[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   52.126626] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   52.475054] audit: type=1800 audit(1539023702.528:29): pid=5955 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   56.605592] random: sshd: uninitialized urandom read (32 bytes read)
[   57.085632] random: sshd: uninitialized urandom read (32 bytes read)
[   58.897604] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts.
[   64.701026] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/08 18:35:16 fuzzer started
[   68.989669] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/08 18:35:21 dialing manager at 10.128.0.26:43781
2018/10/08 18:35:21 syscalls: 1
2018/10/08 18:35:21 code coverage: enabled
2018/10/08 18:35:21 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/08 18:35:21 setuid sandbox: enabled
2018/10/08 18:35:21 namespace sandbox: enabled
2018/10/08 18:35:21 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/08 18:35:21 fault injection: enabled
2018/10/08 18:35:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/08 18:35:21 net packed injection: enabled
2018/10/08 18:35:21 net device setup: enabled
[   73.910927] random: crng init done
18:37:00 executing program 0:
socket$inet6(0xa, 0x1000000000002, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x820000}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="000329bd7000000000000e000000"], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f00000003c0)=@nfc={0x27, 0x1, 0x0, 0x6}, 0x80, &(0x7f00000005c0), 0x0, &(0x7f00000008c0)=[{0xf0, 0x116, 0x1, "2f8d19a100140422d19db37e583fab0f64b50d58718fd6cc1a35b4920497a80b39c84a957e34c2f5fd50abd27655440e40207fde47d01ac001857f73f5355592049ec3e3e838128a93c5e4e25547d162fb484e6701200d254d8eace571d6103a3d967aeaa7eb427a181a349b5de6e343b72465fe2ee1792286b7895b4173ea33d5a8f07413fa3e859346d405c68e9084a0b65ee19a03c05092bf7110792e7cc00d8d89c74a2ae14f6a6429793c187743b3fd552123f9bf9fac489bf197a6ee76323d60ed51801337b85c604e292cbe1810aa6ba63def0ad02dbb"}], 0xf0, 0x800}, 0x4000000)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
chdir(&(0x7f0000000340)='./file0\x00')
symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00')
syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x8, 0x4000)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff}, 0x111, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={0x6, 0x118, 0xfa00, {{0x0, 0x1000, "77267fc856bdf34572c529c8bba01774659d713a1db9acbb9a16238df39035d84a1d784dfd4c4f2fff630f1c4bc8db1026345c684593f4755174d6edd722810e2beebbcabea48c6a8414d8a9eabb322a9b70eadf15dd2d823d408bac631a8fcbfa41939ee7e2ca37dc743659a51db4a8c69beb488d7c6fccd046561b3962d854ce4cd722185a4a117a326eef710effa61368c592ea2c9fa97c2d34449a8fb52be1f8d7d2b49b702b484c38d62c2f59a6b6b5f8b2b48ce81d0cb9b70bddc1aa1683137e4fc656df44d916894cb6747d529dabcbd49b783de1d392db323bfe55d2cff0f7987ebd64429780e2944eb9ffae074a63cb522b08d00449145bef4a5ca7", 0x5d, 0x1000, 0x5, 0x1, 0x0, 0x3ff}, r0}}, 0x120)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000480)=@vsock={0x28, 0x0, 0x2711, @host}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000ac0)="adbbe8f6c47276b0b9b554aacd7ba72325de313bb08e6909fd", 0x19}], 0x1, &(0x7f0000000c00)=[{0x58, 0x11f, 0x0, "3e6c090ba4b34d3a79ac7fbcf137cec50ac0785ad4f11f9e3046807475e4a8cf87d5d8ef9dfbf0654bab13ba8b9e130c94bb0bc0673b2d55c67b259f646c89961eb43e"}], 0x58}, 0x8091)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10000, 0x8)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
getsockname$netlink(0xffffffffffffffff, &(0x7f0000000380), &(0x7f0000000580)=0xc)
execve(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000ac0))
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000180)=0x4ffd)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000002040)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffdd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000280250020000000000000000000000000000000000000000000000002800706b74747970650000000000000000000000000000000000000000000000f07a3e90fc84000038017274000000000000000000000000000000000000000000000000000000005d0000000200000001000000cd0000001601000000000000000000000000ffffe0000002ff01000000000000000000000000000100000000000000000000ffffe000000100000000000000000000ffff7f00000100000000000000000000000000000000ff01000000000000000000000000000100000000000000000000ffff00000003fe80000000000000000000000000000ffe8000000000000000000000000000bbff020000000000000000000000000001ff010000000000000000000000000001fe800000000000000000000000000011fe8000000000000000000000000000bbfe80000000000000000000000000000cff010000000000000000000000000001ff0100000000000000000000000000010700000028004e4651554555450000000000000000000000000000000000000000000002ff7f03000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400168010000000000000000000000000000000000000000000000004800647374000000000000000000000000000000000000000000000000000000870800000501ef0002000700010030000300ffff01000900020001000900ffff0600203d04000c0030006672616700000000000000000000000000000000000000000000000000000600000007000000ff0f000010010000280052454a454354000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000001fe80000000000000000000000000000f000000ff00000000ffffffffffffff00ffffffffffffffffffffff00000000ff73799248616c6c65723100000000000069726c616e3000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000003f000901700000000000000000000000000000003801600100000000000000000000000000000000000000000000000048006862680000000000000000000000000000000000000000000000000000000100000001010300080009000100ff0101000700040000000301000100100028006970763668656164657200000000000000000000000000000000000000006080010000000000280052454a45435400000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x1)

[  171.136607] IPVS: ftp: loaded support on port[0] = 21
[  173.204872] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.211331] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.219700] device bridge_slave_0 entered promiscuous mode
[  173.344181] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.350640] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.358898] device bridge_slave_1 entered promiscuous mode
[  173.481406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  173.606896] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  173.983804] bond0: Enslaving bond_slave_0 as an active interface with an up link
18:37:04 executing program 1:
r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$int_in(r0, 0x80000000005001, &(0x7f0000000000))

[  174.145437] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  174.785441] IPVS: ftp: loaded support on port[0] = 21
[  175.161853] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  175.169713] team0: Port device team_slave_0 added
[  175.341685] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  175.349515] team0: Port device team_slave_1 added
[  175.526659] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  175.732621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  175.739813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  175.748947] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  175.959702] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  175.967363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  175.976182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  176.179831] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  176.187584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  176.196432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  178.264175] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.270638] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.278983] device bridge_slave_0 entered promiscuous mode
[  178.406599] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.413122] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.421287] device bridge_slave_1 entered promiscuous mode
[  178.489510] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.496057] bridge0: port 2(bridge_slave_1) entered forwarding state
[  178.503072] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.509504] bridge0: port 1(bridge_slave_0) entered forwarding state
[  178.517986] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  178.525081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  178.721280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
18:37:08 executing program 2:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x1, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000540))
write$sndseq(r0, &(0x7f0000000000)=[{0x5, 0x4f2, 0x0, 0x0, @tick, {}, {}, @time=@tick=0x5}], 0xb234ef0f)

[  178.992802] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  179.623877] IPVS: ftp: loaded support on port[0] = 21
[  179.804074] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  180.079473] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  180.351324] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  180.361995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  180.638190] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  180.645387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  181.472756] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  181.480568] team0: Port device team_slave_0 added
[  181.733415] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  181.741268] team0: Port device team_slave_1 added
[  182.038710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  182.045901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  182.054723] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  182.294499] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  182.301802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  182.310270] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  182.613359] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  182.641712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  182.650463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  182.892209] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  182.899711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  182.908467] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  183.709914] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.716601] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.725892] device bridge_slave_0 entered promiscuous mode
[  183.852641] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.859088] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.867314] device bridge_slave_1 entered promiscuous mode
[  184.173395] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  184.436110] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  185.172406] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  185.353318] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  185.818150] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.824681] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.831649] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.838077] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.846599] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  185.868605] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  185.875814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
18:37:16 executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x2040000000f, &(0x7f0000000000)=0x100, 0x4)
sendto$inet6(r0, &(0x7f0000000180)="040400000700000000000000fff55b4202938207d9fb3780398d5375000000007929301ee616d5c01843e06590085db44096e5aa7ea464522f2dbd9408000000060f118d0000f55dc62600009b000000faffffff00009f6f311ecdd99e2b585cb4c6fc910000aeb4a64afe70", 0x6c, 0x0, &(0x7f0000000040)={0xa, 0x200800800, 0x3, @loopback}, 0x1c)

[  186.662255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  186.835184] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  186.843107] team0: Port device team_slave_0 added
[  187.046131] IPVS: ftp: loaded support on port[0] = 21
[  187.199039] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  187.206965] team0: Port device team_slave_1 added
[  187.521448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  187.528707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  187.537341] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  187.837220] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  187.844417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  187.853119] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  188.169191] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  188.176953] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  188.185764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  188.506125] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  188.513798] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  188.522626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  189.567676] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.732878] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  191.960800] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  191.967324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  191.975294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  192.221101] ip (6584) used greatest stack depth: 53056 bytes left
[  192.236940] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.243477] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.250314] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.256869] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.265380] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  192.490600] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.497250] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.505794] device bridge_slave_0 entered promiscuous mode
[  192.757300] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.763956] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.772289] device bridge_slave_1 entered promiscuous mode
[  193.061911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  193.103909] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  193.230966] 8021q: adding VLAN 0 to HW filter on device team0
[  193.489159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  194.479503] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  194.801336] bond0: Enslaving bond_slave_1 as an active interface with an up link
18:37:25 executing program 4:
syslog(0x2, &(0x7f0000000040)=""/79, 0x4f)

[  195.121911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  195.131342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  195.412560] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  195.419630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  196.238150] IPVS: ftp: loaded support on port[0] = 21
[  196.535607] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  196.543776] team0: Port device team_slave_0 added
[  196.947433] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  196.955469] team0: Port device team_slave_1 added
[  197.370311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  197.377602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  197.386402] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  197.773834] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  197.780879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  197.789729] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  198.109164] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  198.116850] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  198.125930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  198.574683] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  198.582478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  198.591312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  199.520351] 8021q: adding VLAN 0 to HW filter on device bond0
[  200.879723] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  201.790556] hrtimer: interrupt took 45450 ns
18:37:31 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000300), 0x4)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200))
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002a00)={&(0x7f00000000c0), 0xc, &(0x7f0000002980), 0x0, &(0x7f00000029c0), 0x0, 0x881}, 0x0)
write$binfmt_misc(r0, &(0x7f0000000440)={'syz1'}, 0x1200e)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000480)={0x9, 0x8, 0x0, [{0x84f, 0x4, 0xaf4, 0x0, 0x556f, 0x2}, {0x4, 0x2, 0x4, 0x1, 0x6, 0x9, 0xfff}, {0x6, 0x401, 0x2, 0x45fc, 0x4, 0x8}, {0x3, 0x6a22, 0x6, 0x8, 0x9, 0xdb3, 0xfb5}, {0x5, 0xe3c8, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x1, 0x6, 0x7, 0x8000, 0x10000, 0x3}, {0xff, 0xf27, 0x1, 0xc0, 0x5, 0x401, 0x6f4}, {0x6, 0x7, 0x7, 0x20, 0x3ff, 0x18000000000, 0x6a8a}]})
sync_file_range(r0, 0x0, 0x0, 0x2)
process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)

[  202.469533] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  202.476009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  202.483828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
18:37:32 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000300), 0x4)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200))
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002a00)={&(0x7f00000000c0), 0xc, &(0x7f0000002980), 0x0, &(0x7f00000029c0), 0x0, 0x881}, 0x0)
write$binfmt_misc(r0, &(0x7f0000000440)={'syz1'}, 0x1200e)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000480)={0x9, 0x8, 0x0, [{0x84f, 0x4, 0xaf4, 0x0, 0x556f, 0x2}, {0x4, 0x2, 0x4, 0x1, 0x6, 0x9, 0xfff}, {0x6, 0x401, 0x2, 0x45fc, 0x4, 0x8}, {0x3, 0x6a22, 0x6, 0x8, 0x9, 0xdb3, 0xfb5}, {0x5, 0xe3c8, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x1, 0x6, 0x7, 0x8000, 0x10000, 0x3}, {0xff, 0xf27, 0x1, 0xc0, 0x5, 0x401, 0x6f4}, {0x6, 0x7, 0x7, 0x20, 0x3ff, 0x18000000000, 0x6a8a}]})
sync_file_range(r0, 0x0, 0x0, 0x2)
process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)

[  203.046938] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.053806] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.062076] device bridge_slave_0 entered promiscuous mode
[  203.100574] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.107109] bridge0: port 2(bridge_slave_1) entered forwarding state
[  203.114143] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.120582] bridge0: port 1(bridge_slave_0) entered forwarding state
[  203.128815] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
18:37:33 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000300), 0x4)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200))
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002a00)={&(0x7f00000000c0), 0xc, &(0x7f0000002980), 0x0, &(0x7f00000029c0), 0x0, 0x881}, 0x0)
write$binfmt_misc(r0, &(0x7f0000000440)={'syz1'}, 0x1200e)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000480)={0x9, 0x8, 0x0, [{0x84f, 0x4, 0xaf4, 0x0, 0x556f, 0x2}, {0x4, 0x2, 0x4, 0x1, 0x6, 0x9, 0xfff}, {0x6, 0x401, 0x2, 0x45fc, 0x4, 0x8}, {0x3, 0x6a22, 0x6, 0x8, 0x9, 0xdb3, 0xfb5}, {0x5, 0xe3c8, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x1, 0x6, 0x7, 0x8000, 0x10000, 0x3}, {0xff, 0xf27, 0x1, 0xc0, 0x5, 0x401, 0x6f4}, {0x6, 0x7, 0x7, 0x20, 0x3ff, 0x18000000000, 0x6a8a}]})
sync_file_range(r0, 0x0, 0x0, 0x2)
process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)

[  203.642047] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.648531] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.656908] device bridge_slave_1 entered promiscuous mode
[  203.703171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
18:37:34 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000300), 0x4)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200))
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002a00)={&(0x7f00000000c0), 0xc, &(0x7f0000002980), 0x0, &(0x7f00000029c0), 0x0, 0x881}, 0x0)
write$binfmt_misc(r0, &(0x7f0000000440)={'syz1'}, 0x1200e)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000480)={0x9, 0x8, 0x0, [{0x84f, 0x4, 0xaf4, 0x0, 0x556f, 0x2}, {0x4, 0x2, 0x4, 0x1, 0x6, 0x9, 0xfff}, {0x6, 0x401, 0x2, 0x45fc, 0x4, 0x8}, {0x3, 0x6a22, 0x6, 0x8, 0x9, 0xdb3, 0xfb5}, {0x5, 0xe3c8, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x1, 0x6, 0x7, 0x8000, 0x10000, 0x3}, {0xff, 0xf27, 0x1, 0xc0, 0x5, 0x401, 0x6f4}, {0x6, 0x7, 0x7, 0x20, 0x3ff, 0x18000000000, 0x6a8a}]})
sync_file_range(r0, 0x0, 0x0, 0x2)
process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0)

[  204.211252] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  204.345702] 8021q: adding VLAN 0 to HW filter on device team0
[  204.642076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
18:37:34 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x800000000000006)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = accept4(r0, &(0x7f0000000000)=@un=@abs, &(0x7f0000000080)=0x80, 0x800)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140)={<r2=>0x0, @in6={{0xa, 0x4e21, 0x9, @mcast1, 0x1ff}}}, &(0x7f00000000c0)=0x84)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000200)={r2, 0x5}, 0x8)
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000003c0)={{0xa, 0x4e21, 0x8001, @local, 0x2}, {0xa, 0x4e22, 0x0, @remote, 0x7ff}, 0x1000, [0x101, 0xa3eb, 0x4, 0x400000000000008, 0x1, 0x4, 0x6, 0x4]}, 0x5c)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000340)='/dev/null\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_PROT_MASK(r3, 0x40087705, &(0x7f0000000380)={0x8001, 0x81})
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e20}, 0x1c)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000240))
recvmmsg(r4, &(0x7f0000008880), 0x45b, 0x44000102, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f00000002c0)=0x3, 0x4)
sendto$inet6(r4, &(0x7f0000000280), 0x325, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0xfffffffffffffffe, @loopback}, 0x4)
setsockopt$inet6_int(r4, 0x29, 0x33, &(0x7f0000000540)=0x80000000, 0x4)
semget(0x2, 0x0, 0x20)

[  205.777862] bond0: Enslaving bond_slave_0 as an active interface with an up link
18:37:36 executing program 0:
r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x80, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000140)={{{@in=@multicast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@ipv4={[], [], @multicast2}}, 0x0, @in=@multicast2}}, &(0x7f0000000240)=0xe8)
r2 = getgid()
mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuseblk\x00', 0x8000, &(0x7f0000000280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xe000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions='default_permissions'}, {@max_read={'max_read', 0x3d, 0x4}}]}})
unshare(0x20400)
syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c832, 0xffffffffffffffff, 0x0)

[  206.173665] bond0: Enslaving bond_slave_1 as an active interface with an up link
18:37:36 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={"00ac720000000000ec973f820f7c4000", 0x102})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x30a)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x381000, 0x0)
getsockopt$inet6_buf(r1, 0x29, 0x2b, &(0x7f0000000040), &(0x7f0000000080))
close(r0)

[  206.549378] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  206.556785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
18:37:36 executing program 5:
r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x329, 0x942)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f0000000040))
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000180)={0x3, 0x1})
ioctl$TIOCMSET(r0, 0x5418, &(0x7f00000001c0)=0x4)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@loopback}, 0x0, @in=@multicast2}}, &(0x7f0000000340)=0xe8)
lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
fchownat(r0, &(0x7f0000000200)='./file0\x00', r1, r3, 0x1400)
mount$fuseblk(&(0x7f0000000440)='/dev/loop0\x00', &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='fuseblk\x00', 0x50020, &(0x7f0000000500)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xe000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other='allow_other'}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0x800}}, {@blksize={'blksize'}}], [{@fowner_lt={'fowner<', r2}}, {@pcr={'pcr', 0x3d, 0x25}}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/audio#\x00'}}, {@audit='audit'}, {@fowner_eq={'fowner', 0x3d, r1}}, {@appraise_type='appraise_type=imasig'}, {@smackfshat={'smackfshat', 0x3d, 'system'}}, {@permit_directio='permit_directio'}, {@audit='audit'}]}})
fcntl$setpipe(r0, 0x407, 0x8)
ioctl$FITRIM(r0, 0xc0185879, &(0x7f00000006c0)={0x6, 0x3, 0x401})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000700)={<r4=>0x0})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000740)={r4})
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000780)=0x28e1, 0x4)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000007c0)={<r5=>0x0, 0xfffffffffffffffc}, &(0x7f0000000800)=0x8)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000840)={r5, 0x6}, &(0x7f0000000880)=0x8)
r6 = syz_open_dev$mouse(&(0x7f00000008c0)='/dev/input/mouse#\x00', 0x10001, 0x4000)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000940)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r6, &(0x7f0000000a80)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x808}, 0xc, &(0x7f0000000a40)={&(0x7f0000000980)={0xc0, r8, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x88}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DAEMON={0x64, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x13}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000004}, 0x20000080)
fcntl$addseals(r0, 0x409, 0x8)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000ac0)=r5, 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000b40)={<r9=>0xffffffffffffffff}, 0x0, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000bc0)={0x16, 0x98, 0xfa00, {&(0x7f0000000b00), 0x1, r9, 0x3c, 0x1, @ib={0x1b, 0x3, 0x7, {"251965588ed1c6fb35f543d172570f9a"}, 0xffffffff, 0x6, 0x7}}}, 0xa0)
ioctl$BINDER_SET_MAX_THREADS(r6, 0x40046205, 0x4)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000c80)=0x14c20, 0x4)
ioctl$KVM_SET_TSC_KHZ(r6, 0xaea2, 0x20)
socket$inet6(0xa, 0x4, 0xffffffffffffff7f)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000cc0)=0x800, 0x4)
setsockopt$IP_VS_SO_SET_FLUSH(r6, 0x0, 0x485, 0x0, 0x0)
bind$unix(r0, &(0x7f0000000d00)=@file={0x0, './file0\x00'}, 0x6e)

[  206.963245] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  206.970339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.815557] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  207.823624] team0: Port device team_slave_0 added
[  208.013320] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.030487] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  208.038692] team0: Port device team_slave_1 added
[  208.056677] IPVS: ftp: loaded support on port[0] = 21
[  208.400296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  208.407570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  208.416255] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  208.766127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  208.773375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  208.782021] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  209.102204] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  209.109755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  209.118611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  209.297289] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  209.435239] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  209.443191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  209.452016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  210.550510] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  210.557173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  210.564969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  211.736439] 8021q: adding VLAN 0 to HW filter on device team0
18:37:42 executing program 1:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2, 0x0)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='b'], 0x1)
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000002, 0x1013, r0, 0x0)
ioctl$int_in(r0, 0x800000800c5012, &(0x7f00000004c0))

[  212.878208] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.884769] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.891780] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.898218] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.906854] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  213.293797] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.300309] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.308731] device bridge_slave_0 entered promiscuous mode
[  213.579106] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.585824] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.594103] device bridge_slave_1 entered promiscuous mode
[  213.703275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  213.915021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  214.145913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  215.022753] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  215.305275] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  215.595316] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  215.606124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  215.851437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  215.858683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  216.643276] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  216.651186] team0: Port device team_slave_0 added
[  216.808313] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.859361] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  216.867413] team0: Port device team_slave_1 added
[  217.123909] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  217.141845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  217.150295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  217.380477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  217.388663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  217.397266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  217.673292] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  217.680851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  217.689669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  217.760449] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  217.915586] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  217.923283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  217.932120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  226.965150] clocksource: timekeeping watchdog on CPU1: Marking clocksource 'tsc' as unstable because the skew is too large:
[  226.976807] clocksource:                       'acpi_pm' wd_now: 9ed8e2 wd_last: d11ef1 mask: ffffff
[  226.986468] clocksource:                       'tsc' cs_now: 7e9dada703 cs_last: 7a16e0f945 mask: ffffffffffffffff
[  226.997297] tsc: Marking TSC unstable due to clocksource watchdog
[  227.048068] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'.
[  227.057181] sched_clock: Marking unstable (227106563751, -58516475)<-(227171251731, -123204108)
[  227.266292] clocksource: Switched to clocksource acpi_pm
[  227.519380] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  227.525936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  227.533856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
18:37:57 executing program 2:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x1, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000540))
write$sndseq(r0, &(0x7f0000000000)=[{0x5, 0x4f2, 0x0, 0x0, @tick, {}, {}, @time=@tick=0x5}], 0xb234ef0f)

[  228.686203] 8021q: adding VLAN 0 to HW filter on device team0
[  230.304224] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.310673] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.317684] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.324214] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.332514] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  230.339087] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  235.598329] 8021q: adding VLAN 0 to HW filter on device bond0
[  237.054574] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
18:38:07 executing program 3:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000100)={[], 0x0, 0x0, 0xffffffff, 0x0, 0x9})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000006c0)={&(0x7f0000000680)='./file0\x00'}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000800)={{{@in6=@mcast1, @in=@local}}, {{@in=@multicast1}, 0x0, @in6=@local}}, &(0x7f0000000640)=0xe8)
getresuid(&(0x7f0000000700), &(0x7f0000000740), &(0x7f0000000780))
stat(&(0x7f0000000900)='./file0\x00', &(0x7f0000000940))
getegid()
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x40000, 0x0)
r4 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x0, 0x0)
ioctl$SCSI_IOCTL_DOORLOCK(r3, 0x5380)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text16={0x10, &(0x7f0000000400)="66b8010000000f01c1baf80c66b8f8a2e28366efbafc0c66b8dd52aa7966ef6436f2a40f30dbd07c800f2169650f019d64d90f214d0f01df", 0x38}], 0x1, 0x0, &(0x7f0000000200), 0x10000000000000e2)
msgrcv(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000000000000d5efd0757600000000000000000000000000000000000000000000000000000000000000d14e3f63000000000000000000906077925f6bafe8916b540000000000000000000000000000"], 0x1, 0x1, 0x1800)
ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000000)={0x0, 0x382})
ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611)
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r4, 0x81785501, &(0x7f0000000bc0)=""/4096)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x0, 0x10000})
getsockopt$IP_VS_SO_GET_VERSION(r4, 0x0, 0x480, &(0x7f00000007c0), &(0x7f0000000380)=0xfffffe04)
ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x7704, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f00000000c0), 0x1, 0x0)

[  237.711092] mmap: syz-executor3 (7543) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  237.840601] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  237.870775] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  237.877247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  237.885119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  237.893557] ==================================================================
[  237.900937] BUG: KMSAN: uninit-value in vmx_vcpu_put+0x77b/0xce0
[  237.901568] CPU: 0 PID: 7543 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #64
[  237.901568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  237.901568] Call Trace:
[  237.901568]  dump_stack+0x306/0x460
[  237.901568]  ? vmx_vcpu_put+0x77b/0xce0
[  237.901568]  kmsan_report+0x1a2/0x2e0
[  237.901568]  __msan_warning+0x7c/0xe0
[  237.901568]  vmx_vcpu_put+0x77b/0xce0
[  237.901568]  ? vmx_vcpu_load+0x1d50/0x1d50
[  237.901568]  kvm_arch_vcpu_put+0x3b6/0x480
[  237.901568]  ? INIT_INT+0xc/0x30
[  237.901568]  kvm_sched_out+0x90/0xb0
[  237.901568]  __schedule+0x970/0x9b0
[  237.901568]  ? kvm_arch_vcpu_ioctl_run+0x1bba/0x10a20
[  237.901568]  _cond_resched+0x5e/0xf0
[  237.901568]  kvm_arch_vcpu_ioctl_run+0x1bba/0x10a20
[  237.901568]  ? task_kmsan_context_state+0x6b/0x120
[  237.901568]  ? __msan_get_context_state+0x9/0x30
[  237.901568]  ? INIT_INT+0xc/0x30
[  237.901568]  ? task_kmsan_context_state+0x6b/0x120
[  237.901568]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  237.901568]  ? kmsan_set_origin_inline+0x6b/0x120
[  237.901568]  ? __msan_poison_alloca+0x17a/0x210
[  237.901568]  ? put_pid+0x71/0x410
[  237.901568]  ? kvm_vcpu_ioctl+0x20a4/0x20b0
[  237.901568]  ? put_pid+0x1a9/0x410
[  237.901568]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  237.901568]  ? get_task_pid+0x17b/0x270
[  237.901568]  kvm_vcpu_ioctl+0x11a7/0x20b0
[  237.901568]  ? do_vfs_ioctl+0x18a/0x2810
[  237.901568]  ? __se_sys_ioctl+0x1da/0x270
[  237.901568]  ? kvm_vm_release+0x90/0x90
[  237.901568]  do_vfs_ioctl+0xcf3/0x2810
[  237.901568]  ? security_file_ioctl+0x92/0x200
[  237.901568]  __se_sys_ioctl+0x1da/0x270
[  237.901568]  __x64_sys_ioctl+0x4a/0x70
[  237.901568]  do_syscall_64+0xbe/0x100
[  237.901568]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  237.901568] RIP: 0033:0x457579
[  237.901568] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  237.901568] RSP: 002b:00007fc5ab9c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  237.901568] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  237.901568] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  237.901568] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  237.901568] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc5ab9c86d4
[  237.901568] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff
[  237.901568] 
[  237.901568] Uninit was stored to memory at:
[  237.901568]  kmsan_internal_chain_origin+0x136/0x240
[  237.901568]  __msan_chain_origin+0x75/0xd0
[  237.901568]  vmx_prepare_switch_to_guest+0x4f6/0x17a0
[  237.901568]  kvm_arch_vcpu_ioctl_run+0x82fa/0x10a20
[  237.901568]  kvm_vcpu_ioctl+0x11a7/0x20b0
[  237.901568]  do_vfs_ioctl+0xcf3/0x2810
[  237.901568]  __se_sys_ioctl+0x1da/0x270
[  237.901568]  __x64_sys_ioctl+0x4a/0x70
[  237.901568]  do_syscall_64+0xbe/0x100
[  237.901568]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  237.901568] 
[  237.901568] Local variable description: ----error.i.i@vmx_prepare_switch_to_guest
[  237.901568] Variable was created at:
[  237.901568]  vmx_prepare_switch_to_guest+0x188/0x17a0
[  237.901568]  kvm_arch_vcpu_ioctl_run+0x82fa/0x10a20
[  237.901568] ==================================================================
[  237.901568] Disabling lock debugging due to kernel taint
[  237.901568] Kernel panic - not syncing: panic_on_warn set ...
[  237.901568] 
[  237.901568] CPU: 0 PID: 7543 Comm: syz-executor3 Tainted: G    B             4.19.0-rc4+ #64
[  237.901568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  237.901568] Call Trace:
[  237.901568]  dump_stack+0x306/0x460
[  237.901568]  panic+0x54c/0xafa
[  237.901568]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  237.901568]  kmsan_report+0x2d3/0x2e0
[  237.901568]  __msan_warning+0x7c/0xe0
[  237.901568]  vmx_vcpu_put+0x77b/0xce0
[  237.901568]  ? vmx_vcpu_load+0x1d50/0x1d50
[  237.901568]  kvm_arch_vcpu_put+0x3b6/0x480
[  237.901568]  ? INIT_INT+0xc/0x30
[  237.901568]  kvm_sched_out+0x90/0xb0
[  237.901568]  __schedule+0x970/0x9b0
[  237.901568]  ? kvm_arch_vcpu_ioctl_run+0x1bba/0x10a20
[  237.901568]  _cond_resched+0x5e/0xf0
[  237.901568]  kvm_arch_vcpu_ioctl_run+0x1bba/0x10a20
[  237.901568]  ? task_kmsan_context_state+0x6b/0x120
[  237.901568]  ? __msan_get_context_state+0x9/0x30
[  237.901568]  ? INIT_INT+0xc/0x30
[  237.901568]  ? task_kmsan_context_state+0x6b/0x120
[  237.901568]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  237.901568]  ? kmsan_set_origin_inline+0x6b/0x120
[  237.901568]  ? __msan_poison_alloca+0x17a/0x210
[  237.901568]  ? put_pid+0x71/0x410
[  237.901568]  ? kvm_vcpu_ioctl+0x20a4/0x20b0
[  237.901568]  ? put_pid+0x1a9/0x410
[  237.901568]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  237.901568]  ? get_task_pid+0x17b/0x270
[  237.901568]  kvm_vcpu_ioctl+0x11a7/0x20b0
[  237.901568]  ? do_vfs_ioctl+0x18a/0x2810
[  237.901568]  ? __se_sys_ioctl+0x1da/0x270
[  237.901568]  ? kvm_vm_release+0x90/0x90
[  237.901568]  do_vfs_ioctl+0xcf3/0x2810
[  237.901568]  ? security_file_ioctl+0x92/0x200
[  237.901568]  __se_sys_ioctl+0x1da/0x270
[  237.901568]  __x64_sys_ioctl+0x4a/0x70
[  237.901568]  do_syscall_64+0xbe/0x100
[  237.901568]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  237.901568] RIP: 0033:0x457579
[  237.901568] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  237.901568] RSP: 002b:00007fc5ab9c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  237.901568] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  237.901568] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  237.901568] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  237.901568] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc5ab9c86d4
[  237.901568] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff
[  237.901568] Shutting down cpus with NMI
[  237.901702] ------------[ cut here ]------------
[  237.901702] kernel BUG at mm/kmsan/kmsan_entry.c:81!
[  237.901702] invalid opcode: 0000 [#1] SMP
[  237.901702] CPU: 1 PID: 7546 Comm: syz-executor5 Tainted: G    B             4.19.0-rc4+ #64
[  237.901568] Kernel Offset: disabled
[[    223737.9.09105165868] ]R Rebeboootoitngin gin i 8n6 4806400 0se scoecnodsnd.s..
.Co
mpute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  237.901702] RIP: 0010:kmsan_nmi_enter+0x42/0x70
[  237.901702] Code: 00 74 27 65 8b 04 25 40 8f 03 00 ff c0 83 f8 08 7d 28 65 89 04 25 40 8f 03 00 65 c6 04 25 d5 6c 0b 00 ff c3 0f 0b 66 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e
[  237.901702] RSP: 0018:fffffe0000049ea8 EFLAGS: 00010046
[  237.901702] RAX: 0000000080010000 RBX: 0000000000000001 RCX: 00000000c0000101
[  237.901702] RDX: 00000000ffff8802 RSI: ffffffff8ac011a8 RDI: ffffea000cbec560
[  237.901702] RBP: fffffe0000049ef9 R08: 0000000000000000 R09: 0000000000000000
[  237.901702] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  237.901702] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  237.901702] FS:  0000000000000000(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
[  237.901702] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  237.901702] CR2: 000000000063f210 CR3: 000000013c847000 CR4: 00000000001426e0
[  237.901702] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  237.901702] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  237.901702] Call Trace:
[  237.901702]  <NMI>
[  237.901702]  ? end_repeat_nmi+0x19/0x58
[  237.901702]  ? end_repeat_nmi+0x7/0x58
[  237.901702]  ? queued_spin_lock_slowpath+0xd74/0x14d0
[  237.901702]  ? queued_spin_lock_slowpath+0xd74/0x14d0
[  237.901702]  ? queued_spin_lock_slowpath+0xd74/0x14d0
[  237.901702]  </NMI>
[  237.901702]  <IRQ>
[  237.901702]  ? _raw_spin_lock+0x2c0/0x2d0
[  237.901702]  ? try_to_wake_up+0x14ac/0x2410
[  237.901702]  ? default_wake_function+0x92/0xb0
[  237.901702]  ? autoremove_wake_function+0x54/0x2e0
[  237.901702]  ? kmsan_set_origin+0x83/0x140
[  237.901702]  ? __wake_up_common+0x43b/0xa20
[  237.901702]  ? init_wait_entry+0x190/0x190
[  237.901702]  ? __wake_up_common_lock+0x1a2/0x390
[  237.901702]  ? __wake_up+0x4a/0x60
[  237.901702]  ? wake_up_klogd_work_func+0xb8/0xe0
[  237.901702]  ? console_cpu_notify+0xc0/0xc0
[  237.901702]  ? irq_work_run_list+0x425/0x7e0
[  237.901702]  ? irq_work_tick+0xd3/0xe0
[  237.901702]  ? update_process_times+0x14b/0x1a0
[  237.901702]  ? tick_sched_timer+0x3a5/0x500
[  237.901702]  ? __hrtimer_run_queues+0xd09/0x1440
[  237.901702]  ? tick_setup_sched_timer+0x600/0x600
[  237.901702]  ? hrtimer_interrupt+0x458/0x13b0
[  237.901702]  ? __msan_poison_alloca+0x17a/0x210
[  237.901702]  ? hrtimer_init+0x670/0x670
[  237.901702]  ? local_apic_timer_interrupt+0x6b/0x250
[  237.901702]  ? smp_apic_timer_interrupt+0x5a/0x90
[  237.901702]  ? apic_timer_interrupt+0xf/0x20
[  237.901702]  </IRQ>
[  237.901702]  ? kmsan_internal_check_memory+0x148/0x460
[  237.901702]  ? __msan_poison_alloca+0x17a/0x210
[  237.901702]  ? kmsan_check_memory+0xb/0x10
[  237.901702]  ? lock_page_memcg+0x97/0x470
[  237.901702]  ? page_remove_rmap+0x2c8/0x1760
[  237.901702]  ? unmap_page_range+0x203d/0x3db0
[  237.901702]  ? unmap_single_vma+0x445/0x5e0
[  237.901702]  ? unmap_vmas+0x251/0x380
[  237.901702]  ? exit_mmap+0x50e/0xa00
[  237.901702]  ? __mmput+0x16d/0x700
[  237.901702]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[  237.901702]  ? mmput+0x178/0x1f0
[  237.901702]  ? flush_old_exec+0x174d/0x2930
[  237.901702]  ? kernel_read+0x13b/0x1a0
[  237.901702]  ? load_elf_binary+0x151b/0x9230
[  237.901702]  ? kmsan_set_origin+0x83/0x140
[  237.901702]  ? kmsan_set_origin_inline+0x6b/0x120
[  237.901702]  ? __msan_poison_alloca+0x17a/0x210
[  237.901702]  ? load_elf_binary+0x4f41/0x9230
[  237.901702]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[  237.901702]  ? load_script+0xd30/0xd30
[  237.901702]  ? search_binary_handler+0x49e/0x1030
[  237.901702]  ? __do_execve_file+0x22c5/0x3340
[  237.901702]  ? __se_sys_execve+0xec/0x110
[  237.901702]  ? __x64_sys_execve+0x4a/0x70
[  237.901702]  ? do_syscall_64+0xbe/0x100
[  237.901702]  ? entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  237.901702] Modules linked in:
[  237.901702] ---[ end trace 49cd3a69206fc712 ]---
[  237.901702] RIP: 0010:kmsan_nmi_enter+0x42/0x70
[  237.901702] Code: 00 74 27 65 8b 04 25 40 8f 03 00 ff c0 83 f8 08 7d 28 65 89 04 25 40 8f 03 00 65 c6 04 25 d5 6c 0b 00 ff c3 0f 0b 66 90 eb fe <0f> 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 0b 66 90 66 2e
[  237.901702] RSP: 0018:fffffe0000049ea8 EFLAGS: 00010046
[  237.901702] RAX: 0000000080010000 RBX: 0000000000000001 RCX: 00000000c0000101
[  237.901702] RDX: 00000000ffff8802 RSI: ffffffff8ac011a8 RDI: ffffea000cbec560
[  237.901702] RBP: fffffe0000049ef9 R08: 0000000000000000 R09: 0000000000000000
[  237.901702] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  237.901702] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  237.901702] FS:  0000000000000000(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
[  237.901702] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  237.901702] CR2: 000000000063f210 CR3: 000000013c847000 CR4: 00000000001426e0
[  237.901702] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  237.901702] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400