[ 50.799526] sshd (5982) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 51.013709] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 51.366566] audit: type=1800 audit(1538734095.421:29): pid=5917 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 54.986802] random: sshd: uninitialized urandom read (32 bytes read) [ 55.324235] random: sshd: uninitialized urandom read (32 bytes read) [ 56.938836] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. [ 62.736469] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/05 10:08:28 fuzzer started [ 67.055092] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/05 10:08:33 dialing manager at 10.128.0.26:36867 2018/10/05 10:08:33 syscalls: 1 2018/10/05 10:08:33 code coverage: enabled 2018/10/05 10:08:33 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/05 10:08:33 setuid sandbox: enabled 2018/10/05 10:08:33 namespace sandbox: enabled 2018/10/05 10:08:33 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/05 10:08:33 fault injection: enabled 2018/10/05 10:08:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/05 10:08:33 net packed injection: enabled 2018/10/05 10:08:33 net device setup: enabled [ 71.929224] random: crng init done 10:10:14 executing program 0: socket$inet6(0xa, 0x3, 0x6) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000200)) openat$tun(0xffffffffffffff9c, &(0x7f0000000640)='/dev/net/tun\x00', 0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000600)='/dev/input/event#\x00', 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000740), &(0x7f0000000780)=0x4) perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x7e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000880)={@un=@abs={0x1, 0x0, 0x4e21}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300), 0x3}, 0xa0) ioctl$KVM_GET_NESTED_STATE(0xffffffffffffffff, 0xc080aebe, &(0x7f0000000ec0)={0x0, 0x0, 0x2080}) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}}, &(0x7f0000000380)) r1 = creat(&(0x7f0000000800)='./file0\x00', 0x2) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r1, 0x800448d3, &(0x7f0000000440)={{0x9, 0x2, 0x0, 0x0, 0x3}, 0x0, 0x0, 0x40, 0x0, 0x0, "892b88a58ee0619c0fcb2249d803e68b5036b542677216b71d34357d4f08663646bfd7bf632415a9013cf9a7bc59d0cbfacc1000baa35129737111e2e2b2f1941714f3c6cbc97316666215de505bfc138a153fc6a97d90f0e26103d616f669f56883d961d3ba19c1a3d63aa959e14124b19cfb28fa498385a6af9a81d4f5840e"}) r2 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000007c0), 0x4) bind$inet(r2, &(0x7f0000000580)={0x2, 0x4e22, @local}, 0x10) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000900)) setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000080), 0x4) sendto$inet(r2, &(0x7f0000000a00)="ba", 0x1, 0x0, &(0x7f000069affb)={0x2, 0x0, @loopback}, 0x10) [ 171.373570] IPVS: ftp: loaded support on port[0] = 21 [ 173.384531] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.390982] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.399281] device bridge_slave_0 entered promiscuous mode [ 173.520155] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.526811] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.535058] device bridge_slave_1 entered promiscuous mode [ 173.654500] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 173.773020] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 174.147111] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 174.271907] bond0: Enslaving bond_slave_1 as an active interface with an up link 10:10:18 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_buf(r0, 0x29, 0x8000000039, &(0x7f0000000180)="d1020400005800200007000613f32e1c00ce5fe1b471985e", 0x18) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000040)="cd", 0x1, 0x0, &(0x7f0000aa9000)={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}, 0x1000000000000004}, 0x1c) listen(r0, 0x1b) accept(r0, &(0x7f0000000340)=@hci, &(0x7f0000000240)=0xfffffffffffffff6) [ 174.993302] IPVS: ftp: loaded support on port[0] = 21 [ 175.047855] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 175.055786] team0: Port device team_slave_0 added [ 175.180033] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 175.188022] team0: Port device team_slave_1 added [ 175.328059] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 175.335311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 175.344035] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 175.470254] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 175.477457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 175.486225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 175.615292] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 175.623047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 175.632062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 175.782079] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 175.789587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 175.798479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 177.644544] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.651004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.658003] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.664517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.672966] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.679542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.134785] ip (6207) used greatest stack depth: 53056 bytes left [ 178.765894] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.772504] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.780537] device bridge_slave_0 entered promiscuous mode [ 179.008690] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.015430] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.023730] device bridge_slave_1 entered promiscuous mode [ 179.253768] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.490339] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 10:10:23 executing program 2: ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000bf7000/0x1000)=nil, 0x1000}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae05, &(0x7f0000000040)) [ 180.235837] IPVS: ftp: loaded support on port[0] = 21 [ 180.260278] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 180.476749] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.734808] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.742817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.017767] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 181.025033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.776795] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.784727] team0: Port device team_slave_0 added [ 181.975992] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.984013] team0: Port device team_slave_1 added [ 182.169718] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 182.177458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.186208] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.338158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.345356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.353898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.652253] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.659752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.668663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.933286] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.940839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.949777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.525812] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.532492] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.540713] device bridge_slave_0 entered promiscuous mode [ 184.846712] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.853310] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.861543] device bridge_slave_1 entered promiscuous mode [ 185.130398] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.319705] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.562942] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.569411] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.576408] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.582896] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.591371] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.902243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.138910] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.407129] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.712567] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 186.719659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 10:10:31 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x5, 0x5, 0x5, 0x20}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000000), &(0x7f0000000200)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r0, &(0x7f0000000000), &(0x7f0000000140)=""/144}, 0x18) [ 187.035138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.042300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.985508] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 187.993601] team0: Port device team_slave_0 added [ 188.045024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.093667] IPVS: ftp: loaded support on port[0] = 21 [ 188.332530] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.340474] team0: Port device team_slave_1 added [ 188.663644] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.670684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.679567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.019464] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.026695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.035460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.184523] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 189.371814] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.379721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.388750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.656080] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.663797] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.672651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.265735] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 190.272240] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 190.280069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.525264] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.960696] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.967338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.974336] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.980792] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.989554] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.353731] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.360191] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.368433] device bridge_slave_0 entered promiscuous mode [ 193.675403] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.682204] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.690327] device bridge_slave_1 entered promiscuous mode [ 193.853327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.053053] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 194.317845] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 195.216464] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.537131] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.830840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 195.839925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.110408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 196.117520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 10:10:40 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xff, @remote, 0x2}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000100)='syz0\x00') sendmmsg(r1, &(0x7f00000002c0), 0x4cc, 0xfff6) [ 197.178661] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 197.186607] team0: Port device team_slave_0 added [ 197.595030] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 197.603014] team0: Port device team_slave_1 added [ 197.607586] IPVS: ftp: loaded support on port[0] = 21 [ 197.968388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 197.975690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.984484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.370268] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 198.377500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.386458] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.420573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.815246] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 198.822812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.831445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.130658] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 199.138506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.147369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.432945] hrtimer: interrupt took 42705 ns 10:10:44 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x1, 0x0) write$P9_RMKNOD(r0, 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000040), 0x12) [ 200.039054] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 200.279703] Unrecognized hibernate image header format! [ 200.285314] PM: Image mismatch: architecture specific data 10:10:44 executing program 0: mkdir(&(0x7f0000554ff8)='./file0\x00', 0x0) r0 = open(&(0x7f00006c69d0)='./file0\x00', 0x0, 0x0) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000000)) fcntl$dupfd(r0, 0x800000000402, 0xffffffffffffffff) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x80000008) fcntl$notify(r1, 0x402, 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000080)={{0x8, 0x101}, 'port0\x00', 0x0, 0x80000, 0x9, 0x1df, 0x9, 0x9, 0x35f14d8b, 0x0, 0x2, 0x1ff}) 10:10:45 executing program 0: r0 = epoll_create1(0x0) r1 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x1, 0x400) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40001000}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01022abd7000ffdbdf250d00000008000600040000001c00020008000400ff7f0000080008000300000008000700ff030000080006000010000008000400030000001c0002000800040081000000080006000000000008000b000a0000003ba86e4d672c612ddbe7ab23c0ea93a608983faa57595035ebc62d55254281a117234b84907f674da1d4a35be3d156a13b670eecbff060264f0addd4866160b67162324bfb12bd7cd9e4a08418f66f4674c2748a9d63cc2468a519"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f00000003c0)={0x1, 0x8, 0xfffffffffffffffd}) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, &(0x7f0000000140)={0x0, r3+10000000}, &(0x7f0000000180), 0x8) r4 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f0000000080)) timerfd_settime(r4, 0x0, &(0x7f0000000040)={{}, {0x0, 0x989680}}, &(0x7f0000037000)) epoll_wait(r0, &(0x7f0000000000)=[{}], 0x1, 0xffffffff80000001) syz_genetlink_get_family_id$fou(&(0x7f0000000380)='fou\x00') epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r4, &(0x7f0000000440)={0x7}) [ 201.573975] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.580356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.588192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 10:10:45 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x8912, &(0x7f0000000140)="153f6234488dd25d766070") r1 = socket$inet(0x10, 0x3, 0xc) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000080)={0x0, 0xea, 0x8000, 0x7, 0x10000, 0x7fffffff, 0x40, 0xfffffffffffffff7, {0x0, @in={{0x2, 0x4e22, @loopback}}, 0x2, 0x80000001, 0x6, 0x2, 0x1}}, &(0x7f0000000180)=0xb0) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value={r2, 0xffffffffffff0a33}, 0x8) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000070a07031dfffd946fa2830020200a0009000200001d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) [ 201.804350] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 10:10:46 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000d0fff5)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000080)=0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x9, @loopback, 0x80}}, [0x7fff, 0x20, 0x7fffffff, 0x87, 0x7fffffff, 0x6, 0x7fff, 0x3b7, 0x61e8, 0x1, 0x7, 0x8, 0xfffffffffffffff9, 0x8001, 0x9]}, &(0x7f0000000000)=0x100) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000013000/0x3000)=nil, 0x3000}, 0x1}) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r5, 0x84, 0x71, &(0x7f0000000100), &(0x7f0000000140)=0x8) close(r5) close(r4) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r2, 0xaea5}, &(0x7f00000001c0)=0x8) setsockopt$inet6_dccp_buf(r0, 0x21, 0xe, &(0x7f0000000240)="1b4b87117e409ee48c963994a82bf912aae9d1e40c09e6725b907d2706448d8764f89fc60a8f60abd6132bcec838cb3f6e9097ecaadf8e0318a8d75412ba707b439eeb7de0e29150cbc8d1fcbbe8a1d69a89b5b7d7fd37de23b4fafcef8f1175889a40971a2c0a15041e498f5be7b3d1ea3b047989019aeb7b404fef4f69bd0220cfbc52ed64f92bedfb9597f3b1f1aec547610ca126ad715b75d5f58372d24603831a14d3a8b7bb52ff33a10899c85c2b9ec3f2a909aa03ae19c4d46efd74a5e88e6ec2f24038c8c1549c5f799de1f013aa39ea45", 0xd5) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(r0) 10:10:46 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000040)) close(r0) socketpair(0x218, 0x0, 0x0, &(0x7f00000000c0)) 10:10:47 executing program 0: unshare(0x20400) r0 = syz_open_dev$sndpcmc(&(0x7f0000000280)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000380)=""/173) [ 203.137686] 8021q: adding VLAN 0 to HW filter on device team0 10:10:47 executing program 0: r0 = socket(0x10, 0x2, 0xc) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@getroute={0x14, 0x1a, 0x100, 0x70bd2b, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x8010) pwrite64(r0, &(0x7f0000000100)="27b7c4b908ca934cfd3b457f49165d2ee2db4b94a50ec645b2b67cffd72ea3cdfd98856a0b266e9e1bd1d0d9809b46dd7f6ea1f421dfd5da6070400eb2ad31", 0x3f, 0x0) write(r0, &(0x7f0000594000)="1f0000000104ff00fd4354c007110000f305010008000100f1030800ffdf00", 0x1f) [ 203.595703] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.602249] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.609135] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.615692] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.623820] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 203.630207] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 203.675139] netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'. [ 203.984853] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.991300] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.000165] device bridge_slave_0 entered promiscuous mode [ 204.399539] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.406182] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.414723] device bridge_slave_1 entered promiscuous mode [ 204.710835] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 205.043272] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 205.969405] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 206.319434] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 206.645839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 206.654999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 206.994640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.001847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.056621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.725627] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 207.733742] team0: Port device team_slave_0 added [ 207.986997] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.037357] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 208.045352] team0: Port device team_slave_1 added [ 208.321037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 208.328373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.336947] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.545212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 208.552342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.560765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.840873] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 208.848723] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.857549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.060745] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 209.067528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.075348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.183682] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.191184] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.200068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.959146] 8021q: adding VLAN 0 to HW filter on device team0 10:10:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) recvmmsg(r1, &(0x7f0000000000)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000340)=""/180, 0x200003f4}], 0x1, &(0x7f0000000400)=""/213, 0xd5}}], 0x1, 0x0, &(0x7f00000000c0)={0x77359400}) [ 211.846453] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.853003] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.859877] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.866423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.874800] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.881355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.936143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.613316] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 10:10:58 executing program 2: ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000bf7000/0x1000)=nil, 0x1000}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae05, &(0x7f0000000040)) [ 215.192986] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 215.200722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 215.208711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 215.677117] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.191889] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.653720] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 10:11:02 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000007c0)) ioctl$KVM_SET_PIT(r1, 0xc048ae65, &(0x7f0000000400)) [ 218.792241] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 219.087862] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 219.094218] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.101854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.384065] 8021q: adding VLAN 0 to HW filter on device team0 10:11:05 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xff, @remote, 0x2}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000100)='syz0\x00') sendmmsg(r1, &(0x7f00000002c0), 0x4cc, 0xfff6) 10:11:05 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00004c0000)={0xa, 0x3, 0x0, @ipv4}, 0x1c) listen(r0, 0xffffffffffff8771) r1 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000540)='veth1_to_bridge\x00', 0x38f) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x208912, &(0x7f00000001c0)="153f6234488dd25d766070") shutdown(r1, 0x2) 10:11:05 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0xd67) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xdf}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r1, 0x2, 0x30}, 0xc) r2 = getpgrp(0x0) getpgid(r2) ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f0000000100)) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000140)={0x1ff, 0x401, 0x101, 0x3cf, 0x7, 0x100, 0xed65, 0xffffffffffffffe1, 0xfa, 0x4}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6}}, &(0x7f0000000280)=0xe8) getresgid(&(0x7f00000002c0)=0x0, &(0x7f0000000300), &(0x7f0000000340)) r5 = geteuid() lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000005c0)={{{@in6=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@local}}, &(0x7f00000006c0)=0xe8) fstat(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000780)={0x2b8, 0x0, 0x1, [{{0x0, 0x2, 0x4, 0xffff, 0x7, 0x4, {0x5, 0x3497, 0x9, 0x24b, 0x1, 0x19, 0x2, 0x7380, 0x470e, 0x4ef6, 0x1, r3, r4, 0x4c45f359, 0x9}}, {0x5, 0x4, 0x9, 0x6, '/dev/ppp\x00'}}, {{0x2, 0x1, 0x2, 0x7, 0x1, 0x6, {0x4, 0x8001, 0x8000, 0x7, 0x2, 0x100000001, 0x81, 0x1, 0x8, 0x7f, 0x5, r5, r6, 0x1, 0xa73}}, {0x3, 0x7, 0x9, 0xffff, '/dev/ppp\x00'}}, {{0x3, 0x0, 0x3e, 0x8, 0x8e, 0x6, {0x0, 0xf0, 0x1ff, 0x3f, 0x0, 0x3, 0x0, 0xffff, 0x3, 0x0, 0xfff, r7, r8, 0x401, 0xd18}}, {0x4, 0x1, 0x9, 0xaa4, '/dev/ppp\x00'}}, {{0x5, 0x2, 0x0, 0x5, 0x0, 0x3ff, {0x4, 0xd7, 0x8000, 0x0, 0x7, 0x5, 0x0, 0x9, 0x6, 0xffff, 0x9, r9, r10, 0xffffffff, 0x2}}, {0x3, 0xba, 0x14, 0x2, 'md5sumvboxnet0]eth0\''}}]}, 0x2b8) ioctl$TIOCNXCL(r0, 0x540d) ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000a40)=""/203) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000b80)={0x6, &(0x7f0000000b40)=[{}, {}, {}, {}, {}, {0x0}]}) ioctl$DRM_IOCTL_LOCK(r0, 0x4008642a, &(0x7f0000000bc0)={r11, 0x20}) ioctl$RTC_UIE_ON(r0, 0x7003) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x17) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000c00)={r1, 0x100, 0x0, 0x5c3, 0x200}, &(0x7f0000000c40)=0x18) getsockopt$inet_tcp_buf(r0, 0x6, 0x1a, &(0x7f0000000c80)=""/212, &(0x7f0000000d80)=0xd4) ioctl$EVIOCGID(r0, 0x80084502, &(0x7f0000000dc0)=""/177) getsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000e80), &(0x7f0000000ec0)=0x4) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000f40)={0x0, 0x9, 0x2, &(0x7f0000000f00)=0x8000}) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000f80)={r0, 0x101, 0x5, "70eaa5c75b9cf03e2486e00cf45f1a715c709c5daa5ff33abbf569210b083550566ef241f759d53080623c6179de73a83fae805f2e0785f8fa8e8b9403855c5a19e4f20c3e21255afbce961d98c6fb2a2187934357eefada1537a3e76c680f2ad37f591db832b5e1aec5ae530315aaa7b284384e1282a468bccfe1f6f5686b48c3627c1ff65a81ff09b55dfbc95fe77f49c204cc5f1505"}) ioctl$RTC_UIE_ON(r0, 0x7003) 10:11:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1}}, 0x0) 10:11:05 executing program 2: ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000bf7000/0x1000)=nil, 0x1000}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae05, &(0x7f0000000040)) 10:11:05 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) recvmmsg(r1, &(0x7f0000000000)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000340)=""/180, 0x200003f4}], 0x1, &(0x7f0000000400)=""/213, 0xd5}}], 0x1, 0x0, &(0x7f00000000c0)={0x77359400}) 10:11:05 executing program 1: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000300)=ANY=[@ANYRESDEC], 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000180)="2e65f32efe0a6766c7442400008000006766c7442402000000006766c744240600000000670f011c24b866000f00d066b88044a2b20f23c80f21f866350400d0000f23f80f0766b80500000066b9080000000f01c10f0766b8010000000f01c10f01dfb835008ee0", 0x68}], 0x1, 0x0, &(0x7f00000000c0), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe4000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000400)="66b9800000c00f326635000400000f300fc71e4425749e66b8eab9ffdd0f23d80f21f86635400000100f23f866b8ef6700000f23c00f21f8663501000f000f23f866b9860b000066b80300000066ba000000000f306666660fd5ef66b8ca9300000f23d00f21f86635100000010f23f8ba6100ec66b80d0000000f23d00f21f866351000000e0f23f8", 0x89}], 0x1, 0x0, &(0x7f0000000180), 0x0) mlock(&(0x7f0000ff8000/0x3000)=nil, 0x3000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000680)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000240)={0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000580)={{{@in=@multicast1, @in6=@mcast1}}, {{@in=@rand_addr}, 0x0, @in=@broadcast}}, &(0x7f0000000280)=0xe8) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={&(0x7f0000000240), &(0x7f0000000340)}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000180)) tkill(0x0, 0x15) 10:11:05 executing program 2: ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000bf7000/0x1000)=nil, 0x1000}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae05, &(0x7f0000000040)) 10:11:05 executing program 0: sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x9) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x4, 0x4000, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigaction(0x0, &(0x7f0000000000), &(0x7f0000000080), 0x8, &(0x7f00000003c0)) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x40404) syz_emit_ethernet(0x1, &(0x7f0000000600)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaa78ac141400ac1423bb070200000e00907800000000000000000000000000000000ad7d705f1a47c5a59695793e1d86099877b8278d89e58489642631dd4d1fa0c72d46a54abf459b9e600508fba47dce89cf78b1be9968388500a88bf3975b22ef0e870d8a642fc0d2551fe6461d03d37d993545b74c05c875f5ab995b24237596205a45dc9bbf4ca0f3d3ef45ef13d6f3"], &(0x7f0000000100)) fallocate(r0, 0x0, 0x100000, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025c3f0a00145f8f764070") remap_file_pages(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x2000016, 0x8001, 0x10000001010) r3 = socket$inet6(0xa, 0x1200000000002, 0xffff) ioctl(r3, 0x8912, &(0x7f0000000280)="0a5cc80700315f85714070") perf_event_open(&(0x7f0000000000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000540), 0x8}, 0x44}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000880)}, 0x0) socketpair(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_IRQP_READ(r1, 0x8008700b, &(0x7f0000000740)) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x89f2, &(0x7f0000000580)='ip6_vti0\x00') r6 = socket$inet6(0xa, 0x3, 0x2) ioctl(r6, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, &(0x7f0000000000)={0x3}) ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000500)={0x0, 0x8000000000001, &(0x7f0000000400)=""/193, &(0x7f0000000280)=""/97, &(0x7f00000001c0)=""/127, 0x400000000}) ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000000700)=ANY=[]) ioctl$VHOST_SET_LOG_BASE(r7, 0x4008af04, &(0x7f0000000180)=&(0x7f0000000100)) ioctl$SIOCGIFMTU(r5, 0x8921, &(0x7f0000000240)) ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f00000005c0)=0x8) ioctl$PPPIOCGFLAGS(r5, 0x8004745a, &(0x7f0000000140)) ioctl$SG_GET_NUM_WAITING(r4, 0x227d, &(0x7f0000000300)) tee(r2, r2, 0x2, 0x9) 10:11:05 executing program 3: semget$private(0x0, 0x8, 0x0) semtimedop(0x0, &(0x7f0000000000), 0x0, &(0x7f00000000c0)) [ 221.852440] mmap: syz-executor0 (7464) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 221.984024] ================================================================== [ 221.991447] BUG: KMSAN: uninit-value in __vmx_flush_tlb+0x755/0x790 [ 221.998311] CPU: 1 PID: 7462 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #63 [ 222.005497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.014863] Call Trace: [ 222.017477] dump_stack+0x306/0x460 [ 222.021122] ? __vmx_flush_tlb+0x755/0x790 [ 222.025390] kmsan_report+0x1a3/0x2d0 [ 222.029208] __msan_warning+0x7c/0xe0 [ 222.033040] __vmx_flush_tlb+0x755/0x790 [ 222.037127] vmx_flush_tlb+0x94/0xb0 [ 222.040866] ? vmx_set_rflags+0x740/0x740 [ 222.045034] kvm_mmu_load+0x1656/0x3460 [ 222.049038] ? vmx_set_cr0+0x3510/0x3510 [ 222.053124] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 222.058242] ? task_kmsan_context_state+0x6b/0x120 [ 222.063199] ? __msan_get_context_state+0x9/0x30 [ 222.067973] ? INIT_INT+0xc/0x30 [ 222.071350] ? task_kmsan_context_state+0x6b/0x120 [ 222.076304] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 222.081777] ? kmsan_set_origin_inline+0x6b/0x120 [ 222.086644] ? __msan_poison_alloca+0x17a/0x210 [ 222.091336] ? put_pid+0x71/0x410 [ 222.094812] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 222.099159] ? put_pid+0x1a9/0x410 [ 222.102720] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 222.108106] ? get_task_pid+0x17b/0x270 [ 222.112107] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 222.116278] ? do_vfs_ioctl+0x18a/0x2810 [ 222.120346] ? __se_sys_ioctl+0x1da/0x270 [ 222.124525] ? kvm_vm_release+0x90/0x90 [ 222.128513] do_vfs_ioctl+0xcf3/0x2810 [ 222.132434] ? security_file_ioctl+0x92/0x200 [ 222.136958] __se_sys_ioctl+0x1da/0x270 [ 222.140958] __x64_sys_ioctl+0x4a/0x70 [ 222.144871] do_syscall_64+0xbe/0x100 [ 222.148699] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 222.153898] RIP: 0033:0x457579 [ 222.157120] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.176040] RSP: 002b:00007fb98aca1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.183766] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 222.191047] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 222.198329] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 222.205616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb98aca26d4 [ 222.212904] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 222.220212] [ 222.221846] Local variable description: ----error.i.i.i@__vmx_flush_tlb [ 222.228703] Variable was created at: [ 222.232430] __vmx_flush_tlb+0x103/0x790 [ 222.236506] vmx_flush_tlb+0x94/0xb0 [ 222.240214] ================================================================== [ 222.247567] Disabling lock debugging due to kernel taint [ 222.253133] Kernel panic - not syncing: panic_on_warn set ... [ 222.253133] [ 222.260514] CPU: 1 PID: 7462 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #63 [ 222.269094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.278449] Call Trace: [ 222.281050] dump_stack+0x306/0x460 [ 222.284703] panic+0x54c/0xafa [ 222.287944] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 222.293415] kmsan_report+0x2cd/0x2d0 [ 222.297237] __msan_warning+0x7c/0xe0 [ 222.301053] __vmx_flush_tlb+0x755/0x790 [ 222.305139] vmx_flush_tlb+0x94/0xb0 [ 222.308869] ? vmx_set_rflags+0x740/0x740 [ 222.313039] kvm_mmu_load+0x1656/0x3460 [ 222.317037] ? vmx_set_cr0+0x3510/0x3510 [ 222.321121] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 222.326243] ? task_kmsan_context_state+0x6b/0x120 [ 222.331186] ? __msan_get_context_state+0x9/0x30 [ 222.335958] ? INIT_INT+0xc/0x30 [ 222.339334] ? task_kmsan_context_state+0x6b/0x120 [ 222.344283] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 222.349751] ? kmsan_set_origin_inline+0x6b/0x120 [ 222.354610] ? __msan_poison_alloca+0x17a/0x210 [ 222.359296] ? put_pid+0x71/0x410 [ 222.362755] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 222.367096] ? put_pid+0x1a9/0x410 [ 222.370648] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 222.376028] ? get_task_pid+0x17b/0x270 [ 222.380019] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 222.384197] ? do_vfs_ioctl+0x18a/0x2810 [ 222.388278] ? __se_sys_ioctl+0x1da/0x270 [ 222.392532] ? kvm_vm_release+0x90/0x90 [ 222.396521] do_vfs_ioctl+0xcf3/0x2810 [ 222.400438] ? security_file_ioctl+0x92/0x200 [ 222.404954] __se_sys_ioctl+0x1da/0x270 [ 222.408957] __x64_sys_ioctl+0x4a/0x70 [ 222.412859] do_syscall_64+0xbe/0x100 [ 222.416682] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 222.421878] RIP: 0033:0x457579 [ 222.425089] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.444006] RSP: 002b:00007fb98aca1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.451735] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 222.459013] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 222.466294] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 222.473685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb98aca26d4 [ 222.480964] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 222.481058] IPVS: ftp: loaded support on port[0] = 21 [ 222.489351] Kernel Offset: disabled [ 222.498147] Rebooting in 86400 seconds..