[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   63.888560] audit: type=1800 audit(1543582835.938:25): pid=6624 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   63.907694] audit: type=1800 audit(1543582835.938:26): pid=6624 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   63.927208] audit: type=1800 audit(1543582835.958:27): pid=6624 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts.
2018/11/30 13:00:49 fuzzer started
2018/11/30 13:00:54 dialing manager at 10.128.0.26:36845
2018/11/30 13:00:54 syscalls: 1
2018/11/30 13:00:54 code coverage: enabled
2018/11/30 13:00:54 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/11/30 13:00:54 setuid sandbox: enabled
2018/11/30 13:00:54 namespace sandbox: enabled
2018/11/30 13:00:54 Android sandbox: /sys/fs/selinux/policy does not exist
2018/11/30 13:00:54 fault injection: enabled
2018/11/30 13:00:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/11/30 13:00:54 net packet injection: enabled
2018/11/30 13:00:54 net device setup: enabled
13:04:05 executing program 0:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x0, 0x0)
ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000000140))

syzkaller login: [  274.060560] IPVS: ftp: loaded support on port[0] = 21
[  276.605832] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.612422] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.621361] device bridge_slave_0 entered promiscuous mode
[  276.760538] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.767134] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.775985] device bridge_slave_1 entered promiscuous mode
[  276.916287] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  277.054075] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  277.475243] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  277.618159] bond0: Enslaving bond_slave_1 as an active interface with an up link
13:04:09 executing program 1:
sched_setaffinity(0x0, 0x375, &(0x7f0000000140)=0x5)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xe28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x2902001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000040), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100))
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff)

[  277.958589] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  277.965843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  278.511398] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  278.520192] team0: Port device team_slave_0 added
[  278.729842] IPVS: ftp: loaded support on port[0] = 21
[  278.737956] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  278.746941] team0: Port device team_slave_1 added
[  279.034093] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  279.041190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  279.050610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  279.346238] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  279.353539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  279.362758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  279.626634] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  279.634538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  279.643800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  279.903119] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  279.910774] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  279.920069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  282.316207] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.322836] bridge0: port 2(bridge_slave_1) entered forwarding state
[  282.329879] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.336572] bridge0: port 1(bridge_slave_0) entered forwarding state
[  282.345770] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  282.362950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  282.486345] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.493032] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.502019] device bridge_slave_0 entered promiscuous mode
[  282.770232] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.777005] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.785857] device bridge_slave_1 entered promiscuous mode
[  282.931230] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  283.112050] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  283.800018] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  284.002771] bond0: Enslaving bond_slave_1 as an active interface with an up link
13:04:16 executing program 2:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000240)="0a5c2d023c126285718070")
r1 = socket$inet(0x10, 0x3, 0x40000000000010)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000480)="240000001d0003ffff3cc0023da2830101faffffff86c436271d8568b51ba3a2d188737e", 0x24}], 0x1}, 0x0)
recvmmsg(r1, &(0x7f0000009040)=[{{&(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000003e00), 0x0, &(0x7f0000000100)=""/124, 0x2d}}], 0x400000000000207, 0x2, &(0x7f00000000c0)={0x77359400})

[  284.184733] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  284.193136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  284.449764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  284.457268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  285.110272] IPVS: ftp: loaded support on port[0] = 21
[  285.257854] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  285.266233] team0: Port device team_slave_0 added
[  285.601039] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  285.609289] team0: Port device team_slave_1 added
[  285.866668] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  285.874427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  285.883408] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  286.116807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  286.124108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  286.133180] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  286.417959] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  286.427298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  286.436646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  286.795373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  286.803180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  286.812406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  289.756192] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.762798] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.771450] device bridge_slave_0 entered promiscuous mode
[  290.069768] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.076341] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.085173] device bridge_slave_1 entered promiscuous mode
[  290.220371] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.226912] bridge0: port 2(bridge_slave_1) entered forwarding state
[  290.234037] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.240526] bridge0: port 1(bridge_slave_0) entered forwarding state
[  290.249354] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  290.381386] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  290.492559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  290.675588] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  291.388127] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  291.639712] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  291.882612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  291.891211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  292.119381] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  292.126608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  292.876138] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  292.884518] team0: Port device team_slave_0 added
[  293.151870] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  293.160057] team0: Port device team_slave_1 added
13:04:25 executing program 3:
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r0=>0x0})
clock_nanosleep(0x10000000000000b, 0x0, &(0x7f0000000140)={0x0, r0+10000000}, &(0x7f0000003c00))
r1 = gettid()
timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000080))
clock_gettime(0x7, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x15)

[  293.204659] 8021q: adding VLAN 0 to HW filter on device bond0
[  293.599124] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  293.606353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  293.615536] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  293.970691] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  293.977964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  293.986770] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  294.353641] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  294.361323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  294.370568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  294.472223] IPVS: ftp: loaded support on port[0] = 21
[  294.613044] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  294.699828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  294.707505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  294.716411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  295.879653] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  295.886257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  295.894491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  296.991850] 8021q: adding VLAN 0 to HW filter on device team0
[  298.509167] bridge0: port 2(bridge_slave_1) entered blocking state
[  298.515711] bridge0: port 2(bridge_slave_1) entered forwarding state
[  298.522793] bridge0: port 1(bridge_slave_0) entered blocking state
[  298.529287] bridge0: port 1(bridge_slave_0) entered forwarding state
[  298.538030] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  299.452475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  300.214390] bridge0: port 1(bridge_slave_0) entered blocking state
[  300.220896] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.229717] device bridge_slave_0 entered promiscuous mode
[  300.585771] bridge0: port 2(bridge_slave_1) entered blocking state
[  300.592663] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.601214] device bridge_slave_1 entered promiscuous mode
[  300.995391] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  301.311187] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  302.463943] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  302.861492] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  303.220009] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  303.227403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  303.526620] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  303.534203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  303.963478] 8021q: adding VLAN 0 to HW filter on device bond0
13:04:36 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(hmac(sha256-generic))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

[  304.608582] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  304.617172] team0: Port device team_slave_0 added
[  305.017740] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  305.026223] team0: Port device team_slave_1 added
[  305.288124] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  305.489579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  305.496904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  305.505905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
13:04:37 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000ac5000), 0x4)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0)
r2 = dup2(r1, r1)
syz_execute_func(&(0x7f0000000340)="3666440f50f564ff0941c30f0f441e04a4c4c27d794e0066420fe2e33e0f1110c442019dcc6f")
sendmsg$netlink(r2, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
close(r0)

[  305.971953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  305.979095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  305.988177] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
13:04:38 executing program 0:
clock_nanosleep(0x2, 0x1, &(0x7f0000000140)={0x77359400}, &(0x7f0000000100))
r0 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
clock_nanosleep(0x2, 0xb8ef9e4c5c28237b, &(0x7f0000000000)={0x77359400}, &(0x7f0000000040))
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
sched_setscheduler(r0, 0x5, &(0x7f00000000c0)=0x7)
tkill(r0, 0x1000000000014)

[  306.315968] IPVS: ftp: loaded support on port[0] = 21
[  306.370418] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  306.378425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  306.387499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  306.750179] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  306.756786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  306.765130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  306.846622] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  306.854501] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  306.863786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
13:04:39 executing program 0:
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid\x00', 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ppp\x00', 0x0, 0x0)
syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000240)=ANY=[@ANYBLOB="0d210000255649eac812f1291c28a07b36678000205a52e78c073d6804f3d706f35f1270cbe97c1c935d381cb2d63abba3491d9ff71b8b303dc29e4306820db3b48ea140790f71921473642dcd624a984da8f653faab528ac2e190f2063af7f01e0d0e0358d12c3ea785691a0c271ac7f040a42be4b980528b4f0aade21ed6d102d8d6cef1f1f094ce92f30000000000000000"])
unshare(0x8000400)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0)

13:04:39 executing program 0:
r0 = gettid()
r1 = syz_open_procfs(r0, &(0x7f0000000280)='loginuid\x00')
ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000000)=r1)
close(r1)
r2 = syz_open_procfs(0x0, &(0x7f0000000440)='syscall\x00')
ioctl$ASHMEM_GET_NAME(r1, 0x81007702, &(0x7f0000000480)=""/4096)
ioctl$SG_SET_DEBUG(r2, 0x227e, &(0x7f0000000040))
fcntl$setsig(r1, 0xa, 0x18)
sendfile(r1, r2, 0x0, 0x1)

13:04:39 executing program 0:
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video37\x00', 0x2, 0x0)

13:04:40 executing program 0:
rt_sigtimedwait(&(0x7f00000002c0), &(0x7f0000000100), 0xffffffffffffffff, 0x8)
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800)

[  308.304330] 8021q: adding VLAN 0 to HW filter on device team0
13:04:40 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x6)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023d126284718070")
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f00000003c0), 0x1000)
setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000040)={0x77359400}, 0x10)

13:04:41 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0xd82, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000140), 0x1, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x3, 0x9})
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
unshare(0x8020000)
semget$private(0x0, 0x4007, 0x0)
semop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000100))
openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x802, 0x0)

[  311.477828] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.484391] bridge0: port 2(bridge_slave_1) entered forwarding state
[  311.491340] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.497948] bridge0: port 1(bridge_slave_0) entered forwarding state
[  311.506609] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  312.332039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  313.176034] bridge0: port 1(bridge_slave_0) entered blocking state
[  313.182671] bridge0: port 1(bridge_slave_0) entered disabled state
[  313.191387] device bridge_slave_0 entered promiscuous mode
[  313.607876] bridge0: port 2(bridge_slave_1) entered blocking state
[  313.614609] bridge0: port 2(bridge_slave_1) entered disabled state
[  313.623310] device bridge_slave_1 entered promiscuous mode
[  313.900996] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  314.062499] 8021q: adding VLAN 0 to HW filter on device bond0
[  314.210212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  315.306313] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  315.402156] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  315.679043] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  316.018083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  316.025305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  316.402936] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  316.410028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  316.729735] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  316.736438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  316.744905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  316.968370] hrtimer: interrupt took 44652 ns
13:04:49 executing program 0:
r0 = socket(0x10, 0x2, 0x9)
write(r0, &(0x7f0000000040)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f)
write(r0, &(0x7f00000002c0)="1f0000000104fffffd3b54c007110000f30501000b000200000000000100cf", 0x1f)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x101000, 0x0)
ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000280))
ioctl$KVM_SET_FPU(r1, 0x41a0ae8d, &(0x7f00000000c0)={[], 0x6, 0x1, 0x210d, 0x0, 0x7e0, 0x11f004, 0x10000, [], 0x3})

[  317.479942] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  317.488270] team0: Port device team_slave_0 added
[  317.751288] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  317.759743] team0: Port device team_slave_1 added
[  317.799223] 8021q: adding VLAN 0 to HW filter on device team0
[  317.932826] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  317.940106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  317.949164] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  318.198878] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  318.206222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  318.215184] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  318.400295] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  318.408521] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  318.417551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  318.558871] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  318.566628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  318.575631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  320.629445] bridge0: port 2(bridge_slave_1) entered blocking state
[  320.636033] bridge0: port 2(bridge_slave_1) entered forwarding state
[  320.643079] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.649579] bridge0: port 1(bridge_slave_0) entered forwarding state
[  320.658169] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  320.665045] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  322.367223] 8021q: adding VLAN 0 to HW filter on device bond0
[  322.785842] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
[  322.833776] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
13:04:55 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x1d, 0xfffffffffffffffd, 0x0, 0x0, {0x5}}, 0x14}}, 0x0)

[  323.150730] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  323.661913] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  323.668294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  323.676507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  324.183902] 8021q: adding VLAN 0 to HW filter on device team0
[  327.173236] 8021q: adding VLAN 0 to HW filter on device bond0
[  327.663543] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
13:05:00 executing program 3:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000100))
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)={&(0x7f0000000340)='./file0\x00', 0x0, 0x18}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a80)={0xffffffffffffffff, &(0x7f0000000980)="5bde8f1058a87f078c3e4a83c0e68fde56b6b2f07e4e5a415b17f7a009d7686962a93a894f6b2c237d05a3a8a16337f66d9f53e70fd2e0c10929d88ce3a8308fb1134237792f54a77efab534af2ec20a2aee26fc4f4907bd20bd6e1ff65e099ee67817d4cae2dcd627c264b25dbcf139e7bff87febb53d", 0x0}, 0x18)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000400)='memory.events\x00')
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000780)="6e7230010060a19ef9d2c673d9a1571cb9e1369bcd61ef7e49793ae18712eceb1daa769497800b7fbbd35b170c10751d39aeb660d863e49b8c4f3b3dad48902b5b2d6cfd0abd372c63bcf5d70df3fd4d2e8d443c88bc0e5637dd82fc3435bed4de5d693c9a781c863e05d8a6f8689a5be29216061f3ff53f8b6b396678e7ba155ef9152d7e43b1eccb2331eb8eb1ed5586dcf8b3b0b999361a44ff2c22c2abbef42dd24eabe6723346a6e46c0499a21442d8d00dcb57f013ff7595edd0ff076930de3675d34117a44eb0e4f832936da44e57e43a3e36bd48d2a85bf4fd4a804e83f2f3cf378a435af5e287d4e27337b4ada11b26219832ec6b2b38446b3b95fe3771e9f42ca30fb21e12f0a3d8bc2d85454af9fcc0232d8fd909448b01f46c593d31ea1c926465e35a4199079c3ca41128b17cb01fbf5b522be0fd02022ada37fecc14b6c8c8831883b85a1106f2f867020d529f17a350f20dd3bf51a98cfda70c2e3638a483fd3f87940bb478b07c4c110394c0093d17955089f2ca97bbe075124c9b1ff6500d536a95d96f03d48596e008bf0a028b539cec796cec9bf585eb80fe3e0d26")
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/net/tun\x00', 0x4002, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000c40))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000640)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000740)={[{0x2f, 'pids'}, {0x2d, 'io'}]}, 0xa)
r2 = openat$cgroup_ro(r0, &(0x7f0000000280)='cpu.stat\x00', 0x0, 0x0)
r3 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000600)={<r4=>r3, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000ac0)="5c75736572757365726d696d655f7479706573797374656d26bd2d00"}, 0x30)
write$cgroup_pid(r2, &(0x7f0000000380)=r4, 0x12)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000004c0)={&(0x7f0000000140)='./file0\x00'}, 0x10)
socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000b00))
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1e, 0x0, 0x0, 0x0, 0x2, 0x9f, &(0x7f0000000540)=""/159, 0x41100, 0x1, [], 0x0, 0xc}, 0x48)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x417e, 0x0, 0x0, 0x0, 0x8000009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x4030582a, &(0x7f0000000040))
write$cgroup_pid(r6, &(0x7f0000000000), 0xfffffea6)
close(r5)
write$cgroup_int(r1, &(0x7f0000000000), 0x12)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x0, &(0x7f0000000940)=ANY=[], &(0x7f0000000300)="4f50431c4e4c0000eb0000000000000000"}, 0x48)

[  328.132405] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  328.138846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  328.147103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  328.647768] 8021q: adding VLAN 0 to HW filter on device team0
13:05:02 executing program 4:
r0 = socket$inet6(0xa, 0x3, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0xd}, 0x1c)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x4000000000003e4, 0x0)

13:05:02 executing program 1:
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x2000000, 0x17, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x2000000000000003, 0x1f)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000000))

13:05:02 executing program 5:
r0 = dup(0xffffffffffffffff)
pwritev(r0, &(0x7f00000002c0)=[{}, {&(0x7f0000000040)="e436906fa09dd09674482eaf24b6011591e2c3e438361c32c0e092b5bc4ebfae09657ed4dcce7256ab76af0fae43f8d839e97450d2c3d3584b7efba0da038a2b994b84d26fcba65443479a59a0634ecda7bbf349b2d72dfb332b349564f55a82d690c73f9b2caee166bca90092940c22db8e1ec40657dde0103c08", 0x7b}, {&(0x7f00000000c0)="9eb6045859a3d2d3cd727392b68a8b6526c0b5a23c66bb33b59252bfd2a5e0a8ecd3", 0x22}, {&(0x7f0000000100)="cec7038a6f", 0x5}, {&(0x7f0000000140)="69a91a6f3c1b7817fab5395b8c225109a9e23816a8c792cb41d38ac4ac73b3454d31f610ef6870482383bc6041ce4d98cb0c6d2e2e8a9b607602f38433fcb2175846a20895ca79c9f1b5fb509e4596cca6d10d1cd00f605f039f0905b5c02d836757cbb1552ece395b0baa9b0bff72f1dd5327a1cb840069e38e34484f06d36c9d1a912f824a23c4748c4a4bf86ddbd7c00132fe30b3203f4691bae57f518f903ab2fa445f4e8e5eb35ef3e57e5bb745310e", 0xb2}, {&(0x7f0000000200)="e69b10b57c8d78f305f0536468680416a5eaed0c4a4c113466fd7c4fe128ff279f56f2b4331a28e180d092d39f40175f4a73c5b601c6d1d8a938cb15fcd1d64069a360e3f769de94045c00cee0b9ecc7cb6348a5d8b5ef08fb64106146cff1cfda1f690a7c298c7a5b39d25dc5ef4208c7c705fef6d56429d13d5bfb05cead52bd8d688016441ccb7cee71fb1a745d7f72b4db836ce5b7ab0115", 0x9a}], 0x6, 0x0)
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000340))
ioctl$EXT4_IOC_MIGRATE(r0, 0x6609)
r1 = getpgrp(0xffffffffffffffff)
fstat(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
lstat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000700)=<r4=>0x0)
lstat(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = getgid()
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000800)=<r7=>0x0)
lstat(&(0x7f0000000840)='./file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
getresgid(&(0x7f0000000900), &(0x7f0000000940), &(0x7f0000000980)=<r9=>0x0)
sendmsg$unix(r0, &(0x7f0000000a40)={&(0x7f0000000380)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000580)=[{&(0x7f0000000400)="58277e4852155505fcefdf2ebb57d41d1734a03373da379217bd892eae938d1e12f03baa06bf0b54ec06c801db52667768ce577feddaa1909f5f752895dffefe512f895ac78a6669e710617b7daa8049eb98bf38d498a610b327170e7b24becadbbda2bdaa150d2a92da00381114a6c477077274607b706dd62a6b", 0x7b}, {&(0x7f0000000480)="463481a81a151f43926b794b9e7efb5dec13ba256511bf38f165c43a3cc25892a2e3d2879655c5a564a2f553f1cd5ef9e47062590a9db763c7e17f64a64761206bd8d1c348d7bc88c8e6612c8f63f5f9f324b4ccd66e8b4f9451a4074835317882a387f654491eb37e7c4cd788d3a7f82df0b84bbc7b31b2506355e6ead9e2cab0b32dc26104f28d3cb27f1869e91ac126fc38b9684d95ebe061732a1e6aca1ccdd6119b679ce58b337d35205253a77784431a628e8140d365dc6109d6d8613b5605816e8318ac7042f85b50b5a3", 0xce}], 0x2, &(0x7f00000009c0)=[@cred={0x20, 0x1, 0x2, r1, r2, r3}, @cred={0x20, 0x1, 0x2, r4, r5, r6}, @cred={0x20, 0x1, 0x2, r7, r8, r9}, @rights={0x20, 0x1, 0x1, [r0, r0, r0, r0]}], 0x80, 0x48c0}, 0x4084)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000a80)={0x3, 0x2})
setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000001b00)={{&(0x7f0000000ac0)=""/4096, 0x1000}, &(0x7f0000001ac0), 0x30}, 0x20)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000001b40)={0xe66, 0x2, 0x7, 0x0, 0x1, 0x0, 0x18, 0x6, 0xffffffffffffff01, 0x1, 0x800, 0x101})
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000001b80))
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000001c40)=0xffffffffffff0001, &(0x7f0000001c80)=0x4)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000001cc0)=0xfff, 0x4)
ioctl$KDENABIO(r0, 0x4b36)
ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x1)
process_vm_readv(r1, &(0x7f0000001f00)=[{&(0x7f0000001d00)=""/168, 0xa8}, {&(0x7f0000001dc0)=""/152, 0x98}, {&(0x7f0000001e80)=""/4, 0x4}, {&(0x7f0000001ec0)=""/30, 0x1e}], 0x4, &(0x7f0000003280)=[{&(0x7f0000001f40)=""/210, 0xd2}, {&(0x7f0000002040)=""/43, 0x2b}, {&(0x7f0000002080)=""/245, 0xf5}, {&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f0000003180)=""/208, 0xd0}], 0x5, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000003300)={<r10=>0x0, 0x8000, 0x1000, 0xa04, 0x0, 0xd600000000000000}, &(0x7f0000003340)=0x14)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000003380)={r10, 0x7, 0x8, [0x0, 0x4, 0x72a2, 0x2, 0x41854731, 0x2, 0x4, 0x9]}, 0x18)
ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000033c0))
socket$pptp(0x18, 0x1, 0x2)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000003400)=0x2, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r11 = accept$inet(r0, 0x0, &(0x7f0000003440))
getsockopt$ARPT_SO_GET_ENTRIES(r11, 0x0, 0x61, &(0x7f0000003480)={'filter\x00', 0x50, "d20dc09b6ad169a7bc0a33ea6d119060206ba8f60917c31034d0588a031e05dc08a04927301112651c2f340a7252c0f52cb4d4afbf2eee74e97924461b084d3ca0f7f40b161d179f5943e17862dbc715"}, &(0x7f0000003500)=0x74)

13:05:02 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$smack_thread_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000500)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000540)={0x0, 0x0, @pic={0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x7fffffff, 0x0, 0x101, 0x7, 0x0, 0x6, 0x1}})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x484b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
r4 = openat$cgroup(r3, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0)
accept4$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000240)=0x1c, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[], 0x0, 0x680})
pwrite64(r1, &(0x7f0000000640), 0x0, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f0000000180)={0x4, 0x0, &(0x7f0000010000/0x3000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000440)={0x0, 0x8000000000, [], @raw_data=[0x7ff80000, 0x10000, 0x6, 0xff, 0x0, 0x5, 0x7fff, 0x7fffffff, 0x80, 0xffffffff, 0x6, 0x0, 0x0, 0x2, 0x6, 0x6, 0x7dae, 0xfffffffffffffffd, 0x5, 0x0, 0x0, 0x7fff, 0x10001, 0x0, 0x3ff, 0x2fa6, 0xf, 0x0, 0x0, 0x0, 0x8001]})
fsync(r0)
syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x0, 0x0)
fcntl$getownex(r4, 0x10, &(0x7f00000001c0))

13:05:02 executing program 0:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000180)="0a5c2d023c126285718070")
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, 0x0}, 0x0)
preadv(r1, &(0x7f00000017c0), 0x1fe, 0x0)

13:05:02 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000091fa8)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
socketpair$unix(0x1, 0x1400000001, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
writev(r2, &(0x7f0000000500)=[{&(0x7f0000000080)='W', 0x1}], 0x1)

[  330.714773] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
13:05:02 executing program 1:
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)

13:05:03 executing program 3:
r0 = inotify_init1(0x0)
r1 = getpid()
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, <r2=>0x0})
kcmp(r1, r2, 0x3, 0xffffffffffffffff, 0xffffffffffffffff)

13:05:03 executing program 0:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x1000008912, &(0x7f0000000180)="0a5c2d023c126285718070")
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, 0x0}, 0x0)
preadv(r1, &(0x7f00000017c0), 0x1fe, 0x0)

13:05:03 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes-fixed-time)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="0a0775b005e3139d225c54dbb7c05809", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000005900)={0x0, 0x0, &(0x7f00000058c0)}, 0x0)

13:05:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[]}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="000200000000fbdbdf2508"], 0x1}}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

13:05:03 executing program 3:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x40, 0x0)
bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58)
r2 = accept4$alg(r1, 0x0, 0x0, 0x0)
accept4(r2, 0x0, &(0x7f0000000180), 0x80000)
sendto(r2, &(0x7f00005c8f58), 0x0, 0x0, 0x0, 0x0)
r3 = dup3(r2, r0, 0x80000)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r4 = openat$cgroup_ro(r3, &(0x7f00000002c0)='cgroup.controllers\x00', 0x275a, 0x0)
r5 = creat(&(0x7f00000000c0)='./file0\x00', 0x4)
fallocate(r5, 0x0, 0x0, 0x10000)
ioctl$EXT4_IOC_MOVE_EXT(r4, 0xc028660f, &(0x7f0000000040)={0x0, r5})

[  331.844064] ==================================================================
[  331.851528] BUG: KMSAN: kernel-infoleak in kvm_write_guest_page+0x373/0x500
[  331.858674] CPU: 1 PID: 8185 Comm: syz-executor1 Not tainted 4.20.0-rc3+ #97
[  331.865883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  331.875737] Call Trace:
[  331.878382]  dump_stack+0x32d/0x480
[  331.882044]  ? kvm_write_guest_page+0x373/0x500
[  331.886779]  kmsan_report+0x12c/0x290
[  331.890632]  kmsan_internal_check_memory+0x9ce/0xa50
[  331.895808]  kmsan_copy_to_user+0x78/0xd0
[  331.900006]  kvm_write_guest_page+0x373/0x500
[  331.904558]  kvm_write_guest+0x1e1/0x360
[  331.908731]  kvm_emulate_hypercall+0x19c9/0x1ac0
[  331.913574]  handle_vmcall+0x41/0x50
[  331.917332]  ? handle_rdpmc+0x80/0x80
[  331.921188]  vmx_handle_exit+0x21bd/0xb980
[  331.925475]  ? vmalloc_to_page+0x585/0x6c0
[  331.929767]  ? kmsan_get_shadow_origin_ptr+0x142/0x410
[  331.935100]  ? vmx_flush_tlb_gva+0x480/0x480
[  331.939551]  kvm_arch_vcpu_ioctl_run+0xaeee/0x12040
[  331.944630]  ? __msan_poison_alloca+0x1e0/0x270
[  331.949445]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  331.954852]  ? __list_del_entry_valid+0x123/0x450
[  331.959740]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  331.965220]  ? wait_for_common+0x7a7/0x980
[  331.969509]  ? arch_local_irq_disable+0x10/0x10
[  331.974230]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  331.979630]  ? __msan_get_context_state+0x9/0x20
[  331.984414]  ? INIT_BOOL+0x17/0x30
[  331.988004]  ? put_pid+0x319/0x410
[  331.991589]  kvm_vcpu_ioctl+0xfe4/0x1cc0
[  331.995700]  ? do_vfs_ioctl+0x184/0x2ca0
[  331.999798]  ? kvm_vm_release+0x90/0x90
[  332.003806]  do_vfs_ioctl+0xefc/0x2ca0
[  332.007756]  ? security_file_ioctl+0x92/0x200
[  332.012296]  __se_sys_ioctl+0x1da/0x270
[  332.016321]  __x64_sys_ioctl+0x4a/0x70
[  332.020249]  do_syscall_64+0xcf/0x110
[  332.024104]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  332.029323] RIP: 0033:0x457569
[  332.032550] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  332.051497] RSP: 002b:00007fcd37380c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  332.059424] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  332.066732] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  332.074029] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
[  332.081326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcd373816d4
[  332.088620] R13: 00000000004c034e R14: 00000000004d0d60 R15: 00000000ffffffff
[  332.095932] 
[  332.097597] Local variable description: ----clock_pairing.i@kvm_emulate_hypercall
[  332.105229] Variable was created at:
[  332.108988]  kvm_emulate_hypercall+0x62/0x1ac0
[  332.113597]  handle_vmcall+0x41/0x50
[  332.117322] 
[  332.118978] Bytes 28-63 of 64 are uninitialized
[  332.123663] Memory access of size 64 starts at ffff88812366f3c0
[  332.129733] Data copied to user address 0000000020000000
[  332.135200] ==================================================================
[  332.142575] Disabling lock debugging due to kernel taint
[  332.148044] Kernel panic - not syncing: panic_on_warn set ...
[  332.153967] CPU: 1 PID: 8185 Comm: syz-executor1 Tainted: G    B             4.20.0-rc3+ #97
[  332.162570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  332.171948] Call Trace:
[  332.174602]  dump_stack+0x32d/0x480
[  332.178283]  panic+0x624/0xc08
[  332.181573]  kmsan_report+0x28a/0x290
[  332.185423]  kmsan_internal_check_memory+0x9ce/0xa50
[  332.190608]  kmsan_copy_to_user+0x78/0xd0
[  332.194789]  kvm_write_guest_page+0x373/0x500
[  332.199368]  kvm_write_guest+0x1e1/0x360
[  332.203499]  kvm_emulate_hypercall+0x19c9/0x1ac0
[  332.208335]  handle_vmcall+0x41/0x50
[  332.212075]  ? handle_rdpmc+0x80/0x80
[  332.215912]  vmx_handle_exit+0x21bd/0xb980
[  332.220187]  ? vmalloc_to_page+0x585/0x6c0
[  332.224472]  ? kmsan_get_shadow_origin_ptr+0x142/0x410
[  332.229788]  ? vmx_flush_tlb_gva+0x480/0x480
[  332.234231]  kvm_arch_vcpu_ioctl_run+0xaeee/0x12040
[  332.239316]  ? __msan_poison_alloca+0x1e0/0x270
[  332.244136]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  332.249532]  ? __list_del_entry_valid+0x123/0x450
[  332.254412]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  332.259905]  ? wait_for_common+0x7a7/0x980
[  332.264193]  ? arch_local_irq_disable+0x10/0x10
[  332.268913]  ? kmsan_internal_unpoison_shadow+0x2f/0x40
[  332.274321]  ? __msan_get_context_state+0x9/0x20
[  332.279111]  ? INIT_BOOL+0x17/0x30
[  332.282690]  ? put_pid+0x319/0x410
[  332.286277]  kvm_vcpu_ioctl+0xfe4/0x1cc0
[  332.290390]  ? do_vfs_ioctl+0x184/0x2ca0
[  332.294499]  ? kvm_vm_release+0x90/0x90
[  332.298509]  do_vfs_ioctl+0xefc/0x2ca0
[  332.302465]  ? security_file_ioctl+0x92/0x200
[  332.307006]  __se_sys_ioctl+0x1da/0x270
[  332.311025]  __x64_sys_ioctl+0x4a/0x70
[  332.314951]  do_syscall_64+0xcf/0x110
[  332.318793]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  332.324015] RIP: 0033:0x457569
[  332.327254] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  332.346226] RSP: 002b:00007fcd37380c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  332.353990] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  332.361289] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  332.368583] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
[  332.375884] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcd373816d4
[  332.383196] R13: 00000000004c034e R14: 00000000004d0d60 R15: 00000000ffffffff
[  332.391521] Kernel Offset: disabled
[  332.395167] Rebooting in 86400 seconds..