3c0 [ 234.932721] generic_exec_single+0x17b/0x500 [ 234.937164] ? vmx_get_msr_feature+0x180/0x180 [ 234.941784] smp_call_function_single+0x290/0x500 [ 234.946663] ? vmx_get_msr_feature+0x180/0x180 [ 234.951286] vmx_free_vcpu+0x582/0x8a0 [ 234.955212] ? vmx_create_vcpu+0x7920/0x7920 [ 234.959663] kvm_arch_destroy_vm+0x727/0xcd0 [ 234.964113] kvm_put_kvm+0x100b/0x1cf0 [ 234.968056] kvm_vcpu_release+0xad/0x100 [ 234.972144] ? kvm_vcpu_mmap+0x80/0x80 [ 234.976058] __fput+0x4e8/0xda0 [ 234.979373] ____fput+0x37/0x40 [ 234.982668] ? fput+0x3e0/0x3e0 [ 234.985973] task_work_run+0x467/0x500 [ 234.989906] prepare_exit_to_usermode+0x364/0x470 [ 234.994788] syscall_return_slowpath+0x112/0x880 [ 234.999580] ? __close_fd+0x465/0x4c0 [ 235.003427] ? __se_sys_close+0x72/0x140 [ 235.007529] do_syscall_64+0xe4/0x100 [ 235.011369] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 235.016587] RIP: 0033:0x411051 [ 235.019813] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 235.038733] RSP: 002b:0000000000a3fd90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 235.046446] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000411051 [ 235.053796] RDX: 0000000000000000 RSI: 0000000000731c60 RDI: 0000000000000007 [ 235.061057] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 235.068329] R10: 0000000000a3fcc0 R11: 0000000000000293 R12: 0000000000000000 [ 235.075610] R13: 0000000000000001 R14: 000000000000000e R15: 0000000000000000 [ 235.084082] Kernel Offset: disabled [ 235.087715] Rebooting in 86400 seconds..