[....] Starting OpenBSD Secure Shell server: sshd[ 50.495350] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 50.859491] audit: type=1800 audit(1538974689.913:29): pid=5849 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 50.879246] audit: type=1800 audit(1538974689.923:30): pid=5849 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 52.544518] random: sshd: uninitialized urandom read (32 bytes read) [ 52.928821] random: sshd: uninitialized urandom read (32 bytes read) [ 54.761623] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. [ 60.466217] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 04:58:21 fuzzer started [ 64.733119] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 04:58:25 dialing manager at 10.128.0.26:36867 2018/10/08 04:58:25 syscalls: 1 2018/10/08 04:58:25 code coverage: enabled 2018/10/08 04:58:25 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 04:58:25 setuid sandbox: enabled 2018/10/08 04:58:25 namespace sandbox: enabled 2018/10/08 04:58:25 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 04:58:25 fault injection: enabled 2018/10/08 04:58:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 04:58:25 net packed injection: enabled 2018/10/08 04:58:25 net device setup: enabled [ 68.574839] random: crng init done 05:00:03 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/sockstat6\x00') pread64(r0, &(0x7f00000001c0)=""/12, 0x7, 0x6) [ 165.310330] IPVS: ftp: loaded support on port[0] = 21 [ 167.515695] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.522310] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.530511] device bridge_slave_0 entered promiscuous mode [ 167.653024] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.659476] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.667748] device bridge_slave_1 entered promiscuous mode [ 167.792243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 167.913847] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 05:00:07 executing program 1: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000004c0)={0xffffffffffffffff}}}, 0x20) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x1a7) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000700)={0x16, 0x98, 0xfa00, {&(0x7f0000000340), 0x0, 0xffffffffffffffff, 0x1c, 0x0, @ib={0x1b, 0x0, 0x0, {"6d3a03a22ad13804238c25806cdd75ac"}}}}, 0xfffffe01) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000000)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0xfffffffffffffff8, @dev, 0x20}, r0}}, 0x30) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000800)=ANY=[@ANYRESOCT], &(0x7f00000002c0)=0x1) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300)=0xc, 0x4) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000380)='/dev/qat_adf_ctl\x00', 0x4001, 0x0) ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) mkdir(&(0x7f00000001c0)='./file0\x00', 0xf6ffffff) mount(&(0x7f0000000540)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)='f2fs\x00', 0x10, &(0x7f0000000640)='/dev/qat_adf_ctl\x00') socketpair$packet(0x11, 0x0, 0x300, &(0x7f0000000140)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r2 = socket$netlink(0x10, 0x3, 0x4) socket(0x2, 0x3, 0x3) sendmsg$nl_generic(r2, &(0x7f0000005000)={&(0x7f0000000540)={0x10, 0xf0ffffff00000f00}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x48, 0x14, 0x207, 0x0, 0x0, {0x2, 0xf0ffff, 0x600}}, 0xfd79}}, 0x0) open_by_handle_at(r2, &(0x7f0000000840)={0xfe8, 0x871, "01e581f4b420b7df0c31734517c7b9aa31af7f22baf91aca9ab8da4dd99a89ee7ca0c6e7f9116f064e1d3f2a51c798093656a59065bb5799d1a8338e646c79e3869a698e2c3e43c712cf87711af5e6c4eb0c76ce8cb725111a8e31b77fab16e5a864fb7e81282e8b11984adccdac3d19a6af8efdb0477291a2609bc65ad6e2dc362bf2b5186776db0b64c90b1b668db2ee70af00e48fe6689a33c2c8fded18f4dd27a279eef72a079245a2dbea478e728152e5802b50396687167a9448dc721c456d9dbf8aed7693103282f41d875c50e3d96a82775493998fc8e503f9d7e4f0a26798fa5d0fa95022be5f0b116492a87db94ebdfdeb8b1bd06b6a8763d3ef7563eb60a3dd0385cbf7ea667228121249b28ec3ff8896eee51e8b4111a873d58dc11da5edd66b695115dd722d64bf4b883911401daaa80aa27d7743d5f80c464637a96af7ab153ac72f235b10e22cda2d18f3cc4bd3c2d001d6f907796fe3381bb140b1762e3fda75094cb01f27c625cd6b9be3c90e81ff1349d6a65b192c236670c9128edc1bc0ad76c067fb8bfb333f0d3db1953ff14d204e84c57d0746c2b168dcb6de32e9cb1908b21ce23bf242df57f81c831bafb695420b58b8b408e8673a33d677957c09a5aadab5d01984205278f2b0707e123f1fe1ff89395eb487cd6385ded70df05d2b61782923ace9a318fc8cb07964c88df556316b1a112476844e45ed4df98c940367cd761ebc5ed7b5ea9a1985e7e1277b8c5675924d21f0e484423188db6f8b991d3209e4bb899084a94d57ebb06aa36804b86c4afbf85843ae0aa65c80c446076a180121ecd57d6f46232316ec4210f9ac70508f70b5aedb1299e7806c8aa2dc334a3f1f40298d69ca31626b70490a752de39a8ab9b1b5a26e3182dcdb7d884d308900f722b13659bc1559784934b59256aa4ecb6805dfbada76ccddd383b85ff0d5f5df73ed0aadbddeaa439558fbe5a8396a9b8e52d7ea4353769dac4a3ac82d8de72664f2228e16c93086bf080eac0646a10fa6fc61567e6aa8c9d7f4ee4a83aa0aa49fec67763d1286c266f359f75e24412611c4de80409e059f708ed0203af80d55629f97f8d734c5189e33f31c19e161befb2e7b1c23875aa4725e7437ae0e4a9219aa71d3beeec5a8dc6e081a61033502bb9f7a32ec4247b5fb5abbc62764c37daf8da0d6fcfcc7a4470bdf1773d5a064f4db4be05aa6c70119720d08e412e379a182ff606ad5996f175a70c168745ce89316b74f87701e39d7da9a1f52a010fe49043aeeb4ae4f2d85e61f06c5745ef80468f76e03270d058d84fbe4b6b1ba31f74232f7aea7c19fa0a4858f59f84e64c3ab09bcee6f55d9836fcd043259599161b41f4285271d851fab5d849ed4e900528859935829570ca280b6846c6e412d0ada3c6e942fffe8ba25153cce492811eb629dcf52f4f1b8ac310d62aa7a067d1853a335795c22204e2724132b93b1c25e4b07d12badab5b95a7d99ef7ceb17b431b81f30ed3f7d8b6b17d56363747a947a077d5599cc6d299399969938b26e1ec5eb876be9dbbac7d894f11f7937ed5a22612ee1cea4ac131db0e47e4e9f35cc3cc91357b742cafe340ee995e59a4319a926783a39b5d74dfa2f38df371591771249b619cde5bcfa37b429fd7beeb0cf6a248e8f85a0acff1ccee8a1fc6964ace82d73d92263dfa479e7ea75507402be7a61e459196282d2a4281b8d998188f8e5115d3ed50dbc5238de5fbe8cce3124217568d740804f802a8f98e0e9ecc0bb289e216a9b1a1a14158120c2fbb39a932ea9517e5600dd36b73850511c4299bfff50f5baefd388611a817b69c141595cfef3ee788f0f9cf6b89ef52a013b915b481da1e9b5b346b63a453e0e498dd5877a471ff5eb79ccfcca4fc010040dce796ae16b4e8df5f2cc6f230f88dd5b137a6cadff815c43c2c3b4eaa8a0a05e9e175391eea23e103e8f424f7282946a8ee8b3ee8b4bcd5189e0d57789da7a9ebbedb0c66257268433ae3e7bc5591287414b7ec5688a3e49457295e416a039b3c9b9a977945e5c0fe51dad1e3615fbf2b8b26196232e45928576c54a762ba3981e2aee607881b2b063f889a04e92d3680aba645a09c430c89b29fbdac379cf8cb2d177c060b3cc33589de21aebe036c97d174a9f7e53db6b72f263c3dc9bdeaed31ec65e143bea600ad78f102defd6028ec4708b2fdca03d7bbf6deac490ff5a57749ef32c40ea575197ac80d8e2789130c9e0d143247f268d7eb1a28c04e26c6e832b413062f5ea057f4e1e0cb4a2952c749347e69a9d9980c5ed354db729452ca8b4aff585538e58a535f61d51dbbc7472c7c0b4998ce3c9890cec3eff7dbc1eb090c32f787b4adce508baeaed4ef53335f53e2bfc2393bdc737d5150e0b80960736f6215255e9012e1797039fd8271dec1ac86952f2f812f2de918c84b531cee57b74fdea710080b985bee05bb5f6b1c74166aaa23799fe5e27b28f75b864ef2cf42a63c7b9fdc2d2de25c84f68705c1cf5f64ff6547932655ccaccd8599b765534ce7890c7bb0fecda4e392d1fd15d4d80aab73d9e7d42bf0f9a9dc7715f0b73e5cdca04ea5c9fa48dbd99516f308e88fa07da6cd129e78c273571b2df395c5958023bde4e894a92ffd26587c87d0f9d2c8cbf8673c320bca7ae6f28f74c452bd598f2d66e15fa9b4768af1ef882921b9ca3188494e07501443b202e8d7d17cc9069ba6a5cc3aa03ce4aea787d53339907b0c90ae248379734d8caeefb0d6e9e27607ca9f226601cfa475de2592efb02a526878da628acb608b037a3ee663e618df96a976321876542512410ef342a72d3f6b0cb3bfaf166310f896afa71d4729da3bdd1367b382cd9fd1b91fd09b05de26ca49210ff6058b6e4c601f33229f5949a549bf64996ef8392e0b8db024de7fb67fcbe334d31c5375079ecc52e0c4badf92c69ee0265cc5f4e3d712f8c097fcdef920add85868b7f413758ee1201f6595abb96a029b7c9a70325a88c4c50a6f8c6561739b18bae66cc7e44269b9bc5eb40b899f67eaaafdcd58e452b8610c5a6f565a313e9c568761c099e695007311ec8f402ebe68821922d2d98bfce37089dd38e2980ea425ba65a5fccd4ebd66eda3823bef4e7c785b5319d7d74278201d61dfb1a3372ec4d5247fe873775c7bfb2aabbdb1bfedde2bc2602136062e8f6323292f78b3cba9441714091dd0de4cb46036f3c0618effa111bfcc8502db7d9a0b9afe164f4426001eefb27229300e75413cf0a8b122d87efba74ae29011e44cdfded4794094c65711017a5eaa9f7b95ce9426dbec406b78417bc3fd376e54da258ab53f3ec508d8eeec3e5e60eb90d9a31b74bf8905854b14790afd93a3f07fca941100fd29f149463eb7f3402a1856561671dd2399e65fcaff98e2583d91c60a28e5717493dba3a7a9d0f9426f9f69370fa500fa38e53261f6d68cee7e8f138e935c52cd372af5703dffcd21c278f0ad9a1dcb2db8d422e1be21849e47902eb99ce978215a46f34245a94b9c943579ad8e469203e1e33b5f156e719d9916462cb3f50cb80f0122ddc449f80882f796fec9cffbb254088df3bf9cde500a6ec8c0f1e51844db014d2dc0af7d5cecbdf3a2d53a207c5013cb75fd144561d95b61ddba1652337d83638276e63145772ac3e388550692b6e9eb6a53106da152cdbb01da48e68a02a37c70d72a6b1b7f972f16029e1df3c092a7aaa80b0ef966c9b6a4ec3c84b68e90f39774993d2032fc3924145376996b212b7751cc68181ea9ced621faa6b140ec5b6768cceac21df87059d0c6c597d158d0867ebcc8bad96c7e6257bc7e5863f0d946d685b7ad0ee325bf47fd5eee49d19b28cac6c3922b3105550f0eb8e3e89e41eac5018a3d5aa6453a433c5162cb58144b269862aca9eea4d007bf842f5a6844fbf8fc047110ab03d56de2b4753a2823f4b75045db780cd5cfe062dea0d70f6d32ef8dea9cb7f7124afce03494bd3655670597f1f57c0a1ed25378724f4125384a5d708ca2ddd4860d9b6bd53f12a845c3a3adec60d5da4ded120109d23bfb01ff7370e14ced062df2f59ba9748aa4b43b3c5d2d469819a2ca1419ed6119c1b0975c1a343f08db0bf29495eea78e0d8c9be2572a4f047fdb18f98d940a5fc3332df2b0760893b37863fcfce6e61cb82ed62b66045917f71dfb0f10048ba0aa47bcc5dc1db34ab30f9ad7164583ddae055350d4185a9d8eadbad048fb88e09317d9e0be06edaa82871cc7ed3252c948694082a759c8ce21b06d1fb4b1e43e6fffbd1b20dad24b1226b47507babd148cca3bd185eb820124399631bfafeb9f309861f38471075469ba70ecac8f9674faf12c54732b312ce5b1af3474018fdbb0799a105034852af5b8ad19e67c53327c844db9ce0d26b923013a02a823e5413486090d9bb56f576cd816bc0eb35edac9eec19b52c0ebbbb5c71ed70de08475d8d274eabab91a048bbb780434953d74e536adaca17c0e9b6ab9c508e6c86b2af28f0282139ca179c762646e001f4bf44b2d863d5f51c9d54eb552abe287e98998280601968183f0470d20992c03c51d4854efc7d3d6837d0157fcd75ccdd414d14679ec8df44b57d7b3c10e46e267a90b0b69a648d624967958a8166d9e733f24afd10d6d6a76c13f7a8033e54c823d0ef57d7ae4dbb43eca757d71f3601eadeed2a1c08933f96527e480948faef9bc3b596327b6169c3959bfca7ea58f7835b5e4b62ddfb186d7721ff4ec86d7cde7effca03373fcdd74cfc5bf6d9d15d6bc77777d49bd401ed1bcf86e1cb61d5e0e64283e5952772e7b2d3bb9789aae8a6d47fbde4e85ee78e3ceffc4ff0ca29dbbca3fd70cdbaf3525235e0ff17783d663ad2f941e384459e321775531de26da1470b532af6e73727bc6b5746577d25b46f54aa1f61fac3ed00240aaee5457118e3ed465632fdc1a9c93112139868d1d86cedfb10afc13df5f89f3eb91c5035ce1a06d28d116dcf8ca32f0ac4fa251422bdd38fd191d506ad80fdc55a5fd54bb2b6dfbda3811c6816ede3a89913870ec2c85cbba5a979726674e644d94b6773dccb2412275d9e4d18813e1b4c990178e8cd31539222ea4c11ec07686b7b1f759c09ef6675e87a780a787df3fa89d6b163ce7ad18c10e4548f09a833bc7285b296286b24903354042430a52292ecca1bd8fa6c61cc2cb5acb97369d2865083123855e7450527ab61b5d947e3438009c7d4e356550274160da2bddd177f56dcab653e7fae8632c5ffd7de55c7afd55c3680f9a79c2ce65decbde53dc718218d5ac2435b6e6f3b70a68f4972118b7ced9cce960b3be201d49e1a6580c1656cec30202bd7c8b53860aae49184ffcd25a302e4e70a2ef3c6eb755c02d965eac6fed458d5863765d6be625b88d6187372ce6dd545473fc71ba94b7c87bffd3b594fd8d358175928e311a1527bf4a3baa618b8b0f132c2db069243ba83bd4effbabf7c19a973cbb81f8533b3a77698cf45624367e6f7003d4c9fe69c021081324f420a924326427fc9cc284136617f42e27460817352773d2362ea569278be7b9ddc65df8e80aeed3d967932556001ccdf58067d86a15a12f03008e8d7d886aba10ce846d4bd598c3241fd4aaf09d3e150a44872dca6544a6a44b30b9765479311ab3d1cc38d8d315469359f91a0d550c31a343f42013056be22fee36f35b2025596c95972937c09ad0526e040467fd8dda"}, 0x1) getpid() creat(&(0x7f0000000480)='./file0\x00', 0x0) r3 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x1ff, 0x2808c2) sched_setscheduler(0x0, 0x5, &(0x7f0000000040)) setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f0000000280), 0x4) clock_gettime(0x0, &(0x7f0000000200)) [ 168.293018] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 168.553433] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 168.947109] IPVS: ftp: loaded support on port[0] = 21 [ 169.449977] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 169.458274] team0: Port device team_slave_0 added [ 169.704272] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 169.712410] team0: Port device team_slave_1 added [ 169.957054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.202193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 170.209259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.218332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.428007] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 170.435742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.445005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.661747] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 170.674658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.683689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.065058] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.071520] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.079980] device bridge_slave_0 entered promiscuous mode [ 172.236835] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.243554] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.251737] device bridge_slave_1 entered promiscuous mode [ 172.393257] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 172.541361] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 172.954605] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.961078] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.968135] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.974645] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.983233] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 173.054317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:00:12 executing program 2: r0 = socket(0x1e, 0x1, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x274}, 0xff12) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000300)=@generic={0x10000000001e, "02ed01000000000000000001e527cc573c5bf86c483700c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f9b1ff010003000024e7af50dd0700000000000000e3ad316a19830000000000000006cb24281e2780e503000076c3979ac40023bd07020078a1dfd300881a8365b186827436"}, 0x80, &(0x7f0000447ff0), 0x0, &(0x7f0000000080)}, 0x0) [ 173.230119] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 173.499206] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 173.817648] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 173.825013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.909940] IPVS: ftp: loaded support on port[0] = 21 [ 174.065795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 174.072990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.815627] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 174.823726] team0: Port device team_slave_0 added [ 175.001040] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.009053] team0: Port device team_slave_1 added [ 175.236396] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 175.243637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.252432] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.421979] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 175.429021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.438077] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.692881] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 175.701040] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.709965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.984304] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 175.992043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.000627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.163894] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.170341] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.178752] device bridge_slave_0 entered promiscuous mode [ 178.436072] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.442728] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.450856] device bridge_slave_1 entered promiscuous mode [ 178.721761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 178.814034] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.820502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.827449] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.833968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.842346] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.053848] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.193794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.709612] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.996849] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.415574] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.422885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 05:00:19 executing program 3: r0 = socket$inet6(0xa, 0x11000000000002, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00', 0x101}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000001c0)={'lo\x00'}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000005c0)={0x1, 'lo\x00'}, 0x18) [ 181.356112] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.364270] team0: Port device team_slave_0 added [ 181.497024] IPVS: ftp: loaded support on port[0] = 21 [ 181.696107] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.704080] team0: Port device team_slave_1 added [ 181.997154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.004447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.013267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.268421] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.275676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.284411] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.589094] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.596731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.605744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.943804] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.951368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.960455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.930973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.072109] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 186.177094] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 186.183651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.191446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.498379] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.504922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.511781] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.518344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.526975] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 187.082511] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.088965] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.097527] device bridge_slave_0 entered promiscuous mode [ 187.322038] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.462574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.503328] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.509778] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.518247] device bridge_slave_1 entered promiscuous mode [ 187.779373] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.100430] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.030227] bond0: Enslaving bond_slave_0 as an active interface with an up link 05:00:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) [ 189.347540] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.696464] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.703731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.093423] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.100606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.738093] IPVS: ftp: loaded support on port[0] = 21 [ 191.178439] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.186463] team0: Port device team_slave_0 added [ 191.576662] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.584620] team0: Port device team_slave_1 added [ 192.002616] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 192.009808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.018626] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.318720] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.407662] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.416731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.425307] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.797453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.805111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.813972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.257886] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 193.265630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.274601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.766777] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 195.230118] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 195.236903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.244800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 05:00:34 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x550b, &(0x7f0000000040)) 05:00:35 executing program 0: r0 = memfd_create(&(0x7f0000000080)='^,%[\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000000)={{0x3, 0x1, 0x7ff, 0x3, 0x100000000}, 0x5, 0x4}) syz_open_dev$sndseq(&(0x7f0000027ff3)='/dev/snd/seq\x00', 0x0, 0x20005) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@local, @in6, 0x0, 0x0, 0x4e22, 0x81, 0xa, 0x20, 0x80}, {0x0, 0x7fffffff, 0x0, 0x0, 0x7fffffff, 0x0, 0x20}, {0x0, 0x7fff, 0x8, 0x1000}, 0x0, 0x6e6bb3, 0x3, 0x1, 0x2}, {{@in6}, 0x0, @in6=@remote, 0x34ff, 0x0, 0x0, 0x0, 0xe14, 0x0, 0x3}}, 0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@ipv4={[], [], @local}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@rand_addr}}, &(0x7f0000000180)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000400)={0x0, 0x0}, &(0x7f0000000440)=0xc) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x3, 'lo\x00'}, 0x18) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000540)={{{@in6=@remote, @in=@loopback, 0x4e21, 0xfffffffffffffff8, 0x4e20, 0x1000, 0x0, 0x80, 0x80, 0x0, r1, r2}, {0xffff, 0x10000, 0x1, 0x80000000, 0xea, 0x80000000, 0x0, 0x1}, {0x7, 0x1, 0x80, 0x8}, 0x2, 0x6e6bbc, 0x2, 0x1, 0x1}, {{@in6, 0x4d3, 0xff}, 0x0, @in6, 0x3501, 0x1, 0x3, 0x400, 0x1, 0x59b23f4f, 0x4}}, 0xe8) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000680)) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000004c0)={0x0, 0x81}, &(0x7f0000000500)=0x8) write$sndseq(r0, &(0x7f00000001c0)=[{0x21, 0x0, 0x0, 0xfffffffd, @tick, {}, {}, @ext={0x0, &(0x7f0000038ffe)}}], 0xfffffdc5) r3 = shmget$private(0x0, 0x4000, 0xa6ac5bb2ac12de5e, &(0x7f0000ffb000/0x4000)=nil) shmctl$SHM_STAT(r3, 0xd, &(0x7f00000006c0)=""/4096) [ 196.631433] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.160444] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.167205] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.175625] device bridge_slave_0 entered promiscuous mode [ 197.196016] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.202672] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.209540] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.216123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.224507] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 197.230911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 05:00:36 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x1, 0x0, "d57ce9009481973020cb563321b2f92ea3cfd11945aa617c2b75de33dc324a7059639175e49b4811161ae1af16dcdf825e95b91202ad80e1788234e9e345fb18fa68f06fc2a2854bd33a10b4dd26fcc0"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000440)={@in6={{0xa, 0x0, 0x0, @ipv4={[], [], @remote}}}, 0x0, 0x4, 0x0, "1396c4e201eae44025001113c0d31c196dd57488919769d1ba672557d654bb82adbfc0a7a8f1910fe466cf4859b4c800749cb46fbe87e1baa5d2a151c2fbbb0b0a3260a1ab77875e42822c8c14a54822"}, 0xd8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0xb71, @remote, 0x7}, 0x1c) [ 197.689785] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.696729] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.704985] device bridge_slave_1 entered promiscuous mode 05:00:37 executing program 0: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000040)=0x7ff) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) flistxattr(r0, &(0x7f0000000000), 0x0) [ 198.100243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 05:00:37 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x7, 0x0) write$P9_RMKNOD(r0, &(0x7f0000000100)={0x14, 0x13, 0x2, {0x40, 0x1, 0x5}}, 0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000000)=[{0x2000000000074, 0x40000, 0x5}, {0x6}]}, 0x10) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x1, 0xf, 0x2, {{0x0, 0x1}, 0x5}}, 0x18) [ 198.519624] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 05:00:37 executing program 0: socketpair$unix(0x1, 0x1000000001, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = memfd_create(&(0x7f0000000240)='/dev/autofs\x00', 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r1, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, {0x4000001}, 0x0, &(0x7f0000000180)="c483494ba49a0000000000"}, &(0x7f0000b4afe0)={&(0x7f0000000000), {}, 0x0, &(0x7f0000000140)="c4816decef"}, 0x8, &(0x7f00005eaff8)) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000040)=0x0) r3 = syz_open_procfs(r2, &(0x7f0000000000)='net/llc\x00') fcntl$getownex(r0, 0x10, &(0x7f0000000100)) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r3, 0x80045301, &(0x7f00000000c0)) 05:00:38 executing program 0: socketpair$inet(0x1e, 0x2, 0x1, &(0x7f0000000100)={0x0, 0x0}) sendmsg(r0, &(0x7f0000000040)={&(0x7f0000000080)=@llc={0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000000240)}, 0x0) 05:00:38 executing program 0: syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000240)='/dev/autofs\x00', 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r0, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, {0x4000001}, 0x10000000, &(0x7f0000000040)="c483494ba49a0000000000"}, &(0x7f0000b4afe0)={&(0x7f0000000000), {}, 0x0, &(0x7f0000000000)="c4816decef"}, 0x8, &(0x7f00005eaff8)) openat$md(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/md0\x00', 0x240000, 0x0) syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0) [ 199.554788] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.029954] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.316587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 200.324055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.585543] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 200.592886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.343974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.487890] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 201.495932] team0: Port device team_slave_0 added [ 201.716293] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 201.724395] team0: Port device team_slave_1 added [ 201.967368] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 201.978597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.987409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.245689] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 202.252952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.261422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.418805] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 202.530461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 202.538288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.547064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.802512] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 202.810250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.819252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.230943] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 203.237579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.245409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.122453] hrtimer: interrupt took 43604 ns [ 204.169744] 8021q: adding VLAN 0 to HW filter on device team0 05:00:43 executing program 1: [ 205.564764] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.571402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.578483] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.585014] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.593437] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 205.600052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.727230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.334137] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 05:00:47 executing program 2: [ 209.081196] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.087702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.095552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.558722] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.921071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.407501] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 212.584270] IPVS: Error connecting to the multicast addr 05:00:51 executing program 3: [ 212.865605] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.872133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.879651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.165639] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.951324] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 05:00:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:00:54 executing program 0: r0 = socket(0x4, 0x280009, 0x5) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000200)={&(0x7f0000000140)=@deltfilter={0x3c, 0x2d, 0x117, 0x0, 0x0, {}, [@filter_kind_options=@f_basic={{0xc, 0x1, 'basic\x00'}, {0xc}}]}, 0x3c}}, 0x0) 05:00:54 executing program 5: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) write$P9_RRENAMEAT(r0, &(0x7f0000000040)={0x7, 0x4b, 0x2}, 0x7) lookup_dcookie(0x8, &(0x7f0000000080)=""/77, 0x4d) listen(r0, 0x2) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={0x0, 0xb5}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000180)=@sack_info={r1, 0x3, 0xfff}, 0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000001c0)={0x5, 0x101, 0x8008, 0xb58, 0x6b, 0xbf, 0x7, 0x9, r1}, &(0x7f0000000200)=0x20) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000240)) clock_gettime(0x0, &(0x7f0000000400)={0x0, 0x0}) futimesat(r0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)={{r2, r3/1000+10000}}) ioctl$SG_GET_LOW_DMA(r0, 0x227a, &(0x7f0000000480)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000004c0)={0x0}, &(0x7f0000000500)=0xc) capset(&(0x7f0000000540)={0x399f1336, r4}, &(0x7f0000000580)={0x1, 0xdff0, 0x1, 0x1, 0xe06, 0x42}) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000005c0)={0x80000001, 0x200, 0x2, 0x9, r1}, &(0x7f0000000600)=0x10) r6 = shmget(0x1, 0x1000, 0x54000200, &(0x7f0000ffe000/0x1000)=nil) shmctl$SHM_LOCK(r6, 0xb) perf_event_open(&(0x7f0000000680)={0x4, 0x70, 0x6, 0x101, 0x20, 0x3, 0x0, 0x5, 0x50, 0x3, 0x1000, 0x8, 0x12000000000000, 0x8, 0x6, 0x4, 0x4, 0x400, 0x9, 0x4, 0x4, 0x6, 0x7f, 0x7f, 0x1, 0x2, 0x2, 0x2, 0x5ecc, 0x80, 0x5, 0x81, 0x0, 0x7fff, 0x3, 0xffffffffffffbd5c, 0x0, 0x100000000, 0x0, 0x3ff, 0x4, @perf_bp={&(0x7f0000000640), 0x2}, 0x4000, 0xff, 0x2, 0x4, 0xf0, 0x1, 0x70}, r4, 0x7, r0, 0x3) clock_gettime(0x0, &(0x7f0000000700)={0x0, 0x0}) clock_nanosleep(0x2, 0x0, &(0x7f0000000740)={r7, r8+10000000}, &(0x7f0000000780)) getsockopt$packet_int(r0, 0x107, 0x0, &(0x7f00000007c0), &(0x7f0000000800)=0x4) ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000840)) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000880)={0x401, {{0xa, 0x4e23, 0x4, @remote, 0x4fc}}, {{0xa, 0x4e24, 0x0, @mcast2}}}, 0x108) socket$inet6(0xa, 0x804, 0x9) ioctl$DRM_IOCTL_ADD_BUFS(r0, 0xc0206416, &(0x7f00000009c0)={0xffffffffffffffc1, 0x7, 0x4e3, 0x4, 0x7, 0x80000001}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000a00)={r5, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1a}}}, [0x4, 0x2, 0x80, 0x200, 0x2, 0x7, 0x6, 0x100000001, 0x8, 0x8001, 0x4973, 0xffffffff, 0x800, 0x101, 0x3]}, &(0x7f0000000b00)=0x100) tkill(r4, 0x27) syz_extract_tcp_res(&(0x7f0000000b40), 0x7b1ee105, 0x200) r9 = syz_open_dev$loop(&(0x7f0000000b80)='/dev/loop#\x00', 0xfffffffffffffff7, 0x4000) ioctl$VHOST_VSOCK_SET_GUEST_CID(r9, 0x4008af60, &(0x7f0000000bc0)) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000c00)={0x7, 0x2, 0x4}, 0x8) 05:00:54 executing program 2: 05:00:54 executing program 1: 05:00:54 executing program 3: 05:00:54 executing program 2: 05:00:54 executing program 3: timer_create(0x1, &(0x7f0000000140)={0x0, 0x0, 0x0, @thr={&(0x7f0000000340), &(0x7f0000000080)}}, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f0000000000)) 05:00:54 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, &(0x7f0000000440), 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4a28, 0x0, @loopback}, 0x1c) 05:00:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:00:54 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80}}], 0x1, 0x0, &(0x7f0000003280)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/dev_mcast\x00') preadv(r0, &(0x7f00000017c0), 0x19e, 0x0) [ 215.517319] sg_write: data in/out 131036/74 bytes for SCSI command 0xff-- guessing data in; [ 215.517319] program syz-executor3 not setting count and/or reply_len properly 05:00:54 executing program 2: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f00000001c0), &(0x7f00000000c0)}, 0x20) r0 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000100)=0x7) socket$inet6(0xa, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0xc0000000000002, &(0x7f0000000140)=0x75, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r1, &(0x7f00000000c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000000)=[{&(0x7f0000003ac0)=""/4096, 0x570e}], 0x1, &(0x7f0000000200)=""/20, 0xfffffffffffffec4}, 0x100) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)) [ 215.603288] sg_write: data in/out 131036/74 bytes for SCSI command 0xff-- guessing data in; [ 215.603288] program syz-executor3 not setting count and/or reply_len properly 05:00:54 executing program 1: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/11, 0x238) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)) clone(0x1102001bfc, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) ioctl$BLKIOMIN(r0, 0x1278, &(0x7f00000000c0)) 05:00:55 executing program 3: ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f0000000280)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000140)={0x1, {{0x2, 0x0, @multicast2}}}, 0x90) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x0) [ 216.345079] IPVS: ftp: loaded support on port[0] = 21 [ 217.726431] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.732929] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.740382] device bridge_slave_0 entered promiscuous mode [ 217.816333] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.823026] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.830474] device bridge_slave_1 entered promiscuous mode [ 217.905239] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 217.979949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 218.205299] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 218.285270] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 218.433957] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.441051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.664410] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.672051] team0: Port device team_slave_0 added [ 218.745887] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.753527] team0: Port device team_slave_1 added [ 218.828598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.907834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.989903] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 218.997650] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.006503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.075591] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.083025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.091583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.929245] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.935842] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.942743] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.949162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.957232] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.382247] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 223.004165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.286615] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 223.568612] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 223.574979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.582672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.863803] 8021q: adding VLAN 0 to HW filter on device team0 05:01:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) 05:01:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:01:05 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000027000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f00000002c0)="66b8008000000f23d00f21f86635000000070f23f80f20e06635000004000f22e09a0090f1000f06660fede70fc719baf80c66b850d1618666efbafc0c66ed2e66dd4e4e3e0f09ea6f351401", 0x4c}], 0x1, 0x0, &(0x7f0000000240), 0x0) 05:01:05 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f00000000c0)=0x100, &(0x7f0000000280)=0x4) 05:01:05 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000002c0)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha384-ssse3)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008780)=[{{&(0x7f0000007200)=@hci, 0x80, &(0x7f0000007380), 0x0, &(0x7f00000073c0)=""/120, 0x78}}], 0x1, 0x0, &(0x7f0000008800)={0x77359400}) 05:01:05 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.cpus\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f00000003c0)='cpuset.effective_cpus\x00', 0x0, 0x0) sendfile(r1, r2, &(0x7f0000000040), 0x1) [ 226.798614] sg_write: data in/out 67108828/74 bytes for SCSI command 0xff-- guessing data in; [ 226.798614] program syz-executor5 not setting count and/or reply_len properly 05:01:05 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r0, 0x0) mmap(&(0x7f0000f44000/0x4000)=nil, 0x507000, 0x1000007, 0x2013, r0, 0x3400000000000000) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 05:01:06 executing program 1: 05:01:06 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:01:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f00000000c0)=0x100, &(0x7f0000000280)=0x4) 05:01:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) [ 227.243472] sg_write: data in/out 67108828/74 bytes for SCSI command 0xff-- guessing data in; [ 227.243472] program syz-executor5 not setting count and/or reply_len properly 05:01:06 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:01:06 executing program 3: 05:01:06 executing program 1: 05:01:06 executing program 5: 05:01:06 executing program 1: 05:01:06 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:01:06 executing program 0: 05:01:07 executing program 2: 05:01:07 executing program 3: 05:01:07 executing program 1: 05:01:07 executing program 5: 05:01:07 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:01:07 executing program 0: 05:01:07 executing program 2: 05:01:07 executing program 0: 05:01:07 executing program 3: 05:01:07 executing program 5: 05:01:07 executing program 1: 05:01:07 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:01:07 executing program 0: 05:01:07 executing program 2: 05:01:08 executing program 3: 05:01:08 executing program 1: 05:01:08 executing program 5: 05:01:08 executing program 2: 05:01:08 executing program 0: 05:01:08 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:01:08 executing program 2: 05:01:08 executing program 1: 05:01:08 executing program 3: 05:01:08 executing program 5: 05:01:08 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:01:08 executing program 2: 05:01:08 executing program 0: 05:01:08 executing program 1: 05:01:09 executing program 3: 05:01:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000180)={0x81, 0x0, [0x1]}) 05:01:09 executing program 2: 05:01:09 executing program 5: 05:01:09 executing program 1: 05:01:09 executing program 0: 05:01:09 executing program 3: 05:01:09 executing program 1: 05:01:09 executing program 2: 05:01:09 executing program 5: 05:01:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x0, 0x0, [0x1]}) 05:01:09 executing program 0: 05:01:09 executing program 2: 05:01:09 executing program 5: 05:01:09 executing program 1: 05:01:09 executing program 3: 05:01:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x81}) 05:01:10 executing program 5: 05:01:10 executing program 2: 05:01:10 executing program 1: 05:01:10 executing program 3: 05:01:10 executing program 0: 05:01:10 executing program 1: 05:01:10 executing program 2: 05:01:10 executing program 3: 05:01:10 executing program 5: 05:01:10 executing program 1: 05:01:10 executing program 0: 05:01:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x81}) 05:01:10 executing program 2: 05:01:11 executing program 5: 05:01:11 executing program 0: 05:01:11 executing program 3: 05:01:11 executing program 2: 05:01:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000180)={0x81}) 05:01:11 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0x80085504, &(0x7f0000000240)) 05:01:11 executing program 5: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)) perf_event_open(&(0x7f0000000040)={0x5, 0x451, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xff, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000240)='/dev/dsp#\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x40}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x1}, &(0x7f0000000280)=0x10) bind$unix(0xffffffffffffffff, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e20}, 0x6e) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000800), 0x113}}, 0x20) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f00000008c0)) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000880)={0x12, 0x10, 0xfa00, {&(0x7f00000005c0)}}, 0x18) kexec_load(0x201ef1c0, 0x1, &(0x7f0000000180)=[{&(0x7f00000001c0), 0x0, 0x1d14bd000, 0x1000000}], 0x0) ustat(0x9cb, &(0x7f0000000780)) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)}}, 0x20) timerfd_create(0x0, 0x80800) ioperm(0xfffffffffffffb5c, 0x9, 0x4) add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000007c0)={'syz', 0x0}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) openat$vsock(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vsock\x00', 0x200, 0x0) msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000500)=""/126) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x10000) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)="2f02726f75702e7374617000", 0x2761, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") 05:01:11 executing program 2: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0105512, &(0x7f0000000240)) 05:01:11 executing program 0: socket$vsock_stream(0x28, 0x1, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xffffffea) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), &(0x7f00000004c0)={0x20, 0x0, 0x0, 0xc403000000000000}, &(0x7f0000000140)={0x8}, &(0x7f0000000200)={0x0, r2+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:01:11 executing program 3: clone(0x200, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000080), &(0x7f0000000180)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', &(0x7f0000000340), &(0x7f0000000280)) r0 = gettid() r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f00000000c0)=0x3f) write$P9_RAUTH(r1, &(0x7f0000000000)={0x14}, 0x150) recvfrom$unix(r3, &(0x7f0000bf5000), 0x0, 0x0, &(0x7f0000d93ff6)=@abs, 0x8) fcntl$setown(r2, 0x8, r0) fcntl$setsig(r2, 0xa, 0x12) dup2(r2, r3) tkill(r0, 0x16) [ 232.695722] usb usb9: usbfs: process 7879 (syz-executor1) did not claim interface 0 before use 05:01:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getpgrp(0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x0, 0x0) gettid() r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000000680)) 05:01:11 executing program 2: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0x8004550f, &(0x7f0000000240)) 05:01:12 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x46800) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) geteuid() stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) recvmmsg(0xffffffffffffffff, &(0x7f0000001c00)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000800)=""/65, 0x41}], 0x1, &(0x7f0000000a00)=""/181, 0xb5}}], 0x1, 0x0, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000ac0)={"55c990aa4964e82a3ec457f4c7d69681319b32c4fe546fdaa52a7f1ee7a27d5f71fb895c4bf21bf0301d2a160f646d230ecc224077896302fd1e64ad393ef24145492c44f164e53100dc89f52d25895dcd4320f649fc784145767a5224088c492511d0a5d7bb0c0176706c238dfeee9caae8811ba9d2ec92a4a340c091647ae36123d290d72c375af37957c01aa945bdb6a7a6870069350c7c2ac6b9c032e80d8150743be19fbaf9447badcc1908d174e06fd466e64e24e3c892ee52a4b31338ad67030baeffa5bfa701c1e7bfbd8fd016d87018d05ab11f9e813877bd9cdf0884cbaabe09190f95550884f8a1e6510f6bbe96f86859597bf89741aea068e55b938ebee9d9bff58478513c4b72edbf79f75431b54743ab05d3980b30b2127cf13bf94beba0828a4bb1848bc1f862fac00698e4bd2f4bde3bb35107056c4147c0ed8d7d588ba03c37b82ea384d1db706a8b46ee351812ad747d1045540a48b542996812548270c5af5d27ff72920bebd8371348c7f55a953e236ac13fe737a81bd9b61e30a5e9c526cf61862f5a0a90963c73febe3b66ab29f17b6da74b7647bcc4e527356d57fa1fe3f3dffab39df7b353eda6b839decb4484939f4fc0c84bda1c964941ccf4db1ca0d2c152fd356ac66441c8b68755d533b416d9f7999678227c7a69db08e997252dd6a38fc458d93fac9f1f14f49b7ca4a0b0c8b538d2f30c34503a0975506ae9004b3e5c3d2469cf4e03d9b79dc1499647b5b680a02bdc56c18782c48120dee663918288f068c49d85355d114cfe0c5d1405cf5e37b181f296fa7dc9af116fbe220121fe139739226eefce468f27f5d21ab51ef0e26134c5341cf13799003ceb38d4050c2ba1c9e6decc2d11a8f14a6adadd45e615106b5dd4c07093ba114ac55b4e80d1a3545ab6e8fbf796b908ecc244340fc06e4d4bd6e069b7f0232198ab067a709bcdd4d41500e5dc7032e5993f965d4603033fe61cc523937d7345df42b4f1b62c4daf64f6c29eb2f214b88680bfe19252b67719ccea37d19fe3bfb0c8ad0bd6f4a1df532ec9220269453df5144ff48f63c2ad655b8f20db01b3af95c11f4e7de2bd0a47d47b08b620589a33327bef9ee310505c1736510e88b74281f098099c753d30fcf32f31a0521e32407d689b093f24d07049682ff4662b5b94616699fd704589c0edb02cf3e622088c685564b0c166f9f3cdb12dd8a70684ac6e24570191dda2db2b1965d2397a45060f834405b81fa79204e029b7cd93333dfbef669f3e480fd071f5b87e9fdf984dfe176353ed12ea15484366548336f540a5f1e8b9e19bdeb8d71dce9ecf03d09515bc4bcf7be382176e7e12395ee0f795f76695d0d90eee181d300deb89d7098403ac76309e63f6ca3eade1ce57dcd9de56e24610ed5c470d5540e9f50d068ee8a1431bb3216ae99b18"}) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000100)="66b91000004066b80000000066ba000000000f30baa000eddb8f05000f89ae6a660f3a22efa80f09f00fc709f20f1ab60d0066b93608000066b80000000066ba008000000f3066b9800000c00f326635000800000f30", 0x56}], 0x1, 0x0, &(0x7f00000000c0), 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0xa}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f00000001c0)="4400000000000000000000009e0300", 0xfffffffffffffcf6) ioctl$KVM_RUN(r3, 0xae80, 0x0) getegid() getgid() [ 233.084309] ================================================================== [ 233.091744] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 233.098353] CPU: 1 PID: 7893 Comm: syz-executor4 Not tainted 4.19.0-rc4+ #63 [ 233.105550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.114914] Call Trace: [ 233.117526] dump_stack+0x306/0x460 [ 233.121172] ? _raw_spin_lock_irqsave+0x227/0x340 [ 233.126030] ? vmx_create_vcpu+0x10df/0x7920 [ 233.130459] kmsan_report+0x1a3/0x2d0 [ 233.134282] __msan_warning+0x7c/0xe0 [ 233.138115] vmx_create_vcpu+0x10df/0x7920 [ 233.142364] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.147231] ? __msan_poison_alloca+0x17a/0x210 [ 233.151935] ? vmx_vm_init+0x340/0x340 [ 233.155842] kvm_arch_vcpu_create+0x25d/0x2f0 [ 233.160354] kvm_vm_ioctl+0x13fd/0x33d0 [ 233.164356] ? __msan_poison_alloca+0x17a/0x210 [ 233.169045] ? do_vfs_ioctl+0x18a/0x2810 [ 233.173136] ? __se_sys_ioctl+0x1da/0x270 [ 233.177305] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 233.182169] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 233.187037] do_vfs_ioctl+0xcf3/0x2810 [ 233.190964] ? security_file_ioctl+0x92/0x200 [ 233.195492] __se_sys_ioctl+0x1da/0x270 [ 233.199490] __x64_sys_ioctl+0x4a/0x70 [ 233.203389] do_syscall_64+0xbe/0x100 [ 233.207211] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.212411] RIP: 0033:0x457579 [ 233.215623] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.234549] RSP: 002b:00007f0a32f80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.242286] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 233.249583] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 233.256873] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 233.264175] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a32f816d4 [ 233.271457] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 233.278753] [ 233.280390] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 233.287317] Variable was created at: [ 233.291051] vmx_create_vcpu+0xd5/0x7920 [ 233.295138] kvm_arch_vcpu_create+0x25d/0x2f0 [ 233.299635] ================================================================== [ 233.306996] Disabling lock debugging due to kernel taint [ 233.312456] Kernel panic - not syncing: panic_on_warn set ... [ 233.312456] [ 233.319847] CPU: 1 PID: 7893 Comm: syz-executor4 Tainted: G B 4.19.0-rc4+ #63 [ 233.328433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.337801] Call Trace: [ 233.340411] dump_stack+0x306/0x460 [ 233.344074] panic+0x54c/0xafa [ 233.347323] kmsan_report+0x2cd/0x2d0 [ 233.351148] __msan_warning+0x7c/0xe0 [ 233.354970] vmx_create_vcpu+0x10df/0x7920 [ 233.359228] ? kmsan_set_origin_inline+0x6b/0x120 [ 233.364106] ? __msan_poison_alloca+0x17a/0x210 [ 233.368801] ? vmx_vm_init+0x340/0x340 [ 233.372718] kvm_arch_vcpu_create+0x25d/0x2f0 [ 233.377235] kvm_vm_ioctl+0x13fd/0x33d0 [ 233.381245] ? __msan_poison_alloca+0x17a/0x210 [ 233.385946] ? do_vfs_ioctl+0x18a/0x2810 [ 233.390028] ? __se_sys_ioctl+0x1da/0x270 [ 233.394192] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 233.399053] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 233.404017] do_vfs_ioctl+0xcf3/0x2810 [ 233.407947] ? security_file_ioctl+0x92/0x200 [ 233.412475] __se_sys_ioctl+0x1da/0x270 [ 233.416483] __x64_sys_ioctl+0x4a/0x70 [ 233.420398] do_syscall_64+0xbe/0x100 [ 233.424220] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 233.429420] RIP: 0033:0x457579 [ 233.432626] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 233.451544] RSP: 002b:00007f0a32f80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 233.459277] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 233.466562] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 233.473854] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 233.481138] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a32f816d4 [ 233.488520] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 233.496960] Kernel Offset: disabled [ 233.500592] Rebooting in 86400 seconds..