[   57.701686] audit: type=1800 audit(1538950552.741:27): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   59.273957] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   59.955861] random: sshd: uninitialized urandom read (32 bytes read)
[   60.454868] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   62.607798] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts.
[   68.335897] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/07 22:16:05 fuzzer started
[   72.997515] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/07 22:16:10 dialing manager at 10.128.0.26:36867
2018/10/07 22:16:10 syscalls: 1
2018/10/07 22:16:10 code coverage: enabled
2018/10/07 22:16:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/07 22:16:10 setuid sandbox: enabled
2018/10/07 22:16:10 namespace sandbox: enabled
2018/10/07 22:16:10 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/07 22:16:10 fault injection: enabled
2018/10/07 22:16:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/07 22:16:10 net packed injection: enabled
2018/10/07 22:16:10 net device setup: enabled
[   78.230460] random: crng init done
22:18:10 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}, @sadb_address={0x5, 0x9, 0x0, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0)

[  195.742556] IPVS: ftp: loaded support on port[0] = 21
[  198.189151] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.196241] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.204828] device bridge_slave_0 entered promiscuous mode
[  198.347450] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.354040] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.362895] device bridge_slave_1 entered promiscuous mode
[  198.504421] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  198.644343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  199.079740] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  199.226688] bond0: Enslaving bond_slave_1 as an active interface with an up link
22:18:14 executing program 1:
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000300)={&(0x7f0000000000)=@generic={0x2, "289954ad3176458579e5cf1d5e6e0863c7b994d12668e58aaefda1708cc32a278be59e6ded01ce0b959752b831da27cca8044ef116b0df95d34176379dc6aafe0212d7a17dd2885ae200a2a381c5a337220e45ee8e64ccc2e3a6eb4c45c23804ac5bf5956129100589de955fdf5df6f323d282cc6f41ef7d4ac37712dd12"}, 0x80, &(0x7f00000002c0), 0x0, &(0x7f0000001a00)=[{0x28, 0x11, 0x1, "3be6f398a63598596d969c218d7083196a75811525e20f23"}], 0x28, 0x20040000}, 0x40000)

[  199.655911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  199.663142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  200.023979] IPVS: ftp: loaded support on port[0] = 21
[  200.546690] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  200.554836] team0: Port device team_slave_0 added
[  200.716263] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  200.724413] team0: Port device team_slave_1 added
[  200.910367] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  200.917538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  200.926598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  201.233811] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  201.240838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  201.249928] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  201.506344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  201.514095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  201.523309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  201.696794] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  201.704610] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  201.713572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  203.557208] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.563795] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.572325] device bridge_slave_0 entered promiscuous mode
[  203.815500] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.822158] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.830671] device bridge_slave_1 entered promiscuous mode
[  203.995947] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  204.147397] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  204.213941] bridge0: port 2(bridge_slave_1) entered blocking state
[  204.220423] bridge0: port 2(bridge_slave_1) entered forwarding state
[  204.227456] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.233994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  204.242983] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  204.622274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  204.840430] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  205.118482] bond0: Enslaving bond_slave_1 as an active interface with an up link
22:18:20 executing program 2:
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000100)="24000000040a075f1dfffd946fa2830020200a0009000108000000680c1baba20400ff7e", 0x24}], 0x1}, 0x0)

[  205.297868] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  205.305930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  206.119770] IPVS: ftp: loaded support on port[0] = 21
[  206.572794] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  206.580837] team0: Port device team_slave_0 added
[  206.912085] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  206.920175] team0: Port device team_slave_1 added
[  207.257750] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  207.264941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  207.273904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.587928] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  207.596953] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.606223] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.933140] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  207.940703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.949888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  208.234827] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  208.242694] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  208.251474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  211.366975] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.373569] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.382156] device bridge_slave_0 entered promiscuous mode
[  211.602830] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.609322] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.617912] device bridge_slave_1 entered promiscuous mode
[  211.720130] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.726719] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.733764] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.740442] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.749547] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  211.842578] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  211.932780] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  212.068111] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
22:18:27 executing program 3:
clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
creat(&(0x7f0000000340)='./file0\x00', 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/dev_mcast\x00')
mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)='xfs\x00', 0x0, &(0x7f0000000000)='system\x00')

[  212.960373] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  213.242288] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  213.547748] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  213.555848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  213.985737] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  213.992873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  214.214011] IPVS: ftp: loaded support on port[0] = 21
[  215.136284] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  215.144474] team0: Port device team_slave_0 added
[  215.492270] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  215.500359] team0: Port device team_slave_1 added
[  215.840044] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  215.847705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  215.856961] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  216.209610] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.312687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  216.319734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  216.329013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  216.680652] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  216.688498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  216.697793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  217.078293] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  217.086163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  217.095268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  217.620488] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  219.060711] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  219.069030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  219.077390] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  220.349147] bridge0: port 1(bridge_slave_0) entered blocking state
[  220.355717] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.364368] device bridge_slave_0 entered promiscuous mode
[  220.549629] 8021q: adding VLAN 0 to HW filter on device team0
[  220.724297] bridge0: port 2(bridge_slave_1) entered blocking state
[  220.730770] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.739933] device bridge_slave_1 entered promiscuous mode
[  221.106497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  221.166198] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.172754] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.179653] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.186202] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.194940] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  221.485271] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  221.582796] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  222.558058] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  223.006937] bond0: Enslaving bond_slave_1 as an active interface with an up link
22:18:38 executing program 4:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect(r0, &(0x7f0000000100)=@ax25={0x3, {"f25ec3f463252d"}}, 0x80)
pkey_free(0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x141003, 0x0)
dup2(r0, r1)
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000400)={0x0, @loopback, @rand_addr=0x1cb}, 0x6)

[  223.321765] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  223.329050] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  223.728519] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  223.736827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  224.212925] ip (6783) used greatest stack depth: 53040 bytes left
[  224.712298] IPVS: ftp: loaded support on port[0] = 21
[  225.018457] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  225.026777] team0: Port device team_slave_0 added
[  225.498704] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  225.506875] team0: Port device team_slave_1 added
[  225.958454] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  225.965658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  225.974658] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  226.383636] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  226.390685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  226.399771] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  226.814465] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  226.822199] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  226.831227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  227.039855] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.276961] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  227.284788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  227.293803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  228.541016] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  230.258237] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  230.264862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  230.272704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
22:18:45 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)="636c6561725f7265667300b04978e60c4ba32fd7b949714bcbe80c57af59747c61a31619cbafea034f5b6bb15332860b9f14c654d1012484f5c9d8edcad2f073e0ca5078fc64d38d1e297b9d66a71452b92cae675696216e08f21e87b8b54da0d1b5f3b4d6f8caf34a15ed2b2c98fcbf581297b31beafaffb76778a196ad93aa3d2d7a06720827")
r2 = gettid()
r3 = syz_open_procfs(r2, &(0x7f0000000440)='syscall\x00')
sendfile(r1, r3, &(0x7f0000000080), 0x1)

22:18:46 executing program 0:
pipe(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f00000001c0), 0xfffffef3)
read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3)
poll(&(0x7f0000000380)=[{r1}], 0xc1, 0x2000000000084)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000040))
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f00000001c0)={0x0, &(0x7f0000000340)})
write$binfmt_elf64(r0, &(0x7f0000000400)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x1, 0x9, 0x5, 0x1db, 0x3, 0x6, 0x7, 0x384, 0x40, 0x6, 0x0, 0x8, 0x38, 0x1, 0x0, 0x5, 0x66}, [{0x6474e557, 0xff, 0x0, 0x9, 0x2, 0xfffffffffffffeff, 0x7fffffff, 0x200}, {0x1, 0x3f, 0x5, 0x0, 0xffff, 0x6, 0x81, 0x800}], "fa862165ba08482593a2827b2b1578d8af671dc121437bcb0964e7e863a93816e0e273488cce2bc940144ca956bdf6fa760c8fc41286e6ea54b65b7caadc2d7f02d64484ea54173d5c7389c9f05632d16975e10521b7a6c1be1a29ce362239839585cd370e71a7e5074f0de922b75180b2f62f027bc302416fff3437be7d71fbab365a7b7a6bf8ceb113ad57e8e6cc6d4fe58b3da1905ab1ae15b00326235cde40fc1f707fa5d1b482bad39e81b185d378e7b6389a8002eebabe9859cc", [[], []]}, 0x36d)

[  231.924077] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.930628] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.939302] device bridge_slave_0 entered promiscuous mode
[  231.963506] 8021q: adding VLAN 0 to HW filter on device team0
[  232.305307] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.311777] bridge0: port 2(bridge_slave_1) entered forwarding state
[  232.318904] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.325477] bridge0: port 1(bridge_slave_0) entered forwarding state
[  232.333949] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  232.422159] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.428615] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.437089] device bridge_slave_1 entered promiscuous mode
22:18:47 executing program 0:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0)
clone(0x0, &(0x7f00000001c0)="023fe3726b68b0134daa7855c58d3072923840b15f746214f8f95991ec865da44bfb4547681444f11dfb50e515f4bed25b9df48371218cc7052f438dcec7", &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000200))
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$RTC_ALM_READ(r0, 0x80247009, &(0x7f0000000040))
write$FUSE_STATFS(r0, &(0x7f00000000c0)={0x60, 0x0, 0x5, {{0x7fff, 0x1, 0x5, 0x3, 0x401, 0x1, 0x6, 0x6}}}, 0x60)
write$UHID_CREATE2(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000001f00000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000630001011f00000005000000080000006a8c00001ad82bf44f02d98281549796f289b3e4bd4bffd22a399dc0031decf1f43963042e544113b060c706f1056b6b7fe8881a7d26698aab8982a4c71178041ebff56a7b09813e9210d7725b48106080744413bccb256bffd207ac98b7ae0e9977bd6f8df96208c2dc822d03155e97c4cedc6cc8cb3237df065fdce69a7905dc02924d767f4650dbe7c0fe69455f9834f61822ed5226e6cd8a499b32b9c876b2038234024667ea75d087348b964f2575d59171d617de436971e83d5efc5c616321f3e15a33db13b958393d077fc1368e22ec616fb033ae1fd9102499d477b2c747a516638dc5b7a5c7aab7105af00a17306ff788f15b03e0897656d25aa7aa4fba7b2e654ed7f505a1a4285936d972d391b86a5b55fc2656a69ad4ea7ac412cd191ec18d136b2673c7061cbcffa2949f2361310be4d299479a8bfecf62f1e5e7cb26b754cf909c2eac3e852809747c29f5cc7eb8287bc0957f621225"], 0x17b)

[  232.813334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  232.932431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  233.417527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
22:18:48 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x8010000000000084)
sendmmsg(r0, &(0x7f0000e8e000)=[{{&(0x7f00008b6000)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}, 0x1}, 0x80, &(0x7f0000231ff0), 0x0, &(0x7f0000000140)=[{0x10}], 0x10}}], 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)

22:18:49 executing program 0:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff)
r1 = inotify_init()
r2 = getpid()
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000000c0)=0x4)
sched_setscheduler(r2, 0x5, &(0x7f00000002c0))
write$P9_RAUTH(r0, &(0x7f0000000040)={0x14, 0x67, 0x1, {0x80, 0x3, 0x1}}, 0x14)
lseek(r1, 0x0, 0xfffffffffffffffc)

[  234.650598] bond0: Enslaving bond_slave_0 as an active interface with an up link
22:18:50 executing program 0:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x40010, 0xffffffffffffffff, 0x0)
r0 = dup(0xffffffffffffff9c)
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000040)={0x0, 0x6, 0x62d1, &(0x7f0000000100)=0x200})
r1 = shmget$private(0x0, 0x2000, 0x81, &(0x7f0000192000/0x2000)=nil)
shmat(r1, &(0x7f00000c6000/0x3000)=nil, 0x2000)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f00000000c0), 0x1, 0x2000000000002)

[  235.125431] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  235.484864] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  235.492153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
22:18:50 executing program 0:
r0 = socket(0x0, 0x5, 0x9)
getsockname$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000400)=0x1c)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2000, 0x1)
getdents(r1, &(0x7f0000000100)=""/223, 0xdf)
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000280)={0x0, <r2=>0x0}, &(0x7f00000002c0)=0xc)
fsetxattr$security_capability(r1, &(0x7f0000000200)='security.capability\x00', &(0x7f0000000300)=@v3={0x3000000, [{0x81, 0x100}, {0xd13d, 0x2}], r2}, 0x18, 0x2)
socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000340)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000380))
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240)='/dev/rtc\x00', 0x0, 0x0)
read(r4, &(0x7f0000000000)=""/4, 0x4)
ioctl$sock_inet_tcp_SIOCATMARK(r4, 0x7003, &(0x7f00000000c0))
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000440)={0x100})
openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x101000, 0x0)

[  235.997432] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  236.004802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
22:18:51 executing program 5:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x80080, 0x0)
ioctl$VT_SETMODE(r0, 0x5602, &(0x7f0000000040)={0x2c03, 0x2, 0x8, 0x8000, 0xfff})
getpeername$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f0000001300)={0x8, 0x3ff, 0x6, 0xc7, &(0x7f0000000100)=""/199, 0x1000, &(0x7f0000000200)=""/4096, 0xcb, &(0x7f0000001200)=""/203})
modify_ldt$write2(0x11, &(0x7f0000001340)={0x10000, 0xffffffffffffffff, 0x4000, 0x3, 0x7, 0x1f, 0x100000001, 0x8, 0x9, 0x7}, 0x10)
r2 = getpgid(0xffffffffffffffff)
perf_event_open(&(0x7f0000001380)={0x5, 0x70, 0x81, 0x7ff, 0x7fffffff, 0xfffffffffffffffd, 0x0, 0x8, 0x40, 0x2, 0x0, 0xa4, 0x3, 0x3, 0x8, 0x2, 0x4, 0x4958, 0x8, 0x100000001, 0x8000, 0x7fffffff, 0x0, 0x0, 0x100000001, 0x0, 0xfffffffffffffff9, 0x2, 0xd33, 0xffffffffffffffe0, 0x9, 0x81, 0x5, 0x3, 0x0, 0x4, 0x9, 0x5, 0x0, 0x0, 0x1, @perf_config_ext={0x80000001, 0x4}, 0x2, 0x6, 0x10a, 0x7, 0x1, 0x8, 0x5}, r2, 0x6, r0, 0x2)
sendmsg$nl_route_sched(r0, &(0x7f0000001500)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000014c0)={&(0x7f0000001440)=@newtclass={0x54, 0x28, 0x0, 0x70bd2a, 0x25dfdbff, {0x0, r1, {0xd, 0xd}, {0x9, 0xb}, {0xa, 0xffff}}, [@tclass_kind_options=@c_hfsc={{0xc, 0x1, 'hfsc\x00'}, {0x24, 0x2, [@TCA_HFSC_USC={0x10, 0x3, {0x3ff, 0x7, 0xd1b}}, @TCA_HFSC_USC={0x10, 0x3, {0x2, 0x200, 0x7}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x4)
write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000001540)={0xa, 0x0, 0x6b, 0x14c4c23d}, 0xa)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000001580)={0x9, 0x7})
finit_module(r0, &(0x7f00000015c0)='/dev/dsp\x00', 0x3)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000001600)={<r3=>0x0, 0xf, "b045e3f4836bfea47bd2e4dbb1dc10"}, &(0x7f0000001640)=0x17)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000016c0)={<r4=>r3, 0x10, &(0x7f0000001680)=[@in={0x2, 0x4e22, @multicast1}]}, &(0x7f0000001700)=0x10)
sendto$inet6(r0, &(0x7f0000001740)="895f121e038f99c2f6de1368ec928343c6a3e09461184be0e485160261722c07aef8f0031fd5a820bed74794055a8a84dab5e5f1f943eecb13345597484fd4a281b002eb0f7f744eb4f34748943994d2", 0x50, 0x800, &(0x7f00000017c0)={0xa, 0x4e21, 0x74a4, @mcast2, 0xfffffffffffffffa}, 0x1c)
ioctl$KVM_SET_GUEST_DEBUG(r0, 0x4048ae9b, &(0x7f0000001800)={0x10000, 0x0, [0x6, 0x100000000, 0x0, 0x7, 0x0, 0x6, 0x9]})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000001880)=0x80000001)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000018c0)=[@in6={0xa, 0x4e21, 0x1f}, @in={0x2, 0x4e23, @loopback}], 0x2c)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000001900)={0x7, r0})
r5 = syz_open_dev$midi(&(0x7f0000001940)='/dev/midi#\x00', 0x601, 0x400200)
ioctl$TCGETS(r5, 0x5401, &(0x7f0000001980))
removexattr(&(0x7f00000019c0)='./file0\x00', &(0x7f0000001a00)=@random={'trusted.', '\x00'})
ioctl$BINDER_THREAD_EXIT(r5, 0x40046208, 0x0)
io_setup(0x0, &(0x7f0000001a40)=<r6=>0x0)
io_cancel(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x8, 0x3f, r0, &(0x7f0000001a80)="ca9aa60fb1e95157581208a61b9e6a0df8d305b077f85d2c48e3d470399a27175c0805a91a6a927ec06b37635a1b0e829849ba0bc56762655716fea3ea50794a063d25ce5c5542fac739ba177e390def24ec11e061a60bf2b46419b9c22c7fe67b0c27bb1af7ef3fd97fdb76b26dcc5012b9d1", 0x73, 0x5, 0x0, 0x3, r5}, &(0x7f0000001b40))
ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6)
getsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000001b80)={r4, 0x7, 0x9, 0x4}, &(0x7f0000001bc0)=0x10)
getsockname$packet(r0, &(0x7f0000001c00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000001c40)=0x14)
ioctl$KVM_GET_MP_STATE(r5, 0x8004ae98, &(0x7f0000001c80))
ioctl$DRM_IOCTL_AGP_INFO(r5, 0x80386433, &(0x7f0000001cc0)=""/113)
ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000001d40)={&(0x7f0000ffd000/0x1000)=nil, 0xffff, 0x5, 0x18, &(0x7f0000ffb000/0x3000)=nil, 0x2})

[  237.316227] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  237.324361] team0: Port device team_slave_0 added
[  237.520941] IPVS: ftp: loaded support on port[0] = 21
[  237.661510] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  237.669683] team0: Port device team_slave_1 added
[  238.088547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  238.096101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  238.104903] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  238.542709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  238.549845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  238.558520] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  238.884779] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  238.892612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  238.901396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  238.952831] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.302689] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  239.311388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  239.320387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  240.337771] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
22:18:56 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000000)=""/11, 0xb}, 0x120)
readv(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/133, 0x85}], 0x1)

[  241.857590] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  241.864210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  241.872646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  242.040487] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.047424] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.054393] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.061152] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.068048] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.075235] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.082122] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.088909] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.095749] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.102648] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.109414] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  242.242707] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[  243.120318] 8021q: adding VLAN 0 to HW filter on device team0
[  243.230840] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.237495] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.246028] device bridge_slave_0 entered promiscuous mode
[  243.439041] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.445604] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.452647] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.459105] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.467613] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  243.489501] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.496056] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.504582] device bridge_slave_1 entered promiscuous mode
[  243.614065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  243.877179] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  244.170708] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  244.859722] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  245.104151] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  245.467107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  245.478575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  245.819454] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  245.826677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  246.760565] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  246.768741] team0: Port device team_slave_0 added
[  247.042504] 8021q: adding VLAN 0 to HW filter on device bond0
[  247.067588] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  247.076168] team0: Port device team_slave_1 added
[  247.326690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  247.335730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  247.344530] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  247.662114] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  247.669623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  247.678367] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  248.011220] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  248.019082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  248.028130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  248.314552] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  248.376385] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  248.384087] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  248.393096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  249.408868] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  249.415431] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  249.423346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
22:19:05 executing program 2:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="153f6234488d6d5d766070")
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000080)=0x32, 0x4)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r1, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001f80), 0x0, &(0x7f0000001fc0)}}], 0x400000000000047, 0x0)

[  250.605863] 8021q: adding VLAN 0 to HW filter on device team0
[  251.519166] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.525755] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.532846] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.539299] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.547833] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  251.554641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  254.488750] 8021q: adding VLAN 0 to HW filter on device bond0
[  255.416722] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
22:19:10 executing program 3:
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x0)
r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x200000000080}, 'port0\x00', 0xfffffffffffffffe, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x6})
ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000040)={{0x0, 0x1}, {0x80}})

[  256.215574] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  256.222175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  256.230149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  256.798459] 8021q: adding VLAN 0 to HW filter on device team0
[  259.104194] 8021q: adding VLAN 0 to HW filter on device bond0
[  259.730917] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  260.309259] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  260.315705] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  260.323553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
22:19:15 executing program 4:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x11, 0x3, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@ipx={0x4, 0x80000001, 0x0, "0950fe4adba7"}, 0x16, &(0x7f0000000000), 0x0, &(0x7f0000000240)}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x6}, 0x2c)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x2b5)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000003840)=[{&(0x7f00000004c0)=""/158, 0x9e}, {&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000002740)=""/98, 0x62}, {&(0x7f00000027c0)=""/4096, 0x1000}, {&(0x7f00000037c0)=""/115, 0x73}], 0x5}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000000c0)=@in6={0x31100, 0x894f, 0x5, @dev={0xfe, 0x80, [0x140000007fffeaa3, 0x4626, 0x0, 0x329, 0x7fffc930]}}, 0x80, &(0x7f0000000340), 0x3c1, &(0x7f0000000380)}, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(0xffffffffffffffff, 0x40086607, &(0x7f0000000080))

22:19:15 executing program 0:
r0 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000280))

22:19:15 executing program 1:
r0 = socket$packet(0x11, 0x80002, 0x300)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x800)
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff)
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x8101, 0x0)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000001c0)=@req3={0x1, 0x1, 0x8001, 0x81, 0x6, 0x1a4, 0x1000}, 0xfffffffffffffeab)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000), 0x4)
write$P9_RAUTH(r2, &(0x7f0000000080)={0x14, 0x67, 0x1, {0x0, 0x4, 0x6}}, 0x14)
r3 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x0)
close(r0)

22:19:15 executing program 2:
r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079)
ioctl$KVM_SET_CPUID(r0, 0xc0185500, &(0x7f0000000080)=ANY=[@ANYBLOB="2303338408"])
ioctl$KVM_CREATE_VCPU(r0, 0x4004551e, 0x0)
ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000100)={'veth1_to_team\x00', @ifru_settings={0x0, 0x0, @te1=&(0x7f00000000c0)={0x20000000000000, 0xfff, 0x7, 0x10001}}})

22:19:15 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmsg(r0, &(0x7f0000000200)={&(0x7f0000000280)=@ethernet={0x0, @link_local}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000c40)=""/160, 0xa0}, 0x0)
syz_emit_ethernet(0x437, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev, @local, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, &(0x7f0000001780))

22:19:15 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="66400f3881900980000066baa00066b851f966efc4821dacbff0ffff7fb9800000c00f3235000100000f30c4e38d6d3ce9902636660f3881be010000000f20d835080000000f22d864450f09b8010000000f01d92e450f01d1", 0x59}], 0x1, 0x0, &(0x7f0000000000)=[@dstype0], 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000680)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x0, 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:19:16 executing program 1:
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={0x0, @rand_addr, @rand_addr}, &(0x7f0000000140)=0xc)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)="2f02726f75702e7374617000", 0x2761, 0x0)
r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
write$cgroup_int(r0, &(0x7f0000000000), 0xc5)
sendfile(r0, r0, &(0x7f0000000080), 0xfdef)
r1 = socket$inet6(0xa, 0x80003, 0x800000000000006)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488df05d766070")

22:19:16 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0002000090780012"], &(0x7f0000000100)={0x0, 0x2, [0x0, 0xad4]})

[  261.016539] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  261.129481] ==================================================================
[  261.136907] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920
[  261.143513] CPU: 0 PID: 7800 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63
[  261.150714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.160081] Call Trace:
[  261.162703]  dump_stack+0x306/0x460
[  261.166380]  ? _raw_spin_lock_irqsave+0x227/0x340
[  261.171262]  ? vmx_create_vcpu+0x10df/0x7920
[  261.175721]  kmsan_report+0x1a3/0x2d0
[  261.179570]  __msan_warning+0x7c/0xe0
[  261.183413]  vmx_create_vcpu+0x10df/0x7920
[  261.187667]  ? kmsan_set_origin_inline+0x6b/0x120
[  261.192535]  ? __msan_poison_alloca+0x17a/0x210
[  261.197235]  ? vmx_vm_init+0x340/0x340
[  261.201146]  kvm_arch_vcpu_create+0x25d/0x2f0
[  261.205670]  kvm_vm_ioctl+0x13fd/0x33d0
[  261.209679]  ? __msan_poison_alloca+0x17a/0x210
[  261.214385]  ? do_vfs_ioctl+0x18a/0x2810
[  261.218465]  ? __se_sys_ioctl+0x1da/0x270
[  261.222639]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  261.227503]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  261.232375]  do_vfs_ioctl+0xcf3/0x2810
[  261.236303]  ? security_file_ioctl+0x92/0x200
[  261.240842]  __se_sys_ioctl+0x1da/0x270
[  261.244846]  __x64_sys_ioctl+0x4a/0x70
[  261.248751]  do_syscall_64+0xbe/0x100
[  261.252575]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  261.257780] RIP: 0033:0x457579
[  261.260989] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  261.279906] RSP: 002b:00007f71cf138c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  261.287640] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  261.294924] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  261.302210] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  261.309498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f71cf1396d4
[  261.316778] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  261.324082] 
[  261.325721] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu
[  261.332650] Variable was created at:
[  261.336382]  vmx_create_vcpu+0xd5/0x7920
[  261.340464]  kvm_arch_vcpu_create+0x25d/0x2f0
[  261.344961] ==================================================================
[  261.352340] Disabling lock debugging due to kernel taint
[  261.357800] Kernel panic - not syncing: panic_on_warn set ...
[  261.357800] 
[  261.365191] CPU: 0 PID: 7800 Comm: syz-executor0 Tainted: G    B             4.19.0-rc4+ #63
[  261.373772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.383133] Call Trace:
[  261.385741]  dump_stack+0x306/0x460
[  261.389406]  panic+0x54c/0xafa
[  261.392672]  kmsan_report+0x2cd/0x2d0
[  261.396503]  __msan_warning+0x7c/0xe0
[  261.400341]  vmx_create_vcpu+0x10df/0x7920
[  261.404608]  ? kmsan_set_origin_inline+0x6b/0x120
[  261.409477]  ? __msan_poison_alloca+0x17a/0x210
[  261.414184]  ? vmx_vm_init+0x340/0x340
[  261.418092]  kvm_arch_vcpu_create+0x25d/0x2f0
[  261.422625]  kvm_vm_ioctl+0x13fd/0x33d0
[  261.426637]  ? __msan_poison_alloca+0x17a/0x210
[  261.431345]  ? do_vfs_ioctl+0x18a/0x2810
[  261.435429]  ? __se_sys_ioctl+0x1da/0x270
[  261.439597]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  261.444467]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  261.449338]  do_vfs_ioctl+0xcf3/0x2810
[  261.453266]  ? security_file_ioctl+0x92/0x200
[  261.457831]  __se_sys_ioctl+0x1da/0x270
[  261.461874]  __x64_sys_ioctl+0x4a/0x70
[  261.465789]  do_syscall_64+0xbe/0x100
[  261.469616]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  261.474817] RIP: 0033:0x457579
[  261.478022] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  261.496937] RSP: 002b:00007f71cf138c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  261.504665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  261.511946] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  261.519224] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  261.526502] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f71cf1396d4
[  261.533786] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  261.542128] Kernel Offset: disabled
[  261.545769] Rebooting in 86400 seconds..