[   67.723770] audit: type=1800 audit(1544496828.782:25): pid=6633 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   67.742908] audit: type=1800 audit(1544496828.782:26): pid=6633 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   67.762373] audit: type=1800 audit(1544496828.802:27): pid=6633 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   69.089246] sshd (6700) used greatest stack depth: 53248 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
2018/12/11 02:54:05 fuzzer started
2018/12/11 02:54:10 dialing manager at 10.128.0.26:37383
2018/12/11 02:54:10 syscalls: 1
2018/12/11 02:54:10 code coverage: enabled
2018/12/11 02:54:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/12/11 02:54:10 setuid sandbox: enabled
2018/12/11 02:54:10 namespace sandbox: enabled
2018/12/11 02:54:10 Android sandbox: /sys/fs/selinux/policy does not exist
2018/12/11 02:54:10 fault injection: enabled
2018/12/11 02:54:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/12/11 02:54:10 net packet injection: enabled
2018/12/11 02:54:10 net device setup: enabled
02:57:02 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socket$inet(0x2, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)

syzkaller login: [  262.591082] IPVS: ftp: loaded support on port[0] = 21
[  264.688866] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.695499] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.704071] device bridge_slave_0 entered promiscuous mode
[  264.841396] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.848103] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.857238] device bridge_slave_1 entered promiscuous mode
[  264.977978] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  265.109291] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  265.477407] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  265.599325] bond0: Enslaving bond_slave_1 as an active interface with an up link
02:57:06 executing program 1:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$KDGETKEYCODE(0xffffffffffffffff, 0x4b4c, 0x0)
ioctl$TCSETAF(r0, 0x5413, &(0x7f0000000040))

[  266.351915] IPVS: ftp: loaded support on port[0] = 21
[  266.541787] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  266.550765] team0: Port device team_slave_0 added
[  266.835006] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  266.844000] team0: Port device team_slave_1 added
[  267.034864] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  267.042970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  267.052462] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  267.257029] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  267.264303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  267.273551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  267.524624] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  267.532478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  267.542095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  267.764310] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  267.772289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  267.781345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  269.573800] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.580371] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.588978] device bridge_slave_0 entered promiscuous mode
[  269.772644] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.779186] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.788111] device bridge_slave_1 entered promiscuous mode
[  270.005789] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  270.040325] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.047161] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.054531] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.061087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  270.070307] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  270.266832] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  270.801908] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  270.832079] bond0: Enslaving bond_slave_0 as an active interface with an up link
02:57:12 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
pipe(&(0x7f0000000000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de56b5000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00b60000000000000025"], 0x1}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240))
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000140))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000010000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  271.021877] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  271.298922] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  271.306305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  271.575083] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  271.582247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  271.726835] IPVS: ftp: loaded support on port[0] = 21
[  272.359369] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  272.368065] team0: Port device team_slave_0 added
[  272.526799] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  272.535358] team0: Port device team_slave_1 added
[  272.722750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  272.952358] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  272.959422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  272.968422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  273.198484] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  273.206375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  273.215705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  273.489006] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  273.496669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  273.505863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  275.883585] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.890192] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.898861] device bridge_slave_0 entered promiscuous mode
[  276.076196] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.083305] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.091959] device bridge_slave_1 entered promiscuous mode
[  276.225906] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.232482] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.239569] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.246214] bridge0: port 1(bridge_slave_0) entered forwarding state
[  276.255549] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  276.313925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  276.515055] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  276.724130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  277.217463] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  277.488071] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  277.722249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  277.749340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  277.984952] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  277.992131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  278.676230] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  278.684750] team0: Port device team_slave_0 added
02:57:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x32, 0xffffffffffffffff, 0x0)
getsockopt$packet_int(r0, 0x107, 0xb, &(0x7f0000000000), &(0x7f00000041c0)=0x4)

[  278.946445] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  278.955170] team0: Port device team_slave_1 added
[  279.161353] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  279.168579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  279.177993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  279.450289] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  279.457429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  279.466757] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  279.806415] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  279.814040] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  279.823228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  279.832565] IPVS: ftp: loaded support on port[0] = 21
[  279.955123] 8021q: adding VLAN 0 to HW filter on device bond0
[  280.054800] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  280.063582] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  280.072585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  281.099165] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  282.208092] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  282.214652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  282.222879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  283.294911] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.301502] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.308855] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.315487] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.325222] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  283.362817] 8021q: adding VLAN 0 to HW filter on device team0
[  284.242295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  284.667926] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.674625] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.683159] device bridge_slave_0 entered promiscuous mode
[  285.000508] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.007173] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.016273] device bridge_slave_1 entered promiscuous mode
[  285.407642] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  285.722674] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  286.548177] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  286.877353] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  287.196581] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  287.204516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  287.401967] 8021q: adding VLAN 0 to HW filter on device bond0
[  287.560246] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  287.567459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
02:57:29 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x2c)

[  288.459508] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  288.468179] team0: Port device team_slave_0 added
[  288.498148] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  288.816089] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  288.824854] team0: Port device team_slave_1 added
[  289.167989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  289.175249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  289.184178] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  289.409803] IPVS: ftp: loaded support on port[0] = 21
[  289.484428] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  289.491455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  289.500512] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  289.758792] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  289.765258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  289.773422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  289.909552] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  289.917345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  289.926373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  290.218217] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  290.225928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  290.235364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
02:57:31 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0xf15]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

[  290.978181] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
02:57:32 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234488dd25d766070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080))

[  291.374948] 8021q: adding VLAN 0 to HW filter on device team0
02:57:32 executing program 0:
r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000280)={0x3, @sliced})
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xb7, 0x4001)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={<r2=>0x0, 0x5}, &(0x7f0000000100)=0x8)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f00000001c0)={0xfff, 0x0, 0x300b, 0x200, 0x5, 0x0, 0x100000001, 0x1})
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000140)={r2, 0x5}, &(0x7f0000000180)=0x8)
ioctl$DRM_IOCTL_AGP_INFO(r1, 0x80386433, &(0x7f0000000080)=""/25)

02:57:33 executing program 0:
r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000280)={0x3, @sliced})
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xb7, 0x4001)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={<r2=>0x0, 0x5}, &(0x7f0000000100)=0x8)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f00000001c0)={0xfff, 0x0, 0x300b, 0x200, 0x5, 0x0, 0x100000001, 0x1})
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000140)={r2, 0x5}, &(0x7f0000000180)=0x8)
ioctl$DRM_IOCTL_AGP_INFO(r1, 0x80386433, &(0x7f0000000080)=""/25)

02:57:33 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, 0x1d, 0xafd, 0x70bd2b, 0x3, {0x8}}, 0x14}}, 0x0)
recvmmsg(r2, &(0x7f0000000000)=[{{&(0x7f0000000a80)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000000c40), 0x0, &(0x7f0000000c80)=""/4096, 0xfffffffffffffee8}}], 0x3ffffffffffffc4, 0x2, &(0x7f0000000140)={0x77359400})

02:57:34 executing program 0:
r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000000)={0x5, 0x829})
clock_gettime(0x9ef3d05791d6314e, &(0x7f00000001c0))

02:57:35 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x1100085)
r1 = memfd_create(&(0x7f0000000140)='/dev/loop#\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)="16", 0x1}], 0x1, 0x1081806)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, &(0x7f00000023c0), 0x7fffffff)
ioctl$LOOP_SET_FD(r1, 0x4c00, r1)
migrate_pages(0x0, 0x7, &(0x7f0000000100)=0xb6, &(0x7f00000001c0)=0x200000000001)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x40, 0x0)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e21, 0x0, @local}}}, 0x84)
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f00000000c0)={0x0, 0x0, 0x1})

[  294.387140] bridge0: port 2(bridge_slave_1) entered blocking state
[  294.393802] bridge0: port 2(bridge_slave_1) entered forwarding state
[  294.400856] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.407497] bridge0: port 1(bridge_slave_0) entered forwarding state
[  294.416298] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  294.892398] print_req_error: I/O error, dev loop0, sector 632
[  294.898405] Buffer I/O error on dev loop0, logical block 79, lost async page write
[  295.122285] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
02:57:36 executing program 0:
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000140)={{{@in, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}}, {{@in=@local}, 0x0, @in=@dev}}, &(0x7f0000000040)=0xe8)
setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={r0, @multicast1, @rand_addr=0x8}, 0xc)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
socket$inet(0x2, 0x3, 0x1)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffc}, 0x4)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
splice(r1, 0x0, r3, 0x0, 0x810005, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
socket$inet_sctp(0x2, 0x1, 0x84)

[  295.896328] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.903141] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.912102] device bridge_slave_0 entered promiscuous mode
[  296.324424] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.330926] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.339547] device bridge_slave_1 entered promiscuous mode
[  296.766000] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  297.065396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  297.340129] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.873975] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  298.148282] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  298.390780] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  298.397996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  298.484891] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  298.624654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  298.631788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
02:57:40 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f023c123f3188a070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000380), 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x4000000000014, &(0x7f0000000180)=0x1, 0x4)
sendto$inet(r1, &(0x7f0000000500)='\x00', 0x1, 0x0, 0x0, 0x0)

[  299.453407] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  299.462115] team0: Port device team_slave_0 added
[  299.586070] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  299.592539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  299.600446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  299.715974] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  299.724867] team0: Port device team_slave_1 added
[  299.978412] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  299.985610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  299.994721] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  300.122725] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  300.129737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  300.138690] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  300.307422] 8021q: adding VLAN 0 to HW filter on device team0
[  300.364248] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  300.371956] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  300.381523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  300.587519] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  300.595760] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  300.604691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  302.201423] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.207995] bridge0: port 2(bridge_slave_1) entered forwarding state
[  302.215360] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.222008] bridge0: port 1(bridge_slave_0) entered forwarding state
[  302.230706] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  302.238001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  304.392311] 8021q: adding VLAN 0 to HW filter on device bond0
[  304.630363] kvm [7933]: vcpu0, guest rIP: 0x2db ignored wrmsr: 0x11e data 0xbe706111
02:57:45 executing program 0:
unshare(0x8000400)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x113}}, 0x20)
ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x100000000)
write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r2, 0x3c, 0x0, @in={0x2, 0x4e20, @rand_addr=0x8}}}, 0x90)
ioctl$KVM_KVMCLOCK_CTRL(r1, 0xaead)
ioctl$KDSIGACCEPT(r1, 0x4b4e, 0x0)

[  305.205307] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  305.697138] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  305.703552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  305.711494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  306.185463] 8021q: adding VLAN 0 to HW filter on device team0
[  308.170261] 8021q: adding VLAN 0 to HW filter on device bond0
[  308.625489] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  309.033362] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  309.039684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  309.048048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
02:57:50 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000001540)=""/143, 0x8f}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00')
preadv(r0, &(0x7f0000000480), 0x1000000000000156, 0x0)

[  309.475292] 8021q: adding VLAN 0 to HW filter on device team0
02:57:52 executing program 4:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001a0081270000000000000000000000d59b5cde8fb9bb0a0e8615d51416c6aa6d874d428635101780eec0872dba3d8ab1fc4c095e76e3f232fde18ad6b5978b78ee5116332fc7f273fc4e2602a798cd2f8553a11835bac04f24858acaaff252b3a2d50a25f64b69dab5ee19cc1c1a93ede136fc2bb39ffeab78a8feb60655b19e608bab746401d434edf3ba7bcb28371b276eea1256324986717d7895d4d5b29eb122168e8c49b89d858ae7d32182e389b8758503ac4e5725af2427677e4b0ec17ccc9eb02048b0833fa2f04dcc8044f27f3fdf0591f1c5dfc4fb111d2672ff00dbb765422afc318db2a1fd367d2a2bba9f74a64f818bcb11d86b75fe0800821f25aa567b49cbb0a69170ba7479f74c270ea0f0a21b527a1dd2b37718ff7dda7bb4fc1d7b0472818c9707bfe14ae087319cc0cb949d60d54665eff9374d46935fb50b24"], 0x1}}, 0x0)

02:57:52 executing program 1:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f0000000000)='team0\x00')
clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@dellink={0x34, 0x11, 0x201, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'team0\x00'}]}, 0x34}}, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f00000000c0), 0x4)

02:57:52 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
pipe(&(0x7f0000000000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de56b5000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00b60000000000000025"], 0x1}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240))
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000140))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000010000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:57:52 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x200, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x4000, 0x0)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100), &(0x7f0000000140)=0x4)
r3 = accept4$tipc(r1, &(0x7f0000000180), &(0x7f00000001c0)=0x10, 0x800)
fdatasync(r1)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000200))
ioctl$VIDIOC_G_FBUF(r1, 0x8030560a, &(0x7f0000000480)={0x28, 0x8, &(0x7f0000000380)="01364cfa138e6a0105b6ea9bfa6bc2c2c921213713bf246f195ea394abd6ada5c0a37297e9a3e69792dc227e013a8d35c5718fd7842e1fb09cef2499f0522d016e5e84ee11a2739ea0965814b1f30fced6838f4a5b42bd8a28c2d4ff4190cd4ff6e4d79195d30378ba31fc0473e4302d81426eaa22485fe3374fa4a555c0d22d8141afb5b057c9ed3d2ca8725d3d14514daf180366b00736c136f2b5b2432d4a6feb2293c44c134ccb45157d124184146606be153ca72170a9d217c2d50bacaff50123fcdfa7e7a78b10ee7ab4f011d9dafad55ec2185c97bf4e0e88140f70c81011378cd7479748cd1e", {0x1000, 0x9, 0x38795776, 0x7, 0x9, 0xfffffffffffff50a, 0xf, 0x10001}})
ioperm(0x3, 0x3, 0x100)
ioctl$FICLONE(r2, 0x40049409, r2)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000500)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1020000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x30, r4, 0xb02, 0x70bd26, 0x25dfdbff, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x2, 0x5, 0x3f31400000, 0x8}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
symlinkat(&(0x7f0000000600)='./file0\x00', r1, &(0x7f0000000640)='./file0\x00')
ioctl$TCSBRKP(r1, 0x5425, 0x80000001)
r5 = openat(r1, &(0x7f0000000680)='./file0\x00', 0x400, 0x8)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000006c0)=<r6=>0x0)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000700)={[], 0x5, 0x100, 0x2, 0x100, 0x6, r6})
write$binfmt_aout(r2, &(0x7f0000000780)={{0x1cf, 0x100, 0x7fff, 0x186, 0x204, 0xfb3, 0x25a}, "f8b3d1d8f4c8072263b60b1199c3a47991c73e89edf056ddb7ab185b9e3094934c33643ff87f9355758df5edf92593adb279de837280114c1032474ed994e24522c3530d7513f33b6cf577ba52ce531d9e5f377e14fd313721051b69d6e6dc63a77f0df87386f87cc5995d9368ee8a465fca1e7f989fa258453a43269bcbdc0f1338ce732b14e2e86068c8c7def38d3019bf3c5b4d730afa9ff115b8b85081b0fcdbd06ec728c4d10262486313d778e9996aa010b2276336d610521358add4347aa2cdf8edae270936b56d38d7d5aa82604ec0dc2882aa66cf2277c7dbe01da327e95a481b7ab7a53eb16a831dd7a44ea0", [[], [], [], []]}, 0x511)
socket$vsock_dgram(0x28, 0x2, 0x0)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f0000000cc0))
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000d00))
r7 = add_key$keyring(&(0x7f0000000d40)='keyring\x00', &(0x7f0000000d80)={'syz', 0x0}, 0x0, 0x0, 0x0)
keyctl$setperm(0x5, r7, 0x28000800)
setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f0000000dc0)={0x0, @multicast2, 0x4e23, 0x4, 'fo\x00', 0x20, 0x7, 0x47}, 0x2c)
splice(r3, &(0x7f0000000e00), r3, &(0x7f0000000e40), 0x9e1, 0x4)
setsockopt$TIPC_CONN_TIMEOUT(r5, 0x10f, 0x82, &(0x7f0000000e80)=0x100000001, 0x4)
ioctl$FICLONE(r3, 0x40049409, r3)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000ec0)=""/93)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000f40)='/dev/ppp\x00', 0x501c00, 0x0)

02:57:52 executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
pipe(&(0x7f0000000000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de56b5000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00b60000000000000025"], 0x1}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240))
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000140))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000010000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:57:52 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000012c0)={&(0x7f0000000000), 0xc, &(0x7f0000001280)={&(0x7f0000000900)=ANY=[@ANYBLOB="00000000000000001800120008000100736974000c0002ff0800040004a9961f"], 0x1}}, 0x0)

02:57:52 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$netlink(r0, &(0x7f0000000200)=@unspec, 0xc)
connect$netlink(r0, &(0x7f0000000040)=@unspec, 0xc)

[  311.247648] kvm [8157]: vcpu0, guest rIP: 0x2db ignored wrmsr: 0x11e data 0xbe706111
[  311.251087] team0 (unregistering): Port device team_slave_0 removed
02:57:52 executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
socket$inet_udplite(0x2, 0x2, 0x88)
bind$unix(r0, &(0x7f0000000180)=@abs={0x1}, 0x2)

02:57:52 executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000588ff8)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$lock(r1, 0x7, &(0x7f0000002000))
fcntl$lock(r1, 0x26, &(0x7f00000000c0)={0x1, 0x0, 0x7})
dup3(r0, r1, 0x0)

[  311.410926] kvm [8161]: vcpu0, guest rIP: 0x2db ignored wrmsr: 0x11e data 0xbe706111
[  311.427608] team0 (unregistering): Port device team_slave_1 removed
02:57:52 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
pipe(&(0x7f0000000000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de56b5000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00b60000000000000025"], 0x1}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240))
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000140))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000010000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:57:52 executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmsg$NBD_CMD_STATUS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14}, 0x14}}, 0x0)
sendto$inet(r0, &(0x7f0000000c00)="9ee623207234fda367fad093ae1985798814fc3ddffee340ba93d43bdf34f2c43a0da9e062a408fd8f9b869b8449d6f9f64cb24e9a9313309de943a26cb24f7c1c193ab71949b8a5f7700e7faef4c58e98f4c00d0478dca11d2bcef7b1b9a5583e0ff77646f9c7a19b2052509e9881c899e833648f7df06f55b5a7f678da94d10ef2feba084dc00e653c5ce5ab24de9e984fdee4c37b93f9bfee3119012c41e681cbef6a5a4817829f798596bae03375c8738cd397b732d51325b1ccafcd561f91c37db89659458cf5fe9b7d36fe6ade85d4b53a7cc737a7b5edd6a149ab951c8455cdee1e15569315f8747092793a6feb63ade82cb415533620d44bcd37f05918322b8df83c5e23efd6e207fd4a002855ae2aee7f80be6b4ad485b75aa56d7a2c896a254412ab4fa0de469c98899e87c42d0b896ed8fbb7b33c50a85da77a160bd739be79960f22bab0a6a6dc6360e185a09b0a87fb0e07f77d052941fec53fbe80f39c3c5342cd169103b733fcb45a0242737532362cde56fea57ac6517a2eda776ee1a3b99ce18868bc6d6432c14c7d98e9e2c7c0cbc20416aea4105dbfe50f50248324aae215a31bf74336916a01ea72e9ff31ac463894a79af4f23482a836bbb48335c856c0f9dc8c45187d27deca7bc2a1ba7e4884df2016919be5a5f1154b16932d4e15003201a61fbe24575246477cf7d159f61db5c95ff360704857c4464b3b6920f4b6d2f20aeb250b75a06cceb9c7e4a477bd02cb80323a682f82b4b0b2f95eaefee2ffd1f01122da3c8ec21bde0c72d2e5bf03cc7ad5ab9e1d846cc5a4e5fa31216a9fdcb51d4b2fc62d73d0852f60abe3e75e4719fe0f373fffc7a8c10d3f859e7601c710b343c6784d54bbbed29a2093fc61ebcce3ec26c0ee67ab22d6193b34bc79dd9a2ac49d4b717b8dc60875b7ea39cacc0a2920b3afdd66b74f032c8065c23213965d98d6ec58dad05d29fb014cff407212a9fddce9a910e1e92ff8f84ee258e6f7398c73fd1b906a1f43012537ab75a1d3041fad4e36d1c935cbef7a8caec03b06c2b67a833e41f32fd90ec147d5ee631ba74c000ad91e35b2d73fe8dc96973a6019d494e511cb5119e2f29cf508dc84beb9b87b2b0664e98650212a316cbc9e48b631a447b5566aeb2ec19656b3d0d67239bdb7f6c1e38f0afc21c966fbb7773c0c4fe60d09e719add1991084578a742782553c89df5f9e5e7d6cbeced3bd404f1649106095aef297408efdf0e94a877f6a58b040a4d7bee003e5466f34dba787646d8bae851b733491ae15f2e7f9ca86f7d23eb35648b54b3f9f84daa5e97173e68c8195347e01c2d7fe3a875c40373dd85c5e16aad8cd6c9a7c3ecf6391442946a5b136eceb84561b6525d6a4e1fe61be8a07a2d893ff4bc3fd9d07c013320e3837e1facbcebbabfd8bba3c91c56fdf1720755f938f65765484f1d6eaf0e5a75239b601f54b0734e3838621703d312e524d563c1bcd80d54eaa495cefe568c9d736e05af682268b40ce69ae108dd32fe49cd7965c006dfe187dd79688b576f5315e140a3c086086db5618e71bc4176b9d7d983ed14f335517f18ec6574a945f4d8ecadcf5ad19664221e47cd19e3e72897f7993144560ecf5ef8ce0efba3b98a144953f03c0b5ca53d5ca057300557d33028a101a4ac0582fc2d07f92c4aee7d126986b2727cde4aceb836b38ec036f831ecc805ddd3f0f015c9db0892450eb809ed4ab6a6596a007ba103a304e5d28156c66a09e970e5a70579ae150817b28255bd5781e655907c07be7d7d18d1d5b2eece6be60821ebed77df07d6ea45ccc78ed0ccd3a64ec8f7255d1f1165c028fa52e225f12d634362c", 0x524, 0x0, 0x0, 0x0)

02:57:52 executing program 3:
seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0xfffffffffffffffe}]})
r0 = timerfd_create(0x0, 0x0)
timerfd_gettime(r0, &(0x7f0000000040))

02:57:52 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
recvmmsg(r0, &(0x7f0000004880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40, 0x0)

02:57:53 executing program 4:
clone(0x0, 0x0, 0x0, 0x0, 0x0)
remap_file_pages(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0)

[  311.932121] kauditd_printk_skb: 3 callbacks suppressed
[  311.932166] audit: type=1326 audit(1544497072.982:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8194 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ba code=0xffff0000
[  312.070587] kvm [8190]: vcpu0, guest rIP: 0x2db ignored wrmsr: 0x11e data 0xbe706111
[  312.164240] mmap: syz-executor4 (8204) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  312.408619] IPVS: ftp: loaded support on port[0] = 21
[  312.684987] audit: type=1326 audit(1544497073.742:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8194 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ba code=0xffff0000
[  313.712600] bridge0: port 1(bridge_slave_0) entered blocking state
[  313.719206] bridge0: port 1(bridge_slave_0) entered disabled state
[  313.727858] device bridge_slave_0 entered promiscuous mode
[  313.803348] bridge0: port 2(bridge_slave_1) entered blocking state
[  313.810021] bridge0: port 2(bridge_slave_1) entered disabled state
[  313.818569] device bridge_slave_1 entered promiscuous mode
[  313.891878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  313.962222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  314.156980] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  314.222619] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  314.538619] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  314.546439] team0: Port device team_slave_0 added
[  314.608065] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  314.615876] team0: Port device team_slave_1 added
[  314.680894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  314.744948] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  314.811004] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  314.818335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  314.827460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  314.884770] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  314.892162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  314.901164] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  315.617106] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.623703] bridge0: port 2(bridge_slave_1) entered forwarding state
[  315.630524] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.637124] bridge0: port 1(bridge_slave_0) entered forwarding state
[  315.645185] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  316.401881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  318.265400] 8021q: adding VLAN 0 to HW filter on device bond0
[  318.508335] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  318.743211] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  318.749653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  318.758162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  318.999370] 8021q: adding VLAN 0 to HW filter on device team0
02:58:01 executing program 5:
r0 = socket$kcm(0x2, 0x5, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={0x0, &(0x7f0000000440)=""/4, 0x0, 0x4}, 0x20)
close(0xffffffffffffffff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1)
setsockopt$sock_attach_bpf(r0, 0x84, 0x10, &(0x7f0000000180), 0x8)

02:58:01 executing program 0:
clone(0x0, 0x0, 0x0, 0x0, 0x0)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x0)

02:58:01 executing program 1:
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000600)='/dev/video36\x00', 0x2, 0x0)
close(r0)

02:58:01 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
pipe(&(0x7f0000000000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de56b5000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00b60000000000000025"], 0x1}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240))
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000140))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000010000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:58:01 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000040607031dfffd946fa2830020200a0009000100061d85680c1baba20400ff7e28000000110affffba010000", 0x30}], 0x1}, 0x0)

02:58:01 executing program 3:
r0 = socket(0x200000000000011, 0x4000000000080002, 0xdd86)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'ip6_vti0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
write$binfmt_misc(r0, &(0x7f0000000080)={'syz1'}, 0x4)

[  320.677274] netlink: 'syz-executor4': attribute type 1 has an invalid length.
[  320.742689] ==================================================================
[  320.744791] sctp: [Deprecated]: syz-executor5 (pid 8488) Use of struct sctp_assoc_value in delayed_ack socket option.
[  320.744791] Use struct sctp_sack_info instead
[  320.750115] BUG: KMSAN: uninit-value in vti6_tnl_xmit+0x540/0x28a0
[  320.750137] CPU: 1 PID: 8481 Comm: syz-executor3 Not tainted 4.20.0-rc5+ #111
[  320.750148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  320.750170] Call Trace:
[  320.750198]  dump_stack+0x284/0x3b0
[  320.750222]  ? vti6_tnl_xmit+0x540/0x28a0
[  320.750269]  kmsan_report+0x12d/0x290
[  320.802495]  __msan_warning+0x76/0xc0
[  320.806331]  vti6_tnl_xmit+0x540/0x28a0
[  320.810358]  ? __msan_poison_alloca+0x1e0/0x270
[  320.815120]  ? vti6_dev_uninit+0x670/0x670
[  320.819429]  dev_hard_start_xmit+0x6a8/0xd80
[  320.823904]  __dev_queue_xmit+0x2e9d/0x3ad0
[  320.828271]  dev_queue_xmit+0x4b/0x60
[  320.832081]  ? __netdev_pick_tx+0x1390/0x1390
[  320.836603]  packet_sendmsg+0x83bb/0x9070
[  320.840755]  ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70
[  320.846204]  ? kmsan_memcpy_metadata+0xb/0x10
[  320.850816]  ? sock_write_iter+0x102/0x4f0
[  320.855062]  ? __se_sys_write+0x17a/0x370
[  320.859337]  ? do_syscall_64+0xcd/0x110
[  320.863387]  ? kmsan_save_stack_with_flags+0x130/0x130
[  320.868665]  ? futex_wait+0xcb1/0xe60
[  320.872479]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  320.877845]  ? aa_sk_perm+0x7ab/0x9e0
[  320.881697]  ? compat_packet_setsockopt+0x360/0x360
[  320.886723]  sock_write_iter+0x3f4/0x4f0
[  320.890819]  ? sock_read_iter+0x4e0/0x4e0
[  320.894989]  __vfs_write+0x888/0xb80
[  320.898731]  vfs_write+0x4b4/0x900
[  320.902307]  __se_sys_write+0x17a/0x370
[  320.906299]  __x64_sys_write+0x4a/0x70
[  320.910189]  do_syscall_64+0xcd/0x110
[  320.914005]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  320.919189] RIP: 0033:0x457659
[  320.922382] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  320.941290] RSP: 002b:00007fa37603ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  320.949015] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659
[  320.956278] RDX: 0000000000000004 RSI: 0000000020000080 RDI: 0000000000000003
[  320.964104] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  320.971375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa37603b6d4
[  320.978642] R13: 00000000004c6097 R14: 00000000004dac28 R15: 00000000ffffffff
[  320.985940] 
[  320.987555] Uninit was created at:
[  320.991131]  kmsan_internal_poison_shadow+0x92/0x150
[  320.996233]  kmsan_kmalloc+0xa1/0x100
[  321.000029]  kmsan_slab_alloc+0xe/0x10
[  321.003925]  __kmalloc_node_track_caller+0xf72/0x1280
[  321.009117]  __alloc_skb+0x3f9/0xdf0
[  321.012839]  alloc_skb_with_frags+0x1c9/0xa80
[  321.017366]  sock_alloc_send_pskb+0xd49/0x1360
[  321.021945]  packet_sendmsg+0x66a9/0x9070
[  321.026108]  sock_write_iter+0x3f4/0x4f0
[  321.030170]  __vfs_write+0x888/0xb80
[  321.033878]  vfs_write+0x4b4/0x900
[  321.037413]  __se_sys_write+0x17a/0x370
[  321.041382]  __x64_sys_write+0x4a/0x70
[  321.045266]  do_syscall_64+0xcd/0x110
[  321.049093]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  321.054275] ==================================================================
[  321.061636] Disabling lock debugging due to kernel taint
[  321.067100] Kernel panic - not syncing: panic_on_warn set ...
[  321.072999] CPU: 1 PID: 8481 Comm: syz-executor3 Tainted: G    B             4.20.0-rc5+ #111
[  321.081656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  321.090998] Call Trace:
[  321.093585]  dump_stack+0x284/0x3b0
[  321.097229]  panic+0x533/0xb02
[  321.100484]  kmsan_report+0x290/0x290
[  321.104299]  __msan_warning+0x76/0xc0
[  321.108131]  vti6_tnl_xmit+0x540/0x28a0
[  321.112173]  ? __msan_poison_alloca+0x1e0/0x270
[  321.116862]  ? vti6_dev_uninit+0x670/0x670
[  321.121101]  dev_hard_start_xmit+0x6a8/0xd80
[  321.125538]  __dev_queue_xmit+0x2e9d/0x3ad0
[  321.129898]  dev_queue_xmit+0x4b/0x60
[  321.133699]  ? __netdev_pick_tx+0x1390/0x1390
[  321.138198]  packet_sendmsg+0x83bb/0x9070
[  321.142367]  ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70
[  321.147837]  ? kmsan_memcpy_metadata+0xb/0x10
[  321.152342]  ? sock_write_iter+0x102/0x4f0
[  321.156582]  ? __se_sys_write+0x17a/0x370
[  321.160767]  ? do_syscall_64+0xcd/0x110
[  321.164751]  ? kmsan_save_stack_with_flags+0x130/0x130
[  321.170024]  ? futex_wait+0xcb1/0xe60
[  321.173840]  ? __msan_metadata_ptr_for_load_8+0x10/0x20
[  321.179207]  ? aa_sk_perm+0x7ab/0x9e0
[  321.183086]  ? compat_packet_setsockopt+0x360/0x360
[  321.188141]  sock_write_iter+0x3f4/0x4f0
[  321.192223]  ? sock_read_iter+0x4e0/0x4e0
[  321.196371]  __vfs_write+0x888/0xb80
[  321.200183]  vfs_write+0x4b4/0x900
[  321.203764]  __se_sys_write+0x17a/0x370
[  321.207772]  __x64_sys_write+0x4a/0x70
[  321.211664]  do_syscall_64+0xcd/0x110
[  321.215470]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  321.220682] RIP: 0033:0x457659
[  321.223889] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  321.242841] RSP: 002b:00007fa37603ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  321.250567] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457659
[  321.257831] RDX: 0000000000000004 RSI: 0000000020000080 RDI: 0000000000000003
[  321.265101] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  321.272381] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa37603b6d4
[  321.279644] R13: 00000000004c6097 R14: 00000000004dac28 R15: 00000000ffffffff
[  321.287977] Kernel Offset: disabled
[  321.291610] Rebooting in 86400 seconds..