[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   51.267015] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.
[   51.585965] audit: type=1800 audit(1538953681.643:29): pid=5863 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   53.823716] random: sshd: uninitialized urandom read (32 bytes read)
[   54.194179] random: sshd: uninitialized urandom read (32 bytes read)
[   55.667174] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts.
[   61.402167] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/07 23:08:13 fuzzer started
[   65.618059] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/07 23:08:17 dialing manager at 10.128.0.26:36867
2018/10/07 23:08:17 syscalls: 1
2018/10/07 23:08:17 code coverage: enabled
2018/10/07 23:08:17 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/07 23:08:17 setuid sandbox: enabled
2018/10/07 23:08:17 namespace sandbox: enabled
2018/10/07 23:08:17 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/07 23:08:17 fault injection: enabled
2018/10/07 23:08:17 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/07 23:08:17 net packed injection: enabled
2018/10/07 23:08:17 net device setup: enabled
[   70.677110] random: crng init done
23:10:00 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0xc00000000000000, &(0x7f0000000040)={0xa, 0x4, 0x6340, 0x3f, 0x0, 0xffffffffffffff9c, 0x0, [0x24000000000002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32000]}, 0x2c)

[  170.663966] IPVS: ftp: loaded support on port[0] = 21
[  172.692102] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.698552] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.706875] device bridge_slave_0 entered promiscuous mode
[  172.827715] bridge0: port 2(bridge_slave_1) entered blocking state
[  172.834305] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.842584] device bridge_slave_1 entered promiscuous mode
[  172.964355] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  173.085722] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  173.460147] bond0: Enslaving bond_slave_0 as an active interface with an up link
23:10:03 executing program 1:
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000010000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f0000000140)=""/85, 0x210}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x8}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0x36e}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400})

[  173.623454] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  174.256351] IPVS: ftp: loaded support on port[0] = 21
[  174.495365] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  174.503349] team0: Port device team_slave_0 added
[  174.695165] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  174.703097] team0: Port device team_slave_1 added
[  174.921960] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  174.929956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  174.938886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  175.131156] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  175.294122] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  175.301955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  175.310661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  175.491352] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  175.498937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  175.507951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  177.045292] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.051914] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.059983] device bridge_slave_0 entered promiscuous mode
[  177.266342] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.272866] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.280954] device bridge_slave_1 entered promiscuous mode
[  177.543051] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  177.770836] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  177.905200] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.911767] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.918603] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.925160] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.933590] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  178.221877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  178.293601] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  178.492993] bond0: Enslaving bond_slave_1 as an active interface with an up link
23:10:08 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$nl_route(r0, &(0x7f0000000580)={&(0x7f0000000000), 0xc, &(0x7f0000000540)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0048000001420000"], 0x1}}, 0x0)

[  178.720735] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  178.727971] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  178.995736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  179.002961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  179.589209] IPVS: ftp: loaded support on port[0] = 21
[  179.799783] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  179.807815] team0: Port device team_slave_0 added
[  180.045729] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  180.053792] team0: Port device team_slave_1 added
[  180.386132] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  180.393307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  180.401929] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  180.697322] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  180.704562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  180.713447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  181.012718] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  181.020208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  181.029201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  181.290905] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  181.298983] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  181.307717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  183.581205] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.587777] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.596157] device bridge_slave_0 entered promiscuous mode
[  183.862587] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.869030] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.877427] device bridge_slave_1 entered promiscuous mode
[  184.041074] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.047574] bridge0: port 2(bridge_slave_1) entered forwarding state
[  184.054506] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.060923] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.069280] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  184.101169] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  184.384114] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  184.571919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  185.093460] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  185.416276] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  185.650812] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  185.657953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
23:10:15 executing program 3:
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f00000001c0), 0xfffffef3)
r2 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x24000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  185.973824] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  185.980916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  186.775464] IPVS: ftp: loaded support on port[0] = 21
[  187.021212] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  187.029116] team0: Port device team_slave_0 added
[  187.345242] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  187.353264] team0: Port device team_slave_1 added
[  187.566001] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  187.574483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  187.583087] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  187.877106] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  187.884234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  187.892864] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  188.176278] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  188.183954] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  188.192992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  188.329926] 8021q: adding VLAN 0 to HW filter on device bond0
[  188.496117] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  188.503773] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  188.512362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  189.461411] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  190.475612] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  190.482096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  190.489757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  191.664786] 8021q: adding VLAN 0 to HW filter on device team0
[  192.033792] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.040234] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.048481] device bridge_slave_0 entered promiscuous mode
[  192.110991] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.117536] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.124484] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.130914] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.139383] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  192.380631] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.387204] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.395558] device bridge_slave_1 entered promiscuous mode
[  192.572234] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  192.736015] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  193.083325] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  193.922594] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  194.234894] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  194.522806] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  194.533800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  194.802086] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  194.809146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
23:10:25 executing program 4:
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000000), 0x14)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000040))
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x34000}], 0x1, &(0x7f0000001400)=""/123, 0x7b}, 0x0)

[  195.895534] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  195.903491] team0: Port device team_slave_0 added
[  196.161987] IPVS: ftp: loaded support on port[0] = 21
[  196.333917] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  196.341995] team0: Port device team_slave_1 added
[  196.642953] 8021q: adding VLAN 0 to HW filter on device bond0
[  196.654630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  196.661789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  196.670380] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  197.124608] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  197.142865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  197.151747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  197.490025] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  197.497844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  197.506722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  197.831462] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  197.839205] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  197.848027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  198.117830] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  199.561369] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  199.567883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  199.575694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
23:10:29 executing program 0:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x32, &(0x7f000018f000)={@broadcast, @random="fb3d90cd1f53", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d73cde", 0x0, "f53475"}}}}}}, 0x0)

23:10:30 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x20082, 0x0)
setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000240)=0x3, 0x4)
mq_notify(r1, &(0x7f0000000200)={0x0, 0x19, 0x6, @thr={&(0x7f00000000c0)="ac40f2", &(0x7f0000000100)="1f67c5a0636b9888e3d30e286bfd806888e028feace590eb150583b5a09edf123be7bf83bd106a0b515adc1d60af8653f866065da4fb84b5df73550e47491e51a3a974cf0f58c78f5a55fbc83e96d06caba2dd34f3012646f2808641ce244020e2ea356fe1df0ade4ff29123b0322ba5f9c26a7feeecf8bac1b6dfb7b23a6b4a10fe176d68326436a7ca9cf7e4872b49b06af2763ac3b7e5c94d658cafb6b5f64fb9dc50a32e95b89be81e1b10b715720be118d1df70ec08305af9e36a6b5ca6e83c1e980a2ccfcb3ad06549da7669b80bf23472a4c9b3c4438cc34055831600545b8a72fc527fbc1220b9ded1d01a597a54d15215855997e145ab41"}})
r2 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$inet6_int(r2, 0x29, 0x3, &(0x7f0000534000), &(0x7f0000000040)=0x4)
ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0)

23:10:30 executing program 0:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f4634418dd25d766070")
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x50002, 0x0)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000000080)=""/104, &(0x7f0000000100)=0x68)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = socket$nl_generic(0xa, 0x3, 0x10)
socket$l2tp(0x18, 0x1, 0x1)
setsockopt$netlink_NETLINK_RX_RING(r2, 0x29, 0x6, &(0x7f0000000140)={0x14, 0x0, 0x1, 0x25}, 0x16)

23:10:31 executing program 0:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0)
statx(r0, &(0x7f0000000140)='./file0\x00', 0x400, 0x80, &(0x7f0000000180))
pwrite64(r0, &(0x7f0000000080)="45037b57804d8a366ab8e7060e11351dea51f23a9f99d282caf3130b453a297323bf98c84936feb45094cae327fba3bc9ef02278aed2de28f3c6d221790770cf4916b327fd7b6199608054d17b14032de96a03b7c225745dcb22c465858efd8e5bca0554ec526428201b9c1e2ba808411ea84265a9874d4308f804048803503dd21f7c58cd6d3168477f611bad5a8f66e6163af377bf137e39bafb", 0x9b, 0x0)
getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f0000000280)=""/69, &(0x7f0000000040)=0x45)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x4004510f, &(0x7f0000b18000)={{}, {0x0, 0xfffffdfd}})

[  201.114894] 8021q: adding VLAN 0 to HW filter on device team0
23:10:31 executing program 0:
keyctl$session_to_parent(0x12)
r0 = socket$inet(0x10, 0x3, 0xc)
getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffff9c, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={<r1=>0x0, 0x9}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={r1, 0xd591}, 0x8)
sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2400000009061f001cfffd946fa2830020200a0003ff0900010006e700000000a3a20800", 0x24}], 0x1}, 0x0)

[  201.614804] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'.
[  201.673821] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'.
23:10:31 executing program 0:
r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.capability\x00', &(0x7f0000000100)=@v3, 0x18, 0x0)
ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f0000000200)=ANY=[@ANYBLOB="9054af18d261b393a7469ad3e3249ff5c55faf3595f66199ea5a04b9f79332dccb542a843087fc200dc6976959efaf7ce72b3d83d4ffd0d09efba6c83338b823f92fc517ff23497459733494e3051d8e519aa995a7bbb97f520a1923c3aaee86081a87629019312065707eb7f6abe080f06d771c2567e0fcfdd9df28f0e557ce067a136c6813333f036f267b717428"])
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='security.capability\x00', &(0x7f00000001c0)=@v2, 0x14, 0x1)

23:10:32 executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@my=0x0})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f00000000c0)={@my=0x0})

[  202.395335] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.401972] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.408828] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.415352] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.423690] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  202.564887] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.571342] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.580104] device bridge_slave_0 entered promiscuous mode
23:10:32 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4}, 0x2c)
fcntl$getown(r0, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x8, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000010000000000071100000000054ddbc8f3c82abf6de000000000000000000009500000000000000b77ea4dae1e2b6a7d2c6671a8c5d5ff88c58f300b26cb253aecd903a149a7b5af073ba5e221a44e6304df06185abf30bbbb7b0e0df252dab15bfa7a2102750653f90fac1a2f98b6146e981bb791df5832dee38f749ee8fcaea77036ede2f4e388b4fedd52946040ff70eb177bf31b61af0a26c32f6f5efad6350d27513fe31342f5e7f1077e0bd12350c118b3f98323ef8188aa4f98982ffb11f508f1939f9"], &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00001a7f05)=""/251}, 0x9a)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x0, 0x0)
write$vnet(r1, &(0x7f00000002c0)={0x1, {&(0x7f0000000140)=""/216, 0xd8, &(0x7f0000000240)=""/68, 0x2, 0x7}}, 0x68)

[  202.655002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  203.005779] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.012459] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.020713] device bridge_slave_1 entered promiscuous mode
[  203.367291] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  203.671591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  204.621976] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  204.857409] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  205.212608] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  205.221009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  205.522992] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  205.530061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  206.210834] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  206.218902] team0: Port device team_slave_0 added
[  206.468679] 8021q: adding VLAN 0 to HW filter on device bond0
[  206.498014] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  206.506160] team0: Port device team_slave_1 added
[  206.816136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  206.824159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  206.832698] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  207.173551] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  207.180607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  207.189375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  207.387439] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  207.395023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  207.403784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  207.420658] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  207.700412] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  207.708079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.716831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
23:10:38 executing program 1:
r0 = getpgrp(0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000a63ff3)='/dev/usbmon#\x00', 0x0, 0x0)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f000053b000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setown(r3, 0x8, r0)
read$eventfd(r1, &(0x7f0000000080), 0x8)
fcntl$setsig(r3, 0xa, 0x12)
poll(&(0x7f0000b28fe0)=[{r4}], 0x1, 0xfffffffffffffff8)
dup3(r3, r4, 0x0)
tkill(r2, 0x16)

[  208.413679] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  208.420061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  208.427879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  209.253562] 8021q: adding VLAN 0 to HW filter on device team0
[  210.107999] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.114553] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.121396] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.127944] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.136540] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  210.143258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  212.449360] 8021q: adding VLAN 0 to HW filter on device bond0
[  213.212220] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  213.868697] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  213.875209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  213.883135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
23:10:44 executing program 2:

[  214.498513] 8021q: adding VLAN 0 to HW filter on device team0
[  216.833874] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.309920] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  217.760382] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  217.766946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  217.774831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
23:10:48 executing program 3:

[  218.249681] 8021q: adding VLAN 0 to HW filter on device team0
23:10:50 executing program 4:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f00000002c0)=@sr0='/dev/sr0\x00', &(0x7f0000000380)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, &(0x7f0000000300))

23:10:50 executing program 0:
r0 = socket(0x10, 0x2, 0xc)
write(r0, &(0x7f0000000040)="1f0000000104ff00fd4354c007110000f3e9000008000100010423dcffdf00", 0x1f)
connect$pppoe(r0, &(0x7f0000000180)={0x18, 0x0, {0x3, @dev={[], 0x16}, 'bridge0\x00'}}, 0x1e)
accept$alg(r0, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)=<r1=>0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0)=<r2=>0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x40100, 0x0)
ioctl$TCSETS(r3, 0x5402, &(0x7f0000000200)={0x9b4, 0xfffffffffffffc01, 0x1, 0x1f, 0xb3, 0x9396, 0x7fffffff, 0x100000000, 0xab, 0x3, 0x10001, 0x32b})
r4 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x7ff, 0x80)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000140)={r4, r0})
write(r0, &(0x7f0000000080)="1f0000000104ff00fd4354c00100000000000000080001000104de9d255b5b", 0x1f)

23:10:50 executing program 5:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f00000000c0)={0x8000, 0x200, 0x3, {0x77359400}, 0xbb6, 0x7})
ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, &(0x7f0000000200)={0xb1, &(0x7f0000000140)=""/177})
ioctl$DRM_IOCTL_AGP_ACQUIRE(r1, 0x6430)
vmsplice(r1, &(0x7f00000015c0)=[{&(0x7f0000000240)="20cdfe3323cc96cdf4f1704ba2d1955a309f35be12462cf44b4898693c904e2a0cded63137036d19a29c365e47d04230231652b383c259971237c47ca3b33c87eb383659c0d5d14f0de1c9639579fb468bd2f486c0754e5e066380f6c988155a8007a7cda0d88d2b2f89e7ebce35f193a95a820e89ae07c45d0f3555c585af36cc122e3671f14a1b59d5ae5825e52973a3", 0x91}, {&(0x7f0000000300)="229d17df5c527fd6da2547bf3920b5972d93067ffac9e5cb1832317c107c7eaaae137334e4a5a3b0300a52de8f1fa7c000a5e1ff366a2eaeb6383f018536263c1074c439656b48b0f71ced5feb6a8174b74ac60d9ff48eb303d4c020b82039a4686dc44546e384ab0675866b0af0e91b6b6d4413c8b2efeff4647ff4654a018a274f0e0cb96a7d0a795ea242a4ce2c8cdea0de711054c46081482c2d30fd841c47392ceaa347de0a16c019b032d3b2b7ea1ce54a3d02d0986990ad2f43993f596a317a9a6c244336b47593e61918eee7f97b0f16e4e432fc3f1cd2d2dd2a78f142e9ed57bf47996be2ae657b7ecc64d7e1ac5458b302785cfd21cbbbfc0452cbc1ce1ac57c7331e2d38efd790cc30fbf19231c03bf2446211cc1c3d71c0b20389a9a262d2785b7043fddf7a2de2215b0e9f620ba5c771290d815a83ed5e471f98002fe3a293450ba23c2acd85c9222ffe50b9841b3ca7b87684660973d9f1042d4181801c93a954252663dd2abaf6f3b0f8a0da20f59bc684f9ca39a645a7dc5c7ffddfeb3b0c6eabe4627e5b0cb62fc99b6884df9ddae4e79dc8bc1f3b7bc5503805b510ff65dd37bee434e394ad8a1093eaeb5b7344862fbc5fec02be3a33a25148d01a60e6305480321cdfd41cd622601fe6e8cdc70e6074ad0c3864ed6012d25705b5e7d4d6f8c8e47deb0b45bb0f4af0290f3f6a5e13b25de8992d080e8993b44678f777f1c103aa8b7f4335d12a1921e27a645d7c75ccfd4894b0149d03568822267401b0fa9311b44dec4d9c01027c655b70e71853a3171a0fc61319e5ff0ba7eca92cdd815884b7550041be2ebca1d580fd78d759f4d3650036124459cfceaf59433a156adb0069ab8f3363dd6db9712cbaf05ae7583e34d4f29591e4e83bff147b30aec73a27a33b90c1a7e6aa9fe1469e25f7d22fe47ac1cd60773705defedb8428da56b663c762b742b739fca8efa459daa61a73b0efb6e72ef400fcd84f5983ce04ed8823009b115ff0ea7692755b496fd5769c8f78718fecbf4b2340db7d909e7ea45aa8c7492b2dab5a10c9781b022decfb8b8bc78dc35d0a3e9209aa6d7d101bca254d5105c45876a047f858169600fe9adbd69eb50338dc8441b2d8a4cea7b8b3defb5eda13ae8424b457e66069a3c5a2c7b04f96e57b61ba9fe7e859d517a53339facef6c6138134bb3496e8043eecbf9e1434879a3cfdcb1059099cb41ba61039dc7421313213e69b800a919da55bd17718722a6d82cd1d8fc08be9882b3448c6c25c27064da43146f3d1c695943e3021be04f182b059b8169e32748b99c823fcfd7a43e3fd5ed7e099fa3b834c9f6ebcbfe79153bb7008cb7cb5734dbe0fcc8e50eb9abddadffca1c70934f54a430eb7b1c95642edac70d8568db067a80bc9e91aea7527afb65ab3a810795875860c6d06c802b4e07de35fd5ea6770df659bdfc07f5c3b4d7d9e198d651da1f34fc81a11501f4ff7fad7e91802b8fcc6658ecce8b662c1e96b3c9428ab966bdd083d50db33c3c783b1668bca1dde45409c8e8745ab5adca07aacaac8e717c4232b57912293ec0ec49d24e8f1bd9e5005fff05a198377cd7b5706fcf2d37dfa2081630d82612435de356a6ebdb67e934eafeef33b566e77f993cf99e52bfcd0907ee75fd0c2223a2033934cfed08ae3632596b4e903053330ef1669ec2f3ffd62f3cd07520db05638471e968fe34d6598b77a7f166b66d4c798ddb23c997073a8a5580ac325ee305fcfb828a0eb846594117d265afd5a27fad45700c99d1be65f7a3bbe63dcb7e5aed6bc29a283a4a222cc4c7024697f457c2a6a9c3f7a343226f9e95cbf77567b2f5e7a7658d6e8ebb6e0c7eb2aac616f40e2716a6e734c28d24d021e356a365f81248e7d7fa63c34ea7162d628245ee162ddd23003d5100c223c280a4ec37eb7e6df0cb645366437dffd50a4f23858348574d51d3108439f5e90cbc6e8de96b099ffa8c9d597a215b2e4506e6c6c84d2ca02f9c2552e202268f177af42d24bd9e9a423b7724ef10475d3b8e22ed79835bb54fed7d3d6e4b9d012b3aae970ad32310bff6f6388d35ba3733d997b833ee27a2ed2aea12180e2b17a2e82e140c8e991d528ae3e26119bb7f16c2a66ea3c3be48106ac0a677128a3c4433b2b5c700a81a2eaf5433e28b5be83773928a7c0a53476b74623ee06f1419188fc57c5cd3ac574e5e741b2c7f231e3883a385a35315b1c00318f9dcc332eb59889b480ef5f1bb1cad7e81eeaf4249c361cf8ba91e605dbe8369df8fea1cae6ee69ae2ad94f6f463da81a6b55ff61be0be889aafebc3574f88a1b62d86777a81762050188503f5d5dfd2ffa051a04ed6db48d5ba0701bd693d1656c037f2df0453ba220240884308eb3d0236360cee778bd5aadbeec44865efcae9a03243fdd64eb761ad66cd2e03de0857236eaa9c07cdd3e613e189947f8f242d18303dd0680bffaafc91d17d48d90552fc4cf92a06d69e95fc8b27d616f1dca3b06b21a9f413cfc89245c7f87ddf58c854ae44e3a892c4e309fa0e9980cd714833b9bb97b8ad936e90e08ec531d47396143afa8bc10af67be9a84d393272270c22660a799fe4b60269a84f11344a12d04036054abdbe3770ea8ea2362c2846504054a7e505a99f9a09030bcc2058aca329b217e076702c32d705569d9e26d225ead7ce94b0acb6fd0162e0aaffb4151045e9f484f93421e6670c942b0c7bc706c12d76716fba32ec3bb21a4aa440387a1a0edf080d66d50010196e656608298e02f85ace6f1c780c95595cb414ca42302d1e31180825713de5f6bd1b7fd7ef8d911858b759755abc511d8184201de99e4f745e83d74ed2c7f72931001a6d2be75422dc10a5fb03c2539a266a118e16cbb3f7c85d371700494ceefa16e5fb1dc613f1b06f1e5629ceb72c0bce907705ff7dedf1ee705065c65cb7827cf01be68ba440519d74ef1e020a82c5a0c316548925dde6203c455359c528f1607cf4f089e2ca73497e7074ff7192a8d0e6805c29dc9b3dde5897341ca55d4a774182968d133dcc30703bec8806835ca4fb1241ffa40ef6071854325a511714a0ae17aef1d478d44d0c947c30dc58c7b0d88bfdb5b6037739d33f45db0a9b10d8cd0e1fc86436bd4eefa7498394060ed140e8afdeedf9143b8df7b628f859b1ab3db58170b6a498b38e287689c3e9ec92fb51d68fdf31672e93a14b15c452daeac13773a9d6425362d79170d5087f6c3aec5770611e6010549c7aa5deb117e38c5adc78b6fef6f59fabee79aeaf1a1cfef4ee524035be8db73df13d3cb041c08a5eb4a41e2fbbbe59fa70fa62582e35cb55f56ee2d89e6a587313851a8e3258dc91a0b905f54686db340b0ee59f8c206f40d4bd443826ae1bdb42547efa802c299d57c88fe29733f58beb06c4fd34237b4bb418abc70dc98d3a66b7d63153bd8f16231f6466af8795ebce579b02a12848ebc0e7ee27d9c2920c440567be7e8ff3d81fdb3d0a5de97ce373d94fde166730317ab1487b7c1633bf1cd92188eba3acf8120d99b6bc8dc5e844f5b88ad903b06052c5c659aa2891e7b00fdd965714f80ec25898bd55a2d7e8c58e86c8de9c7f2af9b18eb8b64b61c9ac9181ee77e5d34315e5735a792f807015873a370dccf7579c0ca5d42f0efdc51c2b5ea56c359cd5e47ce3598e76e62d97ae8e5a31c5e1a84753f4938e3e95a8cc38f18b892f4f3981ddc204b4af0f5377d5d8b5b59d6a6aa86b6dfdbea3bef235545bd49aa2066a5d9bd136e896cc7205110baa054ebca0a356467dd386a445f1b2627b80b013973140bdeb19aa3d7d5869c258f6f480a66bac44414ccfc4db3e281cc3f401a43ddb4acab99a224103804376fa674e75743549b8d9473b4214178f7ead298da8b3c807c48647ac866faba5dfa4e5909fbf3911b2a7acc3a51a1a9e47cf9f7ab2c80e44993e2ef8352664e0eb355d08ed830b780e9c348f75162ea09822d8b76a8d4ac116c475043a08132f2688fc4825bbf2f4d36c6fb4bc78273d8094e9b909acd80cc34a6de39d253ba6ef4791ff30edac745b15c0bc098878ad72e1341c87181cf12a36e6f1162718a14071f8c31ba6a9e3fb2315084b8af85587f09841f746e35e6963f25d4fad6be40475f09997f5bc9dd08fc49fd3beaf42c24d6b90ac7045c286013b2d801440540a90b14b06090513185b55711e510273f7f4b0d386205f71a18bc82703cfe924c8a9e4634179fa2082f067b6fe8457fe3ef72690eccd3dc42c500c3dc72e1adc8db3d0a5d85dcb73ced24fd5e6ed2782d6336174a6c2de9d77612f42ae7371b6a1e8f8e76572b0fd6c7301c104792bcb9e69c551e10c5f48826b85b173e8f07d7fae8a09e8e53f933c92dba9c356e234b7112ca94138c98caa8ff9359c016de0c85997991a5c729f666e72fecb4d35183c465c8a0df2464431b1b897a5ce16ff75517eb34780c9aaa9e08247bbc2b89a90b756cb06318c1c3e745295796012338d95bc8f98935288339972f0226cd9ca8971aa8c6e7c71a0f65e06aacc6b6c3e9cf4124c38f4c43a551540d1d54d4c31df94bf008487e6c818cd0b65c49526db29ac911a3d2e8ccc6e5f2f8619392444f8624ceacd9f14cb566b863328039563a94445e2318f24834100d6b083b9e07c580d63e43c0a9d895ee77d8d523f56e9dacd27e21b126e22dfc330f31ded9c8e7995ea9d2541bd7ab6069643c485bda1c505b83ac616561821c9a7c8c58a786f2ba83c33bcb0ec0419843f62196ffcc1d99ca1cb687b497b3456539f4fb69fb5b067d3496229a00cde9466a8242f2e204e9a4e490e196b54e066402dadd36faf224d08e9419142df6e1fe5bc50cef2df228c007c87f9255f88ad290f0ea19e92c7764ec63c71a016d2a17d10165e12c8121a71da7a1bf0ccb5b71b0f334518df1fd110996554e5ee703c0656f8eeef8da2d757dba72e6be2ec2dd656f0bdebaecbc1ee8861218df63061bd7e34851d29b9e9fbe4df8a3ce55b1a0b59f2d74658b015d4f2537651aa847d2d57c5c30deb0d09596aee421db6e5b4599bde55b34ddd8ba0ad037b8410aea8eb34c3071264385ef92c161f613f6a1ebc95c71c83fc99ec96a50703db82682e066ff6e0660622fc4d14908823bbd66959254f40f1d2f53b11488d4619c1dc64990213c16c409da84f38bc12260c7fe0556a2150fbcc8a13ec30566d61edc06617b3169d51ee5eac57f0ce80247f724ac9a9133203a9f04f3541b45085d0ef82e3c5117b8167ec5f106922ae110784459f485e4b764f0e6ea47ecdc05f217d6d4ec0de4a458d309d85571a2ffe8fcef384c118b1887f45f9a35e0d344ba9573ec350b703f178438751861cb3a9c190a351e0ea0d50a69a64756a60512a324461c5d7c55e15e24cc3620de717b1a7bfc54e03a412f4ed7fcd0adef2d40a3584f01a1e310530dcfa6ea6dedc8f47f270dd2e046de84b0ac68449c7cb2aeab8abf152e5995d7f2d40decfc7342b871d823fdf8929d75dbe1486e18a1f2e1282a353f7ac65a629cc9f1c1d2d5bfc69f8850d58b6efaf50e6d68845747a798cdd1316231aefdff2c1d2434eb346ac8683b6682edc3e8f0d7c979ae014a1ba843e03b1ace2180ff4dd46921a9ebcfecbba274221327cb03031cfbfa97292c3bbf09cebedc4788c6bc5e95db7b29838154088be9bfc944ef967db3887c6e85d0e6dafb4b0d4900a90ab0c45752b573293d456804ed1f15695b9ef924e8df8bdca7c620db3673efdd562c10b3ef08551", 0x1000}, {&(0x7f0000001300)="5f71f91ddd3d35b35d5dc761cd0622e3c61b47f193a097c4d7a9b20c5db7f7635a470bdc1cb3fc9de8f707ff698678532e5c628a8b1105f3c2692952081046d3b64b44bcdfb5304214d1223e86d60c9aaf96a54c36c26ac86df0cfcc3ce4f737fcefd50118f4075740ca21a8df0d17a070411bbd01138845d0b55b94dbb9f6fbd0abeb3673db8bad68e855b7212eefb2bdd725bca5962f79e4af709cc4765ba85dd7fb220ae2e91858daa8e4d5bfa81ec04434f4e9f1ced91ef86685b9d03ad1f2560f157458f6d8d68e0e20f926d5a79f72b29ae53d5814322955460ddc80b7785dc30794b481fa42", 0xe9}, {&(0x7f0000001400)="dd02835639465f4d72bd811900fb713c0ac54fc1025611b2b54ce4d0668a0cb0e5729b4d38205044626a6ed338b477f6605cd515678734f87a12e5906835b6e658060f3626abff0ecd95f784ef6f14bba92a161ba50e4670da31ac69692dc97a7d3b54a7998e10a3d2c102f3a422b93aef2d96d1e9b33ab7412342", 0x7b}, {&(0x7f0000001480)="e2a4d77268e7521b21db32f4ee76fd1ea7b0efd17df5cf75af04090cda0c8e9881867f9464e84eb54448b5a11b6a7d301c813e3eb02e914600fc1963aab55a6ece9fae4719af9f093ca24cd6", 0x4c}, {&(0x7f0000001500)="8535a44ece45b5767734e444d0c8571e9372df1196e451f40c46ee07352b392789d4baa77ddc3dd67cb041a762d4f2f446ca10cb4ce0", 0x36}, {&(0x7f0000001540)="76d3fb71fb1315e04328479729c5786cc3107ea38d41c3738e35f7fa613aafc7ce9d1e7a364288192245c526fa59e935b49e3eca45a75afe9dd505ce0c89c53c183f88261e2a06938de97a2c5d8f84f89c55a487858ad27c68d1", 0x5a}], 0x7, 0xa)
setsockopt$inet_dccp_int(r1, 0x21, 0x10, &(0x7f0000001640)=0x3ff, 0x4)
ioctl$KVM_PPC_ALLOCATE_HTAB(r0, 0xc004aea7, &(0x7f0000001680)=0x4c5)
timerfd_settime(r0, 0x1, &(0x7f00000016c0)={{0x77359400}}, &(0x7f0000001700))
sync()
ioctl$PPPIOCGMRU(r1, 0x80047453, &(0x7f0000001740))
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000001780)=0x8, 0x4)
ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f00000017c0))
munlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f0000001980)={0x8, 0x9, 0x1, 0xc4, &(0x7f0000001800)=""/196, 0x37, &(0x7f0000001900)=""/55, 0x2b, &(0x7f0000001940)=""/43})
setsockopt$sock_int(r1, 0x1, 0x12, &(0x7f00000019c0)=0xffffffff, 0x4)
ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000001a00)=""/181)
write$binfmt_misc(r0, &(0x7f0000001ac0)={'syz0', "274e990892b4fce042baca92e394217d40f6e996309a15fb3955d8d6dbb9a165e38f8726f43e095f7d81b5e48a54edbdc519e8efb5ea09ad61ac014d7dac3a29f8470532cb5391bedc43f614530dd096391c6b9bcd9acb9bcf9adc96de78d0b045abb2868684e68943acf40a2160b2300f6aecfd8397d6e4450f"}, 0x7e)
fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000001b40))
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
r2 = semget(0x1, 0x7, 0x50)
semctl$IPC_RMID(r2, 0x0, 0x0)
write$FUSE_WRITE(r0, &(0x7f0000001b80)={0x18, 0x0, 0x6, {0xfffffffffffffffd}}, 0x18)
socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000001bc0))
ioctl$TIOCLINUX4(r0, 0x541c, &(0x7f0000001c00))
r3 = getpgid(0xffffffffffffffff)
syz_open_procfs(r3, &(0x7f0000001c40)='net/sco\x00')
write$P9_RWALK(r0, &(0x7f0000001c80)={0x16, 0x6f, 0x2, {0x1, [{0x0, 0x3, 0x1}]}}, 0x16)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000001cc0)=0x1, 0x4)
clock_gettime(0x0, &(0x7f0000001d00)={<r4=>0x0, <r5=>0x0})
write$evdev(r0, &(0x7f0000001d40)=[{{0x77359400}, 0x2, 0x8, 0x401}, {{r4, r5/1000+10000}, 0x1f, 0xff, 0x1}], 0x30)

23:10:50 executing program 1:

23:10:50 executing program 2:

23:10:50 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f0000000300)=""/11, 0xb)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0))
r1 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff)
recvmmsg(r1, &(0x7f0000000780)=[{{&(0x7f0000000480)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000500)=""/53, 0x35}], 0x1, &(0x7f00000006c0)=""/140, 0x8c}}], 0x1, 0x0, &(0x7f0000001a00)={0x77359400})
r2 = dup2(r0, r0)
ioctl$LOOP_GET_STATUS(r2, 0x4c03, &(0x7f0000000340))
r3 = fcntl$dupfd(r1, 0x0, r1)
read(r1, &(0x7f0000000240)=""/185, 0xb9)
shutdown(r3, 0x0)

[  220.902347] netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
23:10:51 executing program 2:

[  221.014548] netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
23:10:51 executing program 1:

[  221.062140] netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
[  221.124392] netlink: 3 bytes leftover after parsing attributes in process `syz-executor0'.
23:10:51 executing program 4:

23:10:51 executing program 2:

23:10:51 executing program 0:

23:10:51 executing program 1:

23:10:51 executing program 4:

23:10:51 executing program 0:

[  221.938298] IPVS: ftp: loaded support on port[0] = 21
[  223.108541] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.115045] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.123284] device bridge_slave_0 entered promiscuous mode
[  223.198774] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.205475] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.213528] device bridge_slave_1 entered promiscuous mode
[  223.287317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  223.359208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  223.575739] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  223.650062] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  223.793446] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  223.800412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  224.020223] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  224.028031] team0: Port device team_slave_0 added
[  224.099836] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  224.107322] team0: Port device team_slave_1 added
[  224.180567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  224.253294] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  224.327585] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  224.334955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  224.343620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  224.415273] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  224.423294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  224.431933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  225.223132] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.229520] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.236369] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.242786] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.250435] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  225.801845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  228.104430] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.365746] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  228.633322] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  228.639555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  228.647304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  228.916452] 8021q: adding VLAN 0 to HW filter on device team0
23:11:00 executing program 5:

23:11:00 executing program 2:

23:11:00 executing program 1:

23:11:00 executing program 3:

23:11:00 executing program 0:

23:11:00 executing program 4:

23:11:00 executing program 3:

23:11:01 executing program 1:

23:11:01 executing program 4:

23:11:01 executing program 2:

23:11:01 executing program 0:

23:11:01 executing program 5:

23:11:01 executing program 3:

23:11:01 executing program 2:
r0 = socket$inet6(0xa, 0x805, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000eeff0000000000000000000000000000020205", 0x18)
sendto$inet6(r0, &(0x7f0000000180)="94", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x10000000000001}, 0x1c)

23:11:01 executing program 4:
r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x6800, 0x0)

23:11:01 executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x12}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f00000001c0)=""/137)

23:11:01 executing program 5:

23:11:01 executing program 1:

23:11:01 executing program 3:

23:11:01 executing program 1:

23:11:01 executing program 2:

23:11:02 executing program 4:

23:11:02 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="d1d087423f"], 0x5)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001b000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000002c0)="66b99408000066b81e111ee366ba25b5a6000f303681950d00918e66b80b0000000f23c80f21f86635080060000f23f83e0f009125000f381ee594360f320f019dfc32f20f01c98395008800", 0x4c}], 0x1, 0x57, &(0x7f0000000100), 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

23:11:02 executing program 5:

23:11:02 executing program 0:

[  232.133685] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  232.265033] ==================================================================
[  232.272465] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920
[  232.279064] CPU: 0 PID: 7723 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63
[  232.286256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  232.295626] Call Trace:
[  232.298228]  dump_stack+0x306/0x460
[  232.301868]  ? _raw_spin_lock_irqsave+0x227/0x340
[  232.306716]  ? vmx_create_vcpu+0x10df/0x7920
[  232.311145]  kmsan_report+0x1a3/0x2d0
23:11:02 executing program 4:

[  232.314958]  __msan_warning+0x7c/0xe0
[  232.318768]  vmx_create_vcpu+0x10df/0x7920
[  232.323016]  ? kmsan_set_origin_inline+0x6b/0x120
[  232.327878]  ? __msan_poison_alloca+0x17a/0x210
[  232.332562]  ? vmx_vm_init+0x340/0x340
[  232.336469]  kvm_arch_vcpu_create+0x25d/0x2f0
[  232.340987]  kvm_vm_ioctl+0x13fd/0x33d0
[  232.344994]  ? __msan_poison_alloca+0x17a/0x210
[  232.349686]  ? do_vfs_ioctl+0x18a/0x2810
[  232.353773]  ? __se_sys_ioctl+0x1da/0x270
[  232.357928]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  232.362775]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  232.367622]  do_vfs_ioctl+0xcf3/0x2810
[  232.371527]  ? security_file_ioctl+0x92/0x200
[  232.376045]  __se_sys_ioctl+0x1da/0x270
[  232.380122]  __x64_sys_ioctl+0x4a/0x70
[  232.384013]  do_syscall_64+0xbe/0x100
[  232.387829]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  232.393018] RIP: 0033:0x457579
[  232.396232] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
23:11:02 executing program 4:

[  232.415145] RSP: 002b:00007f4062c0dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  232.422865] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  232.430139] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  232.437417] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  232.444701] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4062c0e6d4
[  232.451983] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  232.459361] 
[  232.460994] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu
[  232.467928] Variable was created at:
[  232.471647]  vmx_create_vcpu+0xd5/0x7920
[  232.475709]  kvm_arch_vcpu_create+0x25d/0x2f0
[  232.480198] ==================================================================
[  232.487558] Disabling lock debugging due to kernel taint
[  232.493030] Kernel panic - not syncing: panic_on_warn set ...
[  232.493030] 
[  232.500417] CPU: 0 PID: 7723 Comm: syz-executor3 Tainted: G    B             4.19.0-rc4+ #63
23:11:02 executing program 4:

[  232.509175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  232.518533] Call Trace:
[  232.521142]  dump_stack+0x306/0x460
[  232.524801]  panic+0x54c/0xafa
[  232.528050]  kmsan_report+0x2cd/0x2d0
[  232.531882]  __msan_warning+0x7c/0xe0
[  232.535703]  vmx_create_vcpu+0x10df/0x7920
[  232.539954]  ? kmsan_set_origin_inline+0x6b/0x120
[  232.544832]  ? __msan_poison_alloca+0x17a/0x210
[  232.549527]  ? vmx_vm_init+0x340/0x340
[  232.553433]  kvm_arch_vcpu_create+0x25d/0x2f0
[  232.557945]  kvm_vm_ioctl+0x13fd/0x33d0
23:11:02 executing program 4:

[  232.561941]  ? __msan_poison_alloca+0x17a/0x210
[  232.566625]  ? do_vfs_ioctl+0x18a/0x2810
[  232.570691]  ? __se_sys_ioctl+0x1da/0x270
[  232.574849]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  232.579699]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  232.584549]  do_vfs_ioctl+0xcf3/0x2810
[  232.588452]  ? security_file_ioctl+0x92/0x200
[  232.592963]  __se_sys_ioctl+0x1da/0x270
[  232.597476]  __x64_sys_ioctl+0x4a/0x70
[  232.601807]  do_syscall_64+0xbe/0x100
[  232.605619]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  232.610827] RIP: 0033:0x457579
[  232.614639] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  232.634331] RSP: 002b:00007f4062c0dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  232.642063] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  232.649349] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  232.656627] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  232.663900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4062c0e6d4
[  232.671175] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  232.679954] Kernel Offset: disabled
[  232.683582] Rebooting in 86400 seconds..