[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   67.967597] audit: type=1800 audit(1541975238.013:25): pid=6594 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   67.986709] audit: type=1800 audit(1541975238.013:26): pid=6594 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   68.006229] audit: type=1800 audit(1541975238.043:27): pid=6594 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts.
2018/11/11 22:27:33 fuzzer started
2018/11/11 22:27:38 dialing manager at 10.128.0.26:42475
2018/11/11 22:27:39 syscalls: 1
2018/11/11 22:27:39 code coverage: enabled
2018/11/11 22:27:39 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/11/11 22:27:39 setuid sandbox: enabled
2018/11/11 22:27:39 namespace sandbox: enabled
2018/11/11 22:27:39 Android sandbox: /sys/fs/selinux/policy does not exist
2018/11/11 22:27:39 fault injection: enabled
2018/11/11 22:27:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/11/11 22:27:39 net packed injection: enabled
2018/11/11 22:27:39 net device setup: enabled
22:30:24 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
readv(r1, &(0x7f00000007c0)=[{&(0x7f00000001c0)=""/104, 0x34910}], 0x1)

syzkaller login: [  255.741041] IPVS: ftp: loaded support on port[0] = 21
[  258.186559] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.193182] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.202083] device bridge_slave_0 entered promiscuous mode
[  258.375096] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.381749] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.390445] device bridge_slave_1 entered promiscuous mode
[  258.530840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  258.673915] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  259.115852] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  259.263145] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  259.549990] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  259.557300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
22:30:29 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
unshare(0x28020000)
clone(0x70024100, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000000), &(0x7f0000000240))

[  259.921465] ip (6817) used greatest stack depth: 53552 bytes left
[  260.103449] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  260.111797] team0: Port device team_slave_0 added
[  260.370231] IPVS: ftp: loaded support on port[0] = 21
[  260.397506] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  260.405908] team0: Port device team_slave_1 added
[  260.601030] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  260.608232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  260.617273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  260.766211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  260.773495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  260.782596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  261.106531] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  261.114456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  261.124099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  261.274928] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  261.282705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  261.292052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  263.860552] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.867254] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.875906] device bridge_slave_0 entered promiscuous mode
[  264.068145] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.074730] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.083540] device bridge_slave_1 entered promiscuous mode
[  264.177163] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.183751] bridge0: port 2(bridge_slave_1) entered forwarding state
[  264.190773] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.197406] bridge0: port 1(bridge_slave_0) entered forwarding state
[  264.206405] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  264.325400] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  264.541138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  264.972158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  265.168562] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  265.378421] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  265.665861] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  265.673100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  265.891143] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  265.898395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
22:30:36 executing program 2:
r0 = open(&(0x7f0000000040)='./file0\x00', 0x8040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)

[  266.577325] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  266.585581] team0: Port device team_slave_0 added
[  266.760773] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  266.769076] team0: Port device team_slave_1 added
[  267.049453] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  267.250977] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  267.258141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  267.267175] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  267.528792] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  267.537537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  267.547012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  267.564760] IPVS: ftp: loaded support on port[0] = 21
[  267.848258] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  267.858737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  267.868091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  271.089022] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.095690] bridge0: port 2(bridge_slave_1) entered forwarding state
[  271.102771] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.109265] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.118326] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  272.092370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  272.451831] bridge0: port 1(bridge_slave_0) entered blocking state
[  272.458327] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.467192] device bridge_slave_0 entered promiscuous mode
[  272.895054] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.901777] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.910440] device bridge_slave_1 entered promiscuous mode
[  273.158174] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  273.479989] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  274.341368] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  274.680512] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  274.920462] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  274.927832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  275.173172] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  275.180241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
22:30:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000780)=[@text64={0x40, &(0x7f00000004c0)="660f3a20e8002e2e0f23902e3e420fc7660048b867e275534fcc403c0f23d00f21f835100000080f23f865420f381e62020f009905000000b9800000c00f3235010000000f30420fae85000000800f225ef36741d01f", 0x56}], 0x1, 0x0, &(0x7f00000007c0), 0x0)
ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f0000000240)={0x0, 0x7fffffff, 0x9})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001c00)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000800)=""/65, 0x41}], 0x1, &(0x7f0000000a00)=""/181, 0xb5}}], 0x1, 0x0, &(0x7f0000000040))
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f00000000c0)={0x1, 0x2, [@random="2870380f2849", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}]})
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000ac0)={"55c990aa4964e82a3ec457f4c7d69681319b32c4fe546fdaa52a7f1ee7a27d5f71fb895c4bf21bf0301d2a160f646d230ecc224077896302fd1e64ad393ef24145492c44f164e53100dc89f52d25895dcd4320f649fc784145767a5224088c492511d0a5d7bb0c0176706c238dfeee9caae8811ba9d2ec92a4a340c091647ae36123d290d72c375af37957c01aa945bdb6a7a6870069350c7c2ac6b9c032e80d8150743be19fbaf9447badcc1908d174e06fd466e64e24e3c892ee52a4b31338ad67030baeffa5bfa701c1e7bfbd8fd016d87018d05ab11f9e813877bd9cdf0884cbaabe09190f95550884f8a1e6510f6bbe96f86859597bf89741aea068e55b938ebee9d9bff58478513c4b72edbf79f75431b54743ab05d3980b30b2127cf13bf94beba0828a4bb1848bc1f862fac00698e4bd2f4bde3bb35107056c4147c0ed8d7d588ba03c37b82ea384d1db706a8b46ee351812ad747d1045540a48b542996812548270c5af5d27ff72920bebd8371348c7f55a953e236ac13fe737a81bd9b61e30a5e9c526cf61862f5a0a90963c73febe3b66ab29f17b6da74b7647bcc4e527356d57fa1fe3f3dffab39df7b353eda6b839decb4484939f4fc0c84bda1c964941ccf4db1ca0d2c152fd356ac66441c8b68755d533b416d9f7999678227c7a69db08e997252dd6a38fc458d93fac9f1f14f49b7ca4a0b0c8b538d2f30c34503a0975506ae9004b3e5c3d2469cf4e03d9b79dc1499647b5b680a02bdc56c18782c48120dee663918288f068c49d85355d114cfe0c5d1405cf5e37b181f296fa7dc9af116fbe220121fe139739226eefce468f27f5d21ab51ef0e26134c5341cf13799003ceb38d4050c2ba1c9e6decc2d11a8f14a6adadd45e615106b5dd4c07093ba114ac55b4e80d1a3545ab6e8fbf796b908ecc244340fc06e4d4bd6e069b7f0232198ab067a709bcdd4d41500e5dc7032e5993f965d4603033fe61cc523937d7345df42b4f1b62c4daf64f6c29eb2f214b88680bfe19252b67719ccea37d19fe3bfb0c8ad0bd6f4a1df532ec9220269453df5144ff48f63c2ad655b8f20db01b3af95c11f4e7de2bd0a47d47b08b620589a33327bef9ee310505c1736510e88b74281f098099c753d30fcf32f31a0521e32407d689b093f24d07049682ff4662b5b94616699fd704589c0edb02cf3e622088c685564b0c166f9f3cdb12dd8a70684ac6e24570191dda2db2b1965d2397a45060f834405b81fa79204e029b7cd93333dfbef669f3e480fd071f5b87e9fdf984dfe176353ed12ea15484366548336f540a5f1e8b9e19bdeb8d71dce9ecf03d09515bc4bcf7be382176e7e12395ee0f795f76695d0d90eee181d300deb89d7098403ac76309e63f6ca3eade1ce57dcd9de56e24610ed5c470d5540e9f50d068ee8a1431bb3216ae99b18"})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f0000000280), 0x0)
ioctl$PPPIOCSMRU(r2, 0x40047452, &(0x7f0000000880)=0x7ff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f00000009c0))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  276.105465] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  276.113765] team0: Port device team_slave_0 added
[  276.402800] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  276.411028] team0: Port device team_slave_1 added
[  276.429668] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.728770] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  276.736014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  276.744899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  277.051386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  277.058720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  277.067725] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  277.095814] IPVS: ftp: loaded support on port[0] = 21
[  277.491126] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  277.499121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  277.508370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  277.842431] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  277.850086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  277.859756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  277.953826] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  279.344210] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  279.350574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  279.358760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  280.763207] 8021q: adding VLAN 0 to HW filter on device team0
[  282.159178] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.165759] bridge0: port 2(bridge_slave_1) entered forwarding state
[  282.172835] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.179313] bridge0: port 1(bridge_slave_0) entered forwarding state
[  282.188482] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  282.384919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  283.321246] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.328030] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.336738] device bridge_slave_0 entered promiscuous mode
[  283.717923] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.724643] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.733450] device bridge_slave_1 entered promiscuous mode
[  284.099268] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  284.427263] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  285.071143] 8021q: adding VLAN 0 to HW filter on device bond0
[  285.541474] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  285.899423] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  286.253689] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  286.260760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  286.488291] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  286.577346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  286.584580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
22:30:57 executing program 4:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000240)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000109, 0x0)

[  287.703891] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  287.712246] team0: Port device team_slave_0 added
[  287.900546] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  287.907045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  287.915268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  288.121114] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  288.129419] team0: Port device team_slave_1 added
[  288.644041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  288.651122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  288.660602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  288.994375] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  289.001457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  289.010431] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  289.275511] IPVS: ftp: loaded support on port[0] = 21
[  289.416488] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  289.424477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  289.433557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  289.510693] 8021q: adding VLAN 0 to HW filter on device team0
[  289.846236] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  289.854055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  289.863551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
22:31:00 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0x8, &(0x7f0000001000)=ANY=[@ANYBLOB="7a0af8ff40000000bfa100000000000007010000f8ffffffb702000000000000bf130000000000008500000004000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00'}, 0x48)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x8040, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, &(0x7f0000d31ff0), &(0x7f0000000000)={0x77359400}, 0x8)
acct(&(0x7f0000000140)='./file0\x00')
fcntl$setlease(r2, 0x400, 0x2)

22:31:01 executing program 0:
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000340))
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0, 0x1ff}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000380)={r2, 0x21d4}, 0xfb)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a")
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800000000004, 0x20011, r3, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x480}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010028bd7000fddbdf2507000000080006000100010008000600050000000800040008000080dc001c00030008000500ffffffff08000500ffffffff551bbc08000400b154000008000697644bb84a23589eb495f39dbadc926d1c98aeae48c80c0495af8b9e90d7af79dc8bbcb63b7f27f50ff1167a1a0f1908f3f19b322eceddbb4474790e9b3446c58da9c14ed6034e7bea43ec23abbe0b28b22b7f24e92f0d38f3e70e4db3457b0490f5b7a96023d5e913dcc83a5b5160ab9bee98fd0d98d2b648987557a218b1fbddbf591bcf5faeb9084cd75cf7d88f"], 0x50}, 0x1, 0x0, 0x0, 0x50}, 0x80)
getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

22:31:02 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
fsync(r0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4)
bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x200000019, &(0x7f0000000100)=0x4, 0x54)
signalfd4(r0, &(0x7f0000000180), 0x8, 0x800)
r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x43, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, <r2=>0x0}, &(0x7f0000000080)=0xc)
ioctl$TUNSETGROUP(r1, 0x400454ce, r2)
sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xff6c, 0x0, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10)

22:31:02 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
fsync(r0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4)
bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x200000019, &(0x7f0000000100)=0x4, 0x54)
signalfd4(r0, &(0x7f0000000180), 0x8, 0x800)
r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x43, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, <r2=>0x0}, &(0x7f0000000080)=0xc)
ioctl$TUNSETGROUP(r1, 0x400454ce, r2)
sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xff6c, 0x0, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10)

22:31:03 executing program 0:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000080)=[@increfs={0x40046304, 0x1}]})
socket$inet6_udplite(0xa, 0x2, 0x88)
accept4$packet(r0, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000002c0)=0x14, 0x80800)
ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, &(0x7f0000000380)={@empty, 0x2e, r2})
r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x7fff, 0x4000)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000480)=ANY=[@ANYRES32=<r4=>0x0, @ANYBLOB="c500000000895aed76beb707f227c21d2fd316e9f3668ad12de5f9879fc1c683400e538608ea1eb1123364f9c4c5bb3ca57c3ed3707f5a80fde76d8472cbf168d508007fe09e7e229f16509f5343d7abee1d48ca93a16da2cc2f1040e6097799a366d535ca2a8f2823b4448f336ab30fe760bccd1f84ac9183e926a717e2c16fd0be3e07a166877693a38885b0b137ca79d926168f5e19926592ab72c620a8683f8361f775acc95936e26dfe1c9fe06b2dcb6717cfc24cb849356cf4aafc551d5872f3873fd7d7433f"], &(0x7f0000000140)=0xcd)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000180)={r4, 0x1}, 0x8)
ioctl$DRM_IOCTL_GET_MAP(r3, 0xc0286404, &(0x7f00000000c0)={&(0x7f0000ffe000/0x2000)=nil, 0xfff, 0x1, 0xa, &(0x7f0000001000/0x2000)=nil, 0x5a70})

[  294.054743] binder: 7538:7539 ioctl 8936 20000380 returned -22
[  294.076536] binder_alloc: binder_alloc_mmap_handler: 7538 20001000-20004000 already mapped failed -16
[  294.122039] binder: BINDER_SET_CONTEXT_MGR already set
[  294.127407] binder: 7538:7539 ioctl 40046207 0 returned -16
[  294.207724] binder_alloc: 7538: binder_alloc_buf, no vma
[  294.213527] binder: 7538:7543 transaction failed 29189/-3, size 24-8 line 2970
[  294.213682] binder: 7538:7539 IncRefs 0 refcount change on invalid ref 1 ret -22
[  294.252011] binder: 7538:7545 ioctl 8936 20000380 returned -22
[  294.284014] binder: release 7538:7539 transaction 2 out, still active
[  294.290686] binder: unexpected work type, 4, not freed
[  294.296233] binder: undelivered TRANSACTION_COMPLETE
[  294.352337] binder: undelivered TRANSACTION_ERROR: 29189
[  294.358103] binder: send failed reply for transaction 2, target dead
[  294.476605] bridge0: port 2(bridge_slave_1) entered blocking state
[  294.483199] bridge0: port 2(bridge_slave_1) entered forwarding state
[  294.490179] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.496836] bridge0: port 1(bridge_slave_0) entered forwarding state
[  294.505757] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  294.512456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
22:31:04 executing program 0:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0)
unshare(0x24020400)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000100)=ANY=[@ANYBLOB="6d616e676c650000000000000000001600000000db78000000000000000000001f00000006fbffffffffffffff030000b00200009801000000000000c0000000000500000005000000050000000500000005000006000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="7f000001ac1414bb000000000000000076657468315f746f5f6272696467650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800c0000000000000000000000000000000000000000000000000002800434845434b53554d000000000000000000000000000000000000000000000100000000000000e0000001e0000001000000000000000076657468305f746f5f7465616d0000006272696467655f736c6176655f300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800d80000000000000000000000000000000000000000000000000040005450524f58590000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f800000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f800000000000000000000000000000000000000000000000000600053455400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000017f0000010000000000000000626f6e6430000000000000000000000079616d30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800c000000000000000000000000000000000000000000000000000280054544c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x540)

22:31:05 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x8000, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000040)={<r2=>0x0, @in={{0x2, 0x4e24, @rand_addr=0x4}}, [0xfffffffffffffff8, 0x2, 0x7fff, 0x8, 0x400, 0x200, 0x4, 0x8, 0x1, 0x0, 0x9, 0x9, 0x1d3f, 0xe70, 0x40]}, &(0x7f0000000140)=0x100)
rt_sigreturn()
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f00000001c0)={r2, 0x3ff, 0x9}, 0x8)
ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000180)={'syz_tun\x00', {0x2, 0x0, @local}})
getresgid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0))
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm_plock\x00', 0x2180, 0x0)

[  295.256974] PANIC: double fault, error_code: 0x0
[  295.261863] CPU: 1 PID: 7572 Comm: syz-executor0 Not tainted 4.19.0+ #82
[  295.268748] ==================================================================
[  295.276151] BUG: KMSAN: uninit-value in irq_work_claim+0x153/0x390
[  295.282497] CPU: 1 PID: 7572 Comm: syz-executor0 Not tainted 4.19.0+ #82
[  295.289347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.298718] Call Trace:
[  295.301322]  <#DF>
[  295.303506]  dump_stack+0x32d/0x480
[  295.307166]  ? irq_work_claim+0x153/0x390
[  295.311352]  kmsan_report+0x19f/0x300
[  295.315196]  kmsan_internal_check_memory+0x35f/0x450
[  295.320329]  ? __msan_poison_alloca+0x1e0/0x2b0
[  295.325038]  kmsan_check_memory+0xd/0x10
[  295.329129]  irq_work_claim+0x153/0x390
[  295.333158]  irq_work_queue+0x44/0x280
[  295.337079]  vprintk_emit+0x693/0x790
[  295.340943]  vprintk_default+0x90/0xa0
[  295.344880]  vprintk_func+0x26b/0x2a0
[  295.348711]  printk+0x1a3/0x1f0
[  295.352060]  dump_stack_print_info+0x2c4/0x3c0
[  295.356684]  show_regs_print_info+0x37/0x40
[  295.361034]  show_regs+0x38/0x170
[  295.364519]  df_debug+0x86/0xb0
[  295.367822]  do_double_fault+0x362/0x480
[  295.371923]  double_fault+0x1e/0x30
[  295.375584] RIP: 0010:kmsan_get_origin_address+0xa/0x370
[  295.381057] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78
[  295.399973] RSP: 0018:fffffe000003d000 EFLAGS: 00010086
[  295.405358] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001
[  295.412651] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150
[  295.419935] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000
[  295.427222] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088
[  295.434510] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8
[  295.441817]  </#DF>
[  295.444062]  <ENTRY_TRAMPOLINE>
[  295.447375]  kmsan_memmove_origins+0xbd/0x1d0
[  295.451904]  ? kmsan_memmove_shadow+0xad/0xe0
[  295.456429]  __msan_memmove+0x6c/0x80
[  295.460259]  fixup_bad_iret+0x9b/0x130
[  295.464181]  error_entry+0xad/0xc0
[  295.467736] RIP: 0000:          (null)
[  295.471663] Code: Bad RIP value.
[  295.475046] RSP: a3fb7f:00007f11ce9729c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[  295.482950] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c
[  295.490232] RDX: 39ac956c6058f100 RSI: 0000000000000000 RDI: 0000000000000000
[  295.497515] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08
[  295.504799] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000
[  295.512083] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c
[  295.519393]  ? general_protection+0x8/0x30
[  295.523667]  ? general_protection+0x8/0x30
[  295.527931]  </ENTRY_TRAMPOLINE>
[  295.531299] 
[  295.532938] Local variable description: ----__ai_ptr@irq_work_claim
[  295.539346] Variable was created at:
[  295.543078]  irq_work_claim+0x4b/0x390
[  295.546987]  irq_work_queue+0x44/0x280
[  295.550879] 
[  295.552516] Byte 7 of 8 is uninitialized
[  295.556588] Memory access of size 8 starts at fffffe0000045a38
[  295.562563] ==================================================================
[  295.569924] Disabling lock debugging due to kernel taint
[  295.575389] Kernel panic - not syncing: panic_on_warn set ...
[  295.575389] 
[  295.582783] CPU: 1 PID: 7572 Comm: syz-executor0 Tainted: G    B             4.19.0+ #82
[  295.591021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.600387] Call Trace:
[  295.602981]  <#DF>
[  295.605162]  dump_stack+0x32d/0x480
[  295.608831]  panic+0x57e/0xb28
[  295.612088]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  295.617576]  kmsan_report+0x300/0x300
[  295.621414]  kmsan_internal_check_memory+0x35f/0x450
[  295.626545]  ? __msan_poison_alloca+0x1e0/0x2b0
[  295.631253]  kmsan_check_memory+0xd/0x10
[  295.635336]  irq_work_claim+0x153/0x390
[  295.639347]  irq_work_queue+0x44/0x280
[  295.643272]  vprintk_emit+0x693/0x790
[  295.647131]  vprintk_default+0x90/0xa0
[  295.651050]  vprintk_func+0x26b/0x2a0
[  295.654883]  printk+0x1a3/0x1f0
[  295.658225]  dump_stack_print_info+0x2c4/0x3c0
[  295.662847]  show_regs_print_info+0x37/0x40
[  295.667193]  show_regs+0x38/0x170
[  295.670678]  df_debug+0x86/0xb0
[  295.673986]  do_double_fault+0x362/0x480
[  295.678086]  double_fault+0x1e/0x30
[  295.681741] RIP: 0010:kmsan_get_origin_address+0xa/0x370
[  295.687215] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78
[  295.706137] RSP: 0018:fffffe000003d000 EFLAGS: 00010086
[  295.711523] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001
[  295.718811] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150
[  295.726093] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000
[  295.733388] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088
[  295.740674] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8
[  295.747976]  </#DF>
[  295.750226]  <ENTRY_TRAMPOLINE>
[  295.753533]  kmsan_memmove_origins+0xbd/0x1d0
[  295.758061]  ? kmsan_memmove_shadow+0xad/0xe0
[  295.762586]  __msan_memmove+0x6c/0x80
[  295.766411]  fixup_bad_iret+0x9b/0x130
[  295.770328]  error_entry+0xad/0xc0
[  295.773878] RIP: 0000:          (null)
[  295.777790] Code: Bad RIP value.
[  295.781164] RSP: a3fb7f:00007f11ce9729c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[  295.789071] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c
[  295.796357] RDX: 39ac956c6058f100 RSI: 0000000000000000 RDI: 0000000000000000
[  295.803645] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08
[  295.811054] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000
[  295.818347] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c
[  295.825654]  ? general_protection+0x8/0x30
[  295.829922]  ? general_protection+0x8/0x30
[  295.834191]  </ENTRY_TRAMPOLINE>
[  295.838509] Kernel Offset: disabled
[  295.842151] Rebooting in 86400 seconds..