[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   57.698364] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c[   58.077883] random: sshd: uninitialized urandom read (32 bytes read)
.
[   58.689853] bash (6125) used greatest stack depth: 53168 bytes left
[   58.752257] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   60.866212] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.98' (ECDSA) to the list of known hosts.
[   66.635063] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/10 04:56:33 fuzzer started
[   71.269483] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/10 04:56:38 dialing manager at 10.128.0.26:44001
2018/10/10 04:56:38 syscalls: 1
2018/10/10 04:56:38 code coverage: enabled
2018/10/10 04:56:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/10 04:56:38 setuid sandbox: enabled
2018/10/10 04:56:38 namespace sandbox: enabled
2018/10/10 04:56:38 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/10 04:56:38 fault injection: enabled
2018/10/10 04:56:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/10 04:56:38 net packed injection: enabled
2018/10/10 04:56:38 net device setup: enabled
[   76.245483] random: crng init done
04:58:30 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x3, 0x0)
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x6, &(0x7f0000000100)=""/82, &(0x7f0000000000)=0x52)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x9, 0x0, 0x8000}, 0x4)

[  186.137766] IPVS: ftp: loaded support on port[0] = 21
[  188.572713] bridge0: port 1(bridge_slave_0) entered blocking state
[  188.579203] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.588661] device bridge_slave_0 entered promiscuous mode
[  188.735658] bridge0: port 2(bridge_slave_1) entered blocking state
[  188.743054] bridge0: port 2(bridge_slave_1) entered disabled state
[  188.751461] device bridge_slave_1 entered promiscuous mode
[  188.897939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  189.046089] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
04:58:34 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00')
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000b40)={&(0x7f00000007c0), 0xc, &(0x7f0000000b00)={&(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000000000300000008000300fb000000080001004e2200000800040001000000ae9ca3aae2a6a32cac70c7f9cd82f11ef308de7b5a05bba7db4291278720e554ade8bd9a4b1be9131aba6ae988c5c3ab184afc08ed44e38a43d85a1b1868f6e0ffdf6bba75c7d7757d26a6076151c045e494703787dd71e204f0b72772f314f0496163291ac6c90ccf9b7e30cfe3d9d224e241dda2cf8d87a4aa4f796db878533c1984188869327316cd29967a7c65475b67e77e023e24d8f0fc78a4a59430d341ecf9d8b0582165f30b047a2ce5b0422c9a6c5084e1d339e5f55970e87a67b1268b6b239406e42fa523c57a65"], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0x0)

[  189.494762] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  189.680293] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  190.155548] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  190.162704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  190.167034] IPVS: ftp: loaded support on port[0] = 21
[  190.717781] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  190.726044] team0: Port device team_slave_0 added
[  190.981417] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  190.989783] team0: Port device team_slave_1 added
[  191.276277] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  191.283467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  191.292591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  191.596465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  191.603742] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  191.613332] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  191.891729] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  191.899293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  191.908533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  192.090439] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  192.098121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  192.108676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  193.863629] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.870129] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.878864] device bridge_slave_0 entered promiscuous mode
[  194.064697] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.071179] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.079861] device bridge_slave_1 entered promiscuous mode
[  194.253344] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  194.462681] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  194.825317] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.831921] bridge0: port 2(bridge_slave_1) entered forwarding state
[  194.838857] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.845464] bridge0: port 1(bridge_slave_0) entered forwarding state
[  194.854382] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  195.022225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  195.098403] bond0: Enslaving bond_slave_0 as an active interface with an up link
04:58:40 executing program 2:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
exit(0x0)
preadv(r0, &(0x7f0000001700)=[{&(0x7f0000001780)=""/139, 0x8b}], 0x1, 0x0)

[  195.360155] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  195.745064] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  195.752226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  196.099411] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  196.106671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  196.276459] IPVS: ftp: loaded support on port[0] = 21
[  197.033229] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  197.041260] team0: Port device team_slave_0 added
[  197.335373] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  197.343602] team0: Port device team_slave_1 added
[  197.626868] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  197.634202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  197.643266] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  197.932923] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  197.939968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  197.949067] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  198.221711] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  198.229346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  198.238407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  198.512307] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  198.519885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  198.528829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  200.947676] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.954327] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.963148] device bridge_slave_0 entered promiscuous mode
[  201.287630] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.294304] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.303326] device bridge_slave_1 entered promiscuous mode
[  201.608260] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  201.954890] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  202.022446] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.028911] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.035934] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.042460] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.051060] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  202.542011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  202.925656] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  203.264192] bond0: Enslaving bond_slave_1 as an active interface with an up link
04:58:48 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x13, 0x10, 0x3}, 0x2c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0xb, 0x5, &(0x7f00000003c0)=@framed={{}, [@map={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000440)='syzkaller\x00', 0x5, 0x401, &(0x7f0000000200)=""/144}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0xffffffffa0008002, 0xe, 0x4b, &(0x7f0000000500)="24ec708f71bbad850edf3c86955d", &(0x7f0000000480)=""/75}, 0x28)

[  203.540820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  203.548830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  203.878175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  203.885430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  204.780468] IPVS: ftp: loaded support on port[0] = 21
[  205.016194] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  205.024737] team0: Port device team_slave_0 added
[  205.396609] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  205.404868] team0: Port device team_slave_1 added
[  205.800197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  205.807389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  205.816361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  206.153709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  206.160778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  206.169794] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  206.537148] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  206.545230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  206.554446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  206.896552] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  206.904573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  206.913673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  207.780101] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.040358] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  210.397770] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  210.404294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  210.412386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  210.547036] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.553816] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.562353] device bridge_slave_0 entered promiscuous mode
[  210.903335] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.909811] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.916794] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.923305] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.932191] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  210.970250] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.976908] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.985680] device bridge_slave_1 entered promiscuous mode
[  211.414583] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  211.684127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  211.701159] 8021q: adding VLAN 0 to HW filter on device team0
[  211.774171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  212.760768] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  213.148125] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  213.536962] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  213.544264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  213.875321] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  213.882466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  214.199263] ip (6710) used greatest stack depth: 53040 bytes left
04:58:59 executing program 4:
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={&(0x7f0000000000), 0xc, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000210001010000000000000000020000000000000000000000040000000c001400158b7f0e6cdd72ea4cd05f30514b243c4d85c2bb9e5927320ea9b2fe58ab3a5f91542a767bc3c35398b480e0b124b0b1107a6bf11c2a5f0f868e39a39a391956639452cea1dd0fd2bc91ceaeeccc547936f7f8a8de631c8c6203b438bbd64ac2b00532923eee1c029245a4f4b9bde63b7c91fd5ef84591a4c36e3b9d9afe5b27ff38d85f4bbc761005898762027753edc32fa2feb5205069411d", @ANYRES32, @ANYRES32=0x0], 0x3}}, 0x0)

[  214.999694] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  215.008028] team0: Port device team_slave_0 added
[  215.448967] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  215.457827] team0: Port device team_slave_1 added
[  215.602642] IPVS: ftp: loaded support on port[0] = 21
[  215.889568] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  215.896945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  215.905822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  216.374779] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  216.382027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  216.391272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  216.796393] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  216.804114] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  216.813157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  216.937041] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.189481] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  217.197316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  217.206309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  218.429888] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  220.168330] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  220.175186] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  220.183273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
04:59:06 executing program 0:
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f000001b000)={@multicast2, @remote, @loopback}, 0xc)
recvmmsg(0xffffffffffffffff, &(0x7f0000004900)=[{{&(0x7f0000000340)=@nfc, 0x80, &(0x7f0000001780)=[{&(0x7f00000002c0)=""/91, 0x5b}], 0x100000000000005e, &(0x7f00000017c0)=""/116, 0x74}}], 0x1, 0x0, &(0x7f0000004a40))
syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ptype\x00')
preadv(r0, &(0x7f0000000140), 0x100000000000024e, 0x0)

[  221.729223] 8021q: adding VLAN 0 to HW filter on device team0
[  222.080513] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.087066] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.094086] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.100543] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.109042] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
04:59:07 executing program 0:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
r0 = memfd_create(&(0x7f0000000000)='+em1vboxnet1ppp0&\x00', 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000200))
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x0, 0x0)
bind$pptp(r1, &(0x7f0000000240)={0x18, 0x2, {0x1, @local}}, 0x1e)
r2 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x20000)
renameat(r1, &(0x7f0000000100)='./file0\x00', r2, &(0x7f0000000180)='./file0\x00')
mount(&(0x7f00000001c0)=ANY=[@ANYBLOB="4c853bd0378e972b420000000000000000"], &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='bpf\x00', 0x0, 0x0)

[  222.252219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
04:59:07 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82)
r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r2, r0, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

[  222.824392] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.830921] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.839601] device bridge_slave_0 entered promiscuous mode
[  223.377960] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.384703] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.393277] device bridge_slave_1 entered promiscuous mode
[  223.899927] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
04:59:09 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82)
r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r2, r0, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

[  224.313712] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
04:59:10 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82)
r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r2, r0, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

[  225.625999] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  226.072361] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  226.581729] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  226.588845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
04:59:11 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82)
r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r2, r0, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

[  226.990814] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  226.998106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
04:59:12 executing program 5:
r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x5, 0x4000)
ioctl$TIOCSCTTY(r0, 0x540e, 0x7ff)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000040)=0x3)
ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000080)="63220561dabf125059400cc1c9e8e525746ce8fe71e8f8fbc9a64709fd8fe2d18fba6d876a63767d2ae9b3d49515f1b81bf141db7f67252483c16fd944cb543b0455df44f81845f9d50dd0e1ad86d9c7f6da0792510676405d88122fb37a81a515cad8037d086bb5a0de7256f2a2bab182547e29770a8786ce1415478624e467525a9ea509a55732ed774baa61f1c49a04a2d1e014c2dea3028c67c6ba2bf0a0f1052f017648769e0e7f0f8a6e10d6b3ed85254b66ff9d36c1dbd021f8a735f829c86998a3de10fcad46c7dbdcf2081aba90de621f3cf4d70164077d8bf5e85b3fc89c007e634d345367d76a070c8d5b711e6f78eb98cedbb569c9c08eb1b500ad420bfcbbe17c138488fd729910da9bd6d3f40cb8bade0c8b11f751e773cd58dae02ba4beb3f3451e92f7bc279cee66f885e8371326668c3cc42be2c7f7e929ee180cce15f9e509715772dd686582dccf1842976b7b8a7d1401e6409d7271e41f6a59f9299086d0c9b55ab8ca140d26fde2bfb3a699bcc7879b012e5141457f4a20b2ec4a652f5c802bcf51aa59bc52ee1fb723a048d1f301d3ebf55ac87d0890835331f50767d60e6a8647d7596c8c77c6e2aab419df763596d842e0ab043f5c89087b0906355a5ee54bb7b2d3fda75bd0fe8ba7dca75bd503b831473001188cee5d465cd3d0502e04dc88ae77103eaffc7485075d7a01dd57fe440e05630320bf8e2556e6778d377f9543095b5b0950926077b29aab5ba54f9dbd3a3528f9c5c7906292b1c9d8c5ef70505456ba5db6c1b2b5591c5e8cfbafae1778a5ba253f5ab191ebab2e55a572ca97b4617f11d25f76966a188e13eab88f02bcc4e1e6ffd4791d577dcbe3be21c3b0288297e6500868cae1218b4f7711bf5747ade69ce06b6a29161d16e7b03b70964343fa61708cfb32536f89b21ef005141cff94c0a8ce63af3ce542a700d2b4997c349073e29815a5376b48c55e21993ac159ff815650ca60b320ce8055a7eccae59a5c8793dbb28085918c046e742cd2dc973a4f01f9760730ff0e95d220ad1a230bcb06ba5ecf72093b77d3dc96cb96b49e180244defdebcd7dfc8880ece26c55e5b85088460bf525f31d386908a08dea3e5485d1b92b0356c29759a16c2b79b0424fe38aa42aaf9f8688cb3ccd6dfc463db2fa2553c23018a651b1f4d319b52306002c44afd39c2aba86e3bf6e33584969612c54dd5b3277e72c139ce82b28129760b7b9f3e031d8358956f5b672aa23f6db72c67cad277ed567aae16ecde6f43613de21c9a27e507da953abdc1d378e2d6ce8797d5a102b3978fb0a90ce6e7a9fdc64d8eb65ce2bc66357a8e712510bed18b0dd3c923f35be3b127bb9d9644ece7ffc64150371f970e7561b56d53e0c2a1aa7a746c8fce5b5ee0d303ec5d72b98ea296fb91d164f02f21068be1508e3a0135c890e8fc4797011863d63dda3f0202a90c82788b204acf3321e582ec218592415d991c115fb5b4e7c1eb5c05360e7e6af55cf45d3dffe1e6c5c599d72aab25adcd2e7eb86836fd7b7d018551b73567c61f799d8c98e93a82e08f31727ba870921ebd3d52982a147be6354b13db4a473b2bfb4550ecc2342d16339a5665e3a90257e4a5673e3a10d4f466507c701de53923479320643dc6262599086458cae5b5339d35a8e297ed24ec57674d2990e3e3e47ef13c528ba4d63b499928b335b85db385209bd4cf6a921786c983bd4a2d369b846077361c10eb2233a112112356b6067cf3f1a8f0f5898918ced1981078b8b34a2781c6c6f670cfe3552e2d6c05992f8d2695afc92a9f3e31d57913c7414f6f49fb3c72fc23670a7d79d9ffcefa181e093873cd2d22c49d90b23145c75e0b8f08c1147a6885fbdf04a879dea9b37e8a9cbd675d2ee93f18d0974c07d75b8143aa159f5c2fb42b44d9baf0ab98c58c03ff484a5468b1c291aea606c0d73d79268f6c8fa1da0dab1c603e29c7c082a456ceab8acd1647ce33e8eb355a8ad1e1ac9a9faf5fa6b6d4a1cb4614d05b3d978e5f6a94aad948d57357345a94c8cda9f020d6f8548b06292bdf9cebd3cfa3b931ca3218bac54cee94bdfc2a42293123fcf1984e1f2d64d9ed8eb16bc31af159ae6656e8549c86cf021f121055725148d2a094d8f9838620475afc37c47edef04088eb3a455e56a729ccca4cc82b224327e5ea0942060e952daf66f637f5524f23286dfe8866bd4b12a813cec6d7ceb0696e40481adb92947a0af4a303e761c87feb989f7fc94968ffbb622b335d4c5a6a1c6e22677c4fffcb0a212576191d14223ca66d365d48180182b3f9f2ae41c21e7c8a789523abd3b8248ac78c63188b1242a0bc4556b1cf8668757438462b77f15b1bd97aaefd0d83ddc015d08028af002b52f7e65d2233d6372cfd5a48115d012bec038dd55c2964a4d9b003155aec672d736f226906ec5e66f368362b0adfa4772b2eeaeee263123f14520dfb3b8918a258d678300259404dfb3179b84414913186cb162ab2bc680a836adb4b2794e608597770e6b87287ae9815c8b862c37f41c53dc5fa3491e0c2f57d727088e5d84881bed8bca8262be7231430652bfdc383afa41aa941ef8eb3ba24e22d9dd52d5d6ff93900552bad38ec9cb37ca02502a76d5f56764a194c54e99f8738f67bd790a20dfb821b7e21a07344fcb7588c6e2d69195959c442957b5ca3c8ecc65fcb46f05795b7e839746a65d09eda6e9793e3671b24db5290d43ee2441dfbc4a614beb2690863ee05de2b19d7ed2c017c4925baaf279a88671d9127c8961fd4254c5976406c3fa7edd80abb9a87308e816bd3bd25492014135c8c90cb28b8cf519e4ff1e83522bd265c0d647eecefdce823a851b87d3f04b4248662cb8cb74fd2740bd621946ef036039c552823a8f527c5bcf0ae02771fd452148a6be57c61948db16a800312d8c95feced37a6b3a485d7708690ec3d9695a4dd52f63f31beda542a6bf440a168440e90c41f9743666075c226697ccf309c769970a10b927cf0adfde1b2bdbd1d63d616a1b1cab98c1e61b1a9f413fa27392d8896bb4a4f067bb4dc1bf18016a4d6faa94a238b87ad2fce1b9f0b23384c6234690d69b800a2ee832c72d6e47e44524c465a15a16a463ec272e129e54853b9000f409fe10a4023a8ff82e10c6fb289e9c18b1a76e7e1e2a1d6c20b640813501262d237fdafbba0c40c90027c0aef9a7bc200c9114430c0acba297c87323030f41c1334ff159eed0386a038059f62eaeb4173bd03ae0450fe500f5406f09854dadd4c583d8e856c55492c231709636e4b557cb096e04c060ba8d0456ef575faf8744efb22d23cbd283046fec0ee86d6d3901edcae7356400bdae5821ef35dd04e820b9f5aced84c78cf4997402541b83b0eaf49596e55ec32633ba7ace24f0e26cb94143243af5456e36072a0bc10432050acd710663cda0f5470369ac1f6338aa4ce2c41195cca8d2e04c81b7853f9ab10f5c0e66825b595e07bd95d2e8780a735d5e15e97e62dcf7480dcbbf0c6755983543d574986ae511218ec4ac0b24805467544074d47ad29a23e67c34c3187ca783361126c374f842b27b4edde9bc3d95e061eb4d5fa457f6f2321d075480e6c1de400610081d812be25c7d29e06707c031a19dce7d350aa74906b93beee606f9677d388cc0ff130126e65432b1cbffadc1095795631ea560d8115682c1bc2086ce32beb0fba605589f8c42dd592bb6d365b9b83fe55ca5bd20c79e11f39616ca3aa3f485fe69e09796d4c1e6ff9a3dcc57a94b5baf2d3adace33eba85abaefb14033ac7d6d986d4ed844ca04741b5208346dc18cf4090f47b58b0d8030604c45eb4656fa779c29ca38771975c14da832bc201535358c3a377a329866a926da758e790aadaa657df697894d6d339e40de03e9e8c6dc53b7a7d0398f2ef97acf14f69f0dba46d05b8c8ad51901fbe75f0c7d1fb61b55aca6bf7020c332220e80a2373b7890b14ccc86099087a242e481dbcbdd50ab1343ad7a5af32378517f042072d80f1beca75377c7ff473a70ef0c331ce7573446cd3fdc024ea7032c59881fba521e9ba16ee947f7a1847a86d1fee2b91e24179fccdf6f5b20e6380b08dfce0f36f49984f542a5b36137a8974043eb8fbd7cdcdbc4bd7259c845571ce44f94986117501c10e8c7de252243070a4133a1f361d049401b71bdc453b371e15453f6ff55f6f1f4c6bd9fd77b425d35486dffe1f2447f3f291d64ad796e9145fe932652b6fa94f9b36df1f400bd578b9393b6d19e44a3f0d3b4fec2950f7266a44bac75f04c937d48ffaa39e5af9132251bf7bab0a387eea33bd90c8d9f4095986f698c853976ae0bae7d05f2acab2d81dd014c24f7f28d441594d450940a987db61fa152e915f854ce081e9f2e9dd2d36b75b24ce396bf41765d43340b53ec968f692e0d1ba83e10f158502b90bf69ee6981a6a07e3ff965dc7a15a9d8fa6c93dd22c02e2d3520f7c1ccd949c7a013c8116fac0471cf8f9c8cac6d9c258e9d39ab68c8493ddbeec5e359adfaf6231b91119ef0f67b6ec170c0d935a8e40028900f665fa45d774e98bbfe00a2adde27b5ba0dae3e3a5396b2e7853ee86ed874ff8211f367f1ad5fd6bff225937908ce11563c72ad6628ced482a1dd9c5b77463dd4c7634e0bdd103eabf9c9c6092bc56ed8b86d01e455a2c4fd8bb7ba160fde7711614eb5283fb0b9dcb3f2814eece9c7548f7ec2bbc5b1e585e1166c9bd285a20f570bf9cf5c7084db9ee24283334b77819f07672f3ccd9f2407984d99a96ce7ca0b826d93b4f24bcc4b77442ff2b2f914af204a62c74ffe80121c824d9e400c26a4f93651cb0c7f6e6c02b7ebbd7c485fba736b4270e29a52b4ef519b46a5333bea7fc8f1182207638cf4a70c149bd15692bffd8f0a1bcbc83200b0274fab3a4b63bd8b97ea580968625daf2eb6fe0a4a2e8a76432956bef4dbe539adb5bef5c4f10148c330953c6648bce680af1c5f8f408dcf42b56bd12f87377cb05d5763aab754c3ca761096b2a8c321a466b97adec72834984cf882fc704c7c38eb7f1864d80e63f3d91c6063d407f9174c584c76f25492346768cd1d8a2d611293eb7ceea6457956b5791ed779e1d4c427661959e0f6509dc03025829d33f1b5ead79623f68f54fbac85cd495eed48dfcbce88de84bc25f482582e24d8d91685c58b2162a03459c111d2fe7c8604c82e7b1f1e0d72c9f029df0f211443bd96c2843b3267010d5d813ac5b0a371541eee6d1910a8ee36635eb05a9864a7c0fffbf9aa2b3a85a0daa6ce1b0d24185d9170913e15bbf1043ccb914f34837d0b36aa9b4adc2d0b5db7ac6321188bcd24acd9c17ecf6571f6731752cc21e8d3e4e2751ee9c8c85889caab317b4f2bdc822d9fcbef69019aadd0318be6d16fe850a821ccf6c8e13d6b85ace6e4b380fd12fa5b60a03a26131649b6898b03e6a1bd76d28c4bda5d695a453f943d28c0421ea669e1a541b96054aca22589fcc0b4163d4b0a643ae1bc2f022dadffdc1e4b633d1c7a59b04f91f873a99d70835901190458be43dfe92c3ae465a43b34e1175a27036e8ddfb0e162f01f72f657df92f3a09bb41d2f75196c984c9963eac0f68641c90dfbbcd26f693c9a4fd9eab83bbeedc75b55e31c2b5bca1751fc26e4dcecf0f2adf2beda5acf03a1f5cd9c1f419bab2fb09e64b9b5285607d711bda18635f7f326e3a996a1769f288efe73cd7a1ebff27ff4b9b9e43ae78c3a5930aedc7bf1f611ef405a875519d5c6fd43")
ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f0000001080))
ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f00000010c0)={0x8, 0xfffffffffffffda8, 0x6, 0xdf, 0x1a8, 0x9})
fsetxattr$security_ima(r0, &(0x7f0000001100)='security.ima\x00', &(0x7f0000001140)=@v2={0x5, 0x3, 0x9, 0x10001, 0x1e, "22b2bb3ca583d6bba3048542020af1c74e262ffb4c6bc89b289c93be885e"}, 0x28, 0x2)
fcntl$setstatus(r0, 0x4, 0x2000)
write$smack_current(r0, &(0x7f0000001180)='security.ima\x00', 0xd)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000011c0)={0x0, 0x3, 0x7, 0x6})
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000001200)={{{@in, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000001300)=0xe8)
getresgid(&(0x7f0000001340)=<r2=>0x0, &(0x7f0000001380)=<r3=>0x0, &(0x7f00000013c0)=<r4=>0x0)
fchown(r0, r1, r2)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001400)='/dev/ptmx\x00', 0x0, 0x0)
write$uinput_user_dev(r0, &(0x7f0000001440)={'syz0\x00', {0x9, 0x632dea7d, 0xbf2d, 0x5}, 0x3c, [0x9, 0x5, 0x2, 0x3, 0x20, 0x80000001, 0x80000000, 0x2, 0x0, 0x1, 0x7, 0x3, 0x200, 0x4, 0xff, 0x2, 0x7, 0x3, 0x3, 0xb57c, 0x7, 0x4, 0x100000000, 0x6, 0x81, 0x3, 0xffffffffffffff00, 0x7, 0x10000, 0xfffffffffffff001, 0x2, 0x6, 0xffff, 0x4, 0x20, 0x20, 0x3, 0x7, 0xff, 0xffff, 0x0, 0x9, 0x6f, 0x2, 0xdc5, 0x10001, 0x100000000, 0x0, 0x9, 0x8, 0x5, 0x7, 0x0, 0x9, 0xffffffff, 0x1, 0x7, 0x9, 0x688b, 0x8, 0x2, 0x9, 0xc6a0, 0x2], [0x7, 0xa5a4, 0xdb8, 0x14, 0x6, 0x2000000000, 0x7ff, 0x401, 0x5, 0xea3, 0x200, 0x7fffffff, 0xffff, 0x4ea, 0x8001, 0x7f, 0x0, 0x8, 0x7fffffff, 0x2000000000000000, 0x8, 0x8, 0x0, 0xb2, 0x0, 0x3, 0xc84, 0x4, 0x2, 0x5000000, 0xfff, 0x9, 0x1, 0x1000, 0x8000, 0x3ff, 0x0, 0x0, 0xfff, 0x7, 0x7805, 0x9, 0xff, 0x400, 0x6, 0x101, 0x100000000, 0x3, 0xec, 0x9, 0x3ff, 0x40, 0xffff, 0x6, 0x5, 0x4, 0x9, 0x3, 0x800, 0x4, 0x8, 0x3, 0x4, 0x3ff], [0x7, 0x9, 0x5, 0x6, 0x9, 0x7ff, 0x5, 0x80000000, 0x1, 0xd6bb, 0x0, 0x3, 0xffff, 0x8, 0xf7, 0x0, 0x5, 0x1dc4, 0x3, 0x6, 0x6, 0x711d029, 0x57, 0xfff, 0x9, 0x7, 0xfffffffffffff800, 0x9, 0x2, 0xa8e, 0x8, 0xfffffffffffffe9d, 0x4, 0x7, 0xae, 0x9, 0x20, 0xa261, 0x0, 0x34, 0x9, 0x8c3b, 0x1000, 0xfb, 0x6, 0xfffffffffffffffb, 0x3, 0x1000, 0xfffffffffffffffa, 0xfd2, 0x1, 0x9, 0x400, 0x7fff, 0x2, 0x81, 0x0, 0x7, 0x4, 0x0, 0x20, 0xea57, 0x4, 0x8000], [0x8, 0x4f, 0x4, 0xf8, 0x6, 0x7, 0x2, 0x3, 0x0, 0x7f, 0x0, 0x7, 0x4, 0x0, 0x4, 0xe9, 0x3ff, 0xa48, 0x8000, 0x7, 0x1, 0xffffffff, 0x1, 0x259f, 0x9, 0x0, 0x3, 0xda2, 0x8, 0x1000, 0x3, 0x2, 0x3c1, 0xff, 0x3, 0x40, 0x929, 0x3f, 0x8, 0x4, 0x4, 0x200, 0x2, 0x3ff, 0x8000, 0x80000001, 0x5, 0x348d, 0xa8b, 0x4, 0xfffffffffffffa03, 0x20, 0x100000001, 0x81, 0xfffffffffffffff7, 0x5, 0x4, 0x8, 0xfff, 0xffffffffffffffc0, 0x3, 0x1f, 0x1, 0x5]}, 0x45c)
timer_create(0x6, &(0x7f0000001980)={0x0, 0x25, 0x3, @thr={&(0x7f00000018c0), &(0x7f0000001900)="bf065270318518d0ffd68cc918826b7682cd795d1dc5a929e93bed7f185ff46a5c0868dae2d65826b35524e0d24af1185d3341fe8151b34bfe8556a279a85463e01423239b899e19923f8ef94bc7281209348b7cff4505fadc6a0605533f53bb0f2eabab04a0f05492c62dea8b"}}, &(0x7f00000019c0)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000001a00)={{0x77359400}, {0x0, 0x1c9c380}}, &(0x7f0000001a40))
r7 = syz_open_dev$ndb(&(0x7f0000001a80)='/dev/nbd#\x00', 0x0, 0x0)
syncfs(r7)
ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x12c)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000001ac0)=0x1)
r8 = getpgid(0x0)
r9 = gettid()
lstat(&(0x7f0000001e00)='./file0\x00', &(0x7f0000001e40)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
sendmsg$unix(r0, &(0x7f0000001f80)={&(0x7f0000001b00)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000001dc0)=[{&(0x7f0000001b80)="4529fa2b71b8413ce9c4be1eaa068ae133578b74c90837c26033a826ba00a81110a3edea11c06635ae8935e5b805f51468cb5bfacedd2742d05d7b1e144b70dc877c053d9b873997c3172fe69d472c4bb196aaee1a0384344527cb95d005b261e8a0f98f63bf1da56cf60fca033c6ae7b2c2744f03dac24be3b566098b14c0fa4cbe3fb2f06dc17918bb9ad50942db4d10b035f0db60878256acef6ed452f8b128b7c52862de1cdd5e63017abc055f3f72b72478b87eb4bf353d605812d4849f3cab3942", 0xc4}, {&(0x7f0000001c80)="2bb8d33010934a7dc5cddc905921dde60db2c8a37353afb0082b9a0afe300df256eff9b7c086fa9730745d469bf0bef2846bd16d5aa4f44175434a581a42ccfb00e76695e88ff6cbdc9ac90baad14b35f62f64743164da46790dedbb203798bd08338c4286af2ca50082823622a0c2d0d284730169d38b57645ca05a38a650a9fd7f1b4137694a0bf0cc", 0x8a}, {&(0x7f0000001d40)="f8961e59256c3307a26550b62b0c330dd5b18634669b7b4333e6b9cfb6a0a8250837c0882139f6235c33c8706502d3284061853306b423250fdd85f280648e3e887c37d9fb83311ca383a0f912bada1e2bc8e09fe24a164b773d2dda8780dd797d86beee28507b5faefd04e191260222fe0e212e6889a1406c35f8", 0x7b}], 0x3, &(0x7f0000001ec0)=[@cred={0x20, 0x1, 0x2, r8, r1, r4}, @rights={0x30, 0x1, 0x1, [r5, r5, r0, r0, r0, r7, r5]}, @cred={0x20, 0x1, 0x2, r9, r10, r3}, @rights={0x20, 0x1, 0x1, [r0, r7, r0, r5]}], 0x90, 0x80}, 0x20040000)
write$USERIO_CMD_REGISTER(r0, &(0x7f0000001fc0), 0x2)
ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000002040)={0x6, {0x2, 0x4e21, @local}, {0x2, 0x4e24, @multicast1}, {0x2, 0x4e24, @multicast2}, 0x204, 0x5, 0x1, 0x9, 0x6, &(0x7f0000002000)='veth0_to_bond\x00', 0x0, 0x401, 0xfffffffffffffffe})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x10)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000002100)={0x6, &(0x7f00000020c0)=[{}, {}, {}, {}, {}, {<r11=>0x0}]})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r0, 0x4010641c, &(0x7f0000002240)={r11, &(0x7f0000002140)=""/211})

04:59:13 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82)
r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r2, r0, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

[  228.209473] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.386375] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  228.394609] team0: Port device team_slave_0 added
[  228.785282] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  228.793531] team0: Port device team_slave_1 added
[  229.179120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  229.186473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  229.195327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  229.361876] IPVS: ftp: loaded support on port[0] = 21
[  229.638116] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  229.654223] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  229.661307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  229.670245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  230.066521] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  230.074345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  230.083305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  230.318077] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  230.325786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  230.334685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  231.099117] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  231.107495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  231.115532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
04:59:17 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x14)

[  232.526750] 8021q: adding VLAN 0 to HW filter on device team0
[  234.009537] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.016166] bridge0: port 2(bridge_slave_1) entered forwarding state
[  234.023257] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.029730] bridge0: port 1(bridge_slave_0) entered forwarding state
[  234.038884] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  234.312332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  234.834714] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.841203] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.849848] device bridge_slave_0 entered promiscuous mode
[  235.170522] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.177173] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.185818] device bridge_slave_1 entered promiscuous mode
[  235.407081] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  235.640540] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  236.544047] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  236.923792] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  237.103593] 8021q: adding VLAN 0 to HW filter on device bond0
[  237.275428] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  237.282621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  237.528255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  237.535585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  238.011495] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  238.349967] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  238.358126] team0: Port device team_slave_0 added
[  238.531497] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  238.539864] team0: Port device team_slave_1 added
[  238.873280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  238.880348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  238.889338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  239.038205] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  239.044723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  239.052855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  239.127098] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  239.136469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  239.145407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  239.347862] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  239.355548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  239.364763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  239.616728] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  239.624542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  239.633517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  240.093944] 8021q: adding VLAN 0 to HW filter on device team0
04:59:25 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x5, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b7000000020001ffbfa30000000000000703000028feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000014d400500000000005504000001ed00002f040000000000006f460000000000006b0a00fe000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000100)='EPL\x00'}, 0x48)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={@broadcast, @multicast2}, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f00000000c0)=0xd, 0x4)

[  242.194090] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.200629] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.207641] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.214173] bridge0: port 1(bridge_slave_0) entered forwarding state
[  242.223367] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  242.229912] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  244.946056] 8021q: adding VLAN 0 to HW filter on device bond0
04:59:30 executing program 3:
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x800)
r1 = dup(r0)
r2 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendfile(r1, r2, &(0x7f0000000040), 0x0)

[  245.773575] hrtimer: interrupt took 62037 ns
[  245.816032] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  246.481213] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  246.487736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  246.495628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  247.037322] 8021q: adding VLAN 0 to HW filter on device team0
[  249.415880] 8021q: adding VLAN 0 to HW filter on device bond0
[  249.966764] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  250.451522] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  250.458096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  250.466196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
04:59:35 executing program 4:
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x800)
r1 = dup(r0)
r2 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0)
ftruncate(r2, 0x280080)
sendfile(r1, r2, &(0x7f0000000040), 0x2008000fffffffe)

04:59:35 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82)
r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r2, r0, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

04:59:35 executing program 1:
clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb)
sendmmsg$inet_sctp(r1, &(0x7f0000008d40)=[{&(0x7f0000000100)=@in={0x2, 0x0, @dev}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000140)='X', 0x1}], 0x1, &(0x7f00000004c0)}], 0x1, 0x0)
writev(r1, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xfffffffffffffe4e, 0x0, &(0x7f00000000c0), 0x6)
dup(r0)

04:59:35 executing program 3:
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsetxattr(0xffffffffffffffff, &(0x7f0000000240)=@random={'btrfs.', '/proc/thread-self/attr/current\x00'}, &(0x7f0000000280)='self#/(+\x00', 0x9, 0x0)
sendfile(r1, r2, &(0x7f0000000040), 0x0)

04:59:35 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000240)={{{@in=@multicast1, @in6=@remote}}, {{@in=@local}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f0000000340)=0xe8)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x40096101, &(0x7f0000000040))
sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0)
socket$inet6(0xa, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000140)="2b8b8a16114fdddf6b284699df92d53e6f4a02759b9461ac", 0x3)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000c40)=ANY=[], 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x0)
pwrite64(r3, &(0x7f0000000080), 0x0, 0x0)

[  250.630824] QAT: Device 0 not found
04:59:35 executing program 3:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x8001000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f0000000280)=0x2000007, 0x4)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000100)=0x5, 0x4)
sendto$inet(r1, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000fd9ff0)={0x2, 0x4e20, @local}, 0x10)
recvmsg(r1, &(0x7f00000000c0)={&(0x7f0000000840)=@hci, 0x80, &(0x7f0000001b00), 0x0, &(0x7f0000001b80)=""/4096, 0x1000}, 0x2000)

[  250.944431] QAT: Device 0 not found
04:59:36 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000240)={{{@in=@multicast1, @in6=@remote}}, {{@in=@local}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f0000000340)=0xe8)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x40096101, &(0x7f0000000040))
sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0)
socket$inet6(0xa, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000140)="2b8b8a16114fdddf6b284699df92d53e6f4a02759b9461ac", 0x3)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000c40)=ANY=[], 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x0)
pwrite64(r3, &(0x7f0000000080), 0x0, 0x0)

[  251.183340] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  251.337897] QAT: Device 0 not found
[  251.808015] 8021q: adding VLAN 0 to HW filter on device team0
04:59:38 executing program 5:
r0 = socket$inet6(0xa, 0x3, 0x800000000002)
ioctl(r0, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x7df8000000000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000002200010000000000000000000400000010001100e2abb4ec7645192056d52f0040e23dddf3a511edbb60a69df368017bea53f472a72e25732a20e59e35d1e998712d07ada3cb7d867d1d9e9c3baf900686c532ed31b5b9ff8f152409dcec5c05b9741c3cece72c4e5f9f31bd84d1dd4061b5cfef6b25fbcad97f1c8bcb94c588af35e95db07ead33aeac77d98390e75f4f54d85e0ea2911889c82327ebeee9a5a492fbd2826dd23010320a02279fe3ab47a9c0744a"], 0x1}}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)

04:59:38 executing program 4:
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x800)
r1 = dup(r0)
r2 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0)
ftruncate(r2, 0x280080)
sendfile(r1, r2, &(0x7f0000000040), 0x2008000fffffffe)

04:59:38 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000240)={{{@in=@multicast1, @in6=@remote}}, {{@in=@local}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f0000000340)=0xe8)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x40096101, &(0x7f0000000040))
sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0)
socket$inet6(0xa, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000140)="2b8b8a16114fdddf6b284699df92d53e6f4a02759b9461ac", 0x3)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000c40)=ANY=[], 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x0)
pwrite64(r3, &(0x7f0000000080), 0x0, 0x0)

04:59:38 executing program 1:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000280)=0x2000007, 0x4)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000100)=0x5, 0x4)
sendto$inet(r0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000fd9ff0)={0x2, 0x4e20, @local}, 0x10)
recvmsg(r0, &(0x7f00000000c0)={&(0x7f0000000840)=@hci, 0x80, &(0x7f0000001b00), 0x0, &(0x7f0000001b80)=""/4096, 0x1000}, 0x2000)

04:59:38 executing program 3:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x8001000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f0000000280)=0x2000007, 0x4)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000100)=0x5, 0x4)
sendto$inet(r1, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000fd9ff0)={0x2, 0x4e20, @local}, 0x10)
recvmsg(r1, &(0x7f00000000c0)={&(0x7f0000000840)=@hci, 0x80, &(0x7f0000001b00), 0x0, &(0x7f0000001b80)=""/4096, 0x1000}, 0x2000)

04:59:38 executing program 0:
r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82)
r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(r2, r0, &(0x7f0000000000), 0x2000005)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
ioctl$LOOP_CLR_FD(r0, 0x4c01)

[  253.816841] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  253.864254] QAT: Device 0 not found
04:59:39 executing program 2:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
prctl$seccomp(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffff9}]})
mknodat(r0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
utimensat(r0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0)

04:59:39 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f0000002480)={@ipv4={[], [], @loopback}, @loopback, @remote, 0x0, 0x0, 0x0, 0x400, 0xda5, 0x200})

04:59:39 executing program 5:
perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x8, 0x0, 0x0, 0x0, 0x1000, 0x7}, {0x0, 0xfffffffffffffff8, 0x0, 0x0, 0x2, 0xfffffffffffffff9, 0x0, 0x6, 0x0, 0x2}, {0x57b, 0x0, 0x7fff, 0x0, 0x1, 0x4, 0x0, 0x8, 0x0, 0xb8fd, 0x1}], 0x401})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="82780000260f017731f3d87e0b0f20e06635000020000f22e066b9800000c00f326635002000000f30640f02d766b8008000000f23d80f21f86635400000f00f23f8db13b85f078ee82e0f01cf"}], 0xaaaaaaaaaaaac60, 0x0, &(0x7f0000000100), 0x330)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x4b564d02, 0x1]})
getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={@empty, @multicast2, @local}, &(0x7f0000000140)=0x5)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x541b, 0x0)

04:59:39 executing program 3:
r0 = socket$inet6(0xa, 0x803, 0x3)
ioctl(r0, 0x8001000008912, &(0x7f0000000000)="0a5c2d023c126285718070")
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f0000000280)=0x2000007, 0x4)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000100)=0x5, 0x4)
sendto$inet(r1, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000fd9ff0)={0x2, 0x4e20, @local}, 0x10)
recvmsg(r1, &(0x7f00000000c0)={&(0x7f0000000840)=@hci, 0x80, &(0x7f0000001b00), 0x0, &(0x7f0000001b80)=""/4096, 0x1000}, 0x2000)

04:59:39 executing program 1:

[  254.316896] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  254.360953] kauditd_printk_skb: 2 callbacks suppressed
[  254.361000] audit: type=1326 audit(1539147579.410:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7859 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3da code=0xffff0000
[  254.455470] ==================================================================
[  254.462927] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830
[  254.470599] CPU: 1 PID: 7865 Comm: syz-executor5 Not tainted 4.19.0-rc4+ #65
[  254.477803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  254.487180] Call Trace:
[  254.489809]  dump_stack+0x306/0x460
[  254.493473]  ? vmx_set_constant_host_state+0x1778/0x1830
[  254.498993]  kmsan_report+0x1a2/0x2e0
[  254.502843]  __msan_warning+0x7c/0xe0
[  254.506690]  vmx_set_constant_host_state+0x1778/0x1830
[  254.512021]  vmx_create_vcpu+0x3e6f/0x7870
[  254.516287]  ? kmsan_set_origin_inline+0x6b/0x120
[  254.521165]  ? __msan_poison_alloca+0x17a/0x210
[  254.525876]  ? vmx_vm_init+0x340/0x340
[  254.529789]  kvm_arch_vcpu_create+0x25d/0x2f0
[  254.534322]  kvm_vm_ioctl+0x13fd/0x33d0
[  254.538330]  ? __msan_poison_alloca+0x17a/0x210
[  254.543032]  ? do_vfs_ioctl+0x18a/0x2810
[  254.547117]  ? __se_sys_ioctl+0x1da/0x270
[  254.551288]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  254.556156]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  254.561030]  do_vfs_ioctl+0xcf3/0x2810
[  254.564959]  ? security_file_ioctl+0x92/0x200
[  254.569508]  __se_sys_ioctl+0x1da/0x270
[  254.573526]  __x64_sys_ioctl+0x4a/0x70
[  254.577439]  do_syscall_64+0xbe/0x100
[  254.581280]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  254.586575] RIP: 0033:0x457579
[  254.589786] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  254.608907] RSP: 002b:00007f98581b7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  254.616649] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  254.623939] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  254.631239] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  254.638529] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98581b86d4
[  254.645819] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  254.653123] 
[  254.654760] Local variable description: ----dt@vmx_set_constant_host_state
[  254.661781] Variable was created at:
[  254.665524]  vmx_set_constant_host_state+0x2b0/0x1830
[  254.670738]  vmx_create_vcpu+0x3e6f/0x7870
[  254.674985] ==================================================================
[  254.682354] Disabling lock debugging due to kernel taint
[  254.687811] Kernel panic - not syncing: panic_on_warn set ...
[  254.687811] 
[  254.695204] CPU: 1 PID: 7865 Comm: syz-executor5 Tainted: G    B             4.19.0-rc4+ #65
[  254.703793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  254.713161] Call Trace:
[  254.715776]  dump_stack+0x306/0x460
[  254.719446]  panic+0x54c/0xafa
[  254.722710]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  254.728188]  kmsan_report+0x2d3/0x2e0
[  254.732038]  __msan_warning+0x7c/0xe0
[  254.735885]  vmx_set_constant_host_state+0x1778/0x1830
[  254.741712]  vmx_create_vcpu+0x3e6f/0x7870
[  254.745987]  ? kmsan_set_origin_inline+0x6b/0x120
[  254.750861]  ? __msan_poison_alloca+0x17a/0x210
[  254.755580]  ? vmx_vm_init+0x340/0x340
[  254.759496]  kvm_arch_vcpu_create+0x25d/0x2f0
[  254.764032]  kvm_vm_ioctl+0x13fd/0x33d0
[  254.768045]  ? __msan_poison_alloca+0x17a/0x210
[  254.772746]  ? do_vfs_ioctl+0x18a/0x2810
[  254.776826]  ? __se_sys_ioctl+0x1da/0x270
[  254.781011]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  254.785879]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  254.790743]  do_vfs_ioctl+0xcf3/0x2810
[  254.794673]  ? security_file_ioctl+0x92/0x200
[  254.799204]  __se_sys_ioctl+0x1da/0x270
[  254.803216]  __x64_sys_ioctl+0x4a/0x70
[  254.807130]  do_syscall_64+0xbe/0x100
[  254.810968]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  254.816186] RIP: 0033:0x457579
[  254.819394] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  254.838316] RSP: 002b:00007f98581b7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  254.846385] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  254.853674] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  254.860957] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  254.868255] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98581b86d4
[  254.875537] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  254.884007] Kernel Offset: disabled
[  254.887647] Rebooting in 86400 seconds..