[....] Starting OpenBSD Secure Shell server: sshd[ 51.896214] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 52.276082] audit: type=1800 audit(1538966099.336:29): pid=5996 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 52.295692] audit: type=1800 audit(1538966099.336:30): pid=5996 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [ 53.293302] random: sshd: uninitialized urandom read (32 bytes read) [ 53.589654] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 55.357813] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. [ 61.044838] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 02:35:09 fuzzer started [ 65.225971] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 02:35:14 dialing manager at 10.128.0.26:36867 2018/10/08 02:35:14 syscalls: 1 2018/10/08 02:35:14 code coverage: enabled 2018/10/08 02:35:14 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 02:35:14 setuid sandbox: enabled 2018/10/08 02:35:14 namespace sandbox: enabled 2018/10/08 02:35:14 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 02:35:14 fault injection: enabled 2018/10/08 02:35:14 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 02:35:14 net packed injection: enabled 2018/10/08 02:35:14 net device setup: enabled [ 69.985287] random: crng init done 02:36:58 executing program 0: [ 172.085453] IPVS: ftp: loaded support on port[0] = 21 [ 174.132610] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.139082] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.147379] device bridge_slave_0 entered promiscuous mode [ 174.270207] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.276802] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.285028] device bridge_slave_1 entered promiscuous mode [ 174.406680] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 174.528902] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 174.905369] bond0: Enslaving bond_slave_0 as an active interface with an up link 02:37:02 executing program 1: pipe2(&(0x7f0000002f40), 0x84000) accept4$inet6(0xffffffffffffff9c, &(0x7f0000003340)={0xa, 0x0, 0x0, @remote}, &(0x7f0000003380)=0x1c, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000033c0)='/dev/hwrng\x00', 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) pipe2(&(0x7f0000003440), 0x0) syz_open_dev$usb(&(0x7f0000003680)='/dev/bus/usb/00#/00#\x00', 0xfffffffffffffc01, 0x142) openat$uinput(0xffffffffffffff9c, &(0x7f00000036c0)='/dev/uinput\x00', 0x0, 0x0) getegid() getpgid(0xffffffffffffffff) geteuid() stat(&(0x7f0000003940)='./file1\x00', &(0x7f0000003980)) syz_open_dev$midi(&(0x7f0000003a00)='/dev/midi#\x00', 0x7, 0x42040) openat$pfkey(0xffffffffffffff9c, &(0x7f0000003a40)='/proc/self/net/pfkey\x00', 0x101800, 0x0) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000003c40)) syz_open_dev$usbmon(&(0x7f0000003cc0)='/dev/usbmon#\x00', 0x100000, 0x80000) syz_open_dev$sndctrl(&(0x7f0000003dc0)='/dev/snd/controlC#\x00', 0x80000001, 0x400) epoll_create(0x4851) fanotify_init(0x0, 0x8000) dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x0) socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000004f40)) epoll_create1(0x80000) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000004f80)='/dev/vhost-vsock\x00', 0x2, 0x0) getpid() syz_open_dev$sndmidi(&(0x7f00000054c0)='/dev/snd/midiC#D#\x00', 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000005500)='/dev/dmmidi#\x00', 0x5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000005580)='./cgroup.net/syz1\x00', 0x200002, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet(0x10, 0x3, 0xc) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000002580)={0x0, 0x0}) recvmmsg(r0, &(0x7f0000002500)=[{{&(0x7f00000000c0)=@ipx, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000240)=""/90, 0x5a}], 0x1, 0x0, 0x0, 0x8}, 0x10001}, {{&(0x7f0000001d00)=@generic, 0x80, &(0x7f0000002380)=[{&(0x7f0000001f00)=""/102, 0x66}, {&(0x7f0000002080)=""/79, 0x4f}, {&(0x7f0000002240)=""/71, 0x47}], 0x3, &(0x7f0000002400)=""/207, 0xcf}}], 0x2, 0x20, &(0x7f00000025c0)={r1, r2+30000000}) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000130a07031dfffd946fa2830020200a0009000300001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) stat(&(0x7f0000002600)='./file0\x00', &(0x7f0000002640)) getegid() clock_adjtime(0x3, &(0x7f0000000040)={0x1000, 0x4, 0x4, 0x3d4, 0x9, 0x5d6e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0xaa44, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x5, 0x5}) [ 175.057095] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 175.576469] IPVS: ftp: loaded support on port[0] = 21 [ 176.035063] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 176.043046] team0: Port device team_slave_0 added [ 176.282890] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 176.290878] team0: Port device team_slave_1 added [ 176.572331] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 176.765245] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 176.772377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 176.781002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 176.956866] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 176.964670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.973483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 177.227389] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 177.235039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 177.243960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 178.507548] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.514124] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.522372] device bridge_slave_0 entered promiscuous mode [ 178.688446] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.694982] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.703283] device bridge_slave_1 entered promiscuous mode [ 178.939769] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.201254] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.493285] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.499839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.506804] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.513421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.521892] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 179.642195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 179.783075] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 179.973458] bond0: Enslaving bond_slave_1 as an active interface with an up link 02:37:07 executing program 2: semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000500)) [ 180.206802] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 180.214631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 180.476058] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 180.483367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 180.836336] IPVS: ftp: loaded support on port[0] = 21 [ 181.215606] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 181.223722] team0: Port device team_slave_0 added [ 181.495979] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.504033] team0: Port device team_slave_1 added [ 181.767994] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.775178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.783898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.083297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 182.090489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 182.099168] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.347992] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 182.355816] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.364679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.631957] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 182.640074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.649236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.300064] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.306777] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.315084] device bridge_slave_0 entered promiscuous mode [ 185.381476] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.388011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.394946] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.401382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.409832] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 185.501195] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.507889] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.516135] device bridge_slave_1 entered promiscuous mode [ 185.701662] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 185.904999] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 186.003855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.584578] bond0: Enslaving bond_slave_0 as an active interface with an up link 02:37:13 executing program 3: socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x27, &(0x7f0000001b00)=""/175, &(0x7f0000001bc0)=0xaf) [ 186.906592] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 187.204651] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 187.211855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.507581] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 187.514758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.835527] IPVS: ftp: loaded support on port[0] = 21 [ 188.420816] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.428795] team0: Port device team_slave_0 added [ 188.755933] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.764096] team0: Port device team_slave_1 added [ 189.027338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 189.035355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.044210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.369731] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.377037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.385732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.670057] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.677938] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.686678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.980427] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.988018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.997439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.037938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.336755] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.843880] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.850344] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.858767] device bridge_slave_0 entered promiscuous mode [ 193.204498] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.211030] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.219341] device bridge_slave_1 entered promiscuous mode [ 193.447249] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.453878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.461615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.540885] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 193.572722] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.579172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.586125] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.592615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.600744] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 193.888106] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 194.402023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.765257] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.863537] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.155310] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.441295] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 195.450275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.766250] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 195.773458] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 02:37:23 executing program 4: openat$vnet(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/vhost-net\x00', 0x2, 0x0) syz_open_dev$amidi(&(0x7f0000000480)='/dev/amidi#\x00', 0x2, 0x0) write(0xffffffffffffffff, &(0x7f00000001c0), 0xffffffea) perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000400)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x10}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000200)={0x0, r0+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) [ 196.207585] ip (6715) used greatest stack depth: 53040 bytes left [ 196.969347] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 196.977436] team0: Port device team_slave_0 added [ 197.355368] IPVS: ftp: loaded support on port[0] = 21 [ 197.386606] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 197.394415] team0: Port device team_slave_1 added [ 197.796939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 197.804024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.812699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.141218] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 198.148688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.157404] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.416029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.557828] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 198.565385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.574071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.941808] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 198.949344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.958346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.734532] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 201.019209] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 201.025743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.033556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.532496] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.955794] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.962345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.969219] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.975802] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.984198] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 02:37:30 executing program 0: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x12, 0x0, 0x70e000, 0x0, 0xf00}}) [ 203.123678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 02:37:30 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-twofish-avx\x00'}, 0x58) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) r1 = memfd_create(&(0x7f0000000080)='ghash\x00', 0x3) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f00000001c0), &(0x7f0000000300), &(0x7f0000000340)=0x0) fstat(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = getuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000400)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) r8 = geteuid() stat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000540)={{{@in=@broadcast, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000000640)=0xe8) getresgid(&(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)=0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000740)={0x358, 0x0, 0x4, [{{0x5, 0x1, 0x8, 0x2, 0x3, 0x800, {0x0, 0x1, 0x8001, 0x2, 0x7, 0x8, 0x5, 0x5, 0xfffffffeffffffff, 0x6, 0x7, r2, r3, 0x8}}, {0x3, 0x0, 0x13, 0x6, 'eth1%-}{^security!-'}}, {{0x6, 0x1, 0xb26, 0xe6dd, 0x100, 0x5, {0x2, 0x80000001, 0x20, 0x1, 0x6, 0x7ff, 0x9, 0x1, 0x0, 0x5, 0x1ed9000000000, r4, r5, 0x9, 0x1}}, {0x2, 0x1000, 0x6, 0x7fc000000000, 'ghash\x00'}}, {{0x2, 0x3, 0x7, 0x8, 0x4, 0x25, {0x2, 0x3f, 0x7, 0xfffffffffffff001, 0x10000, 0x37800000000, 0x81, 0x101, 0x3, 0x4, 0x1, r6, r7, 0x0, 0x3f}}, {0x3, 0x5, 0x18, 0x7fffffff, '*posix_acl_access\'vmnet1'}}, {{0x0, 0x1, 0x5, 0x1, 0x8, 0x6, {0x1, 0x80, 0x100000001, 0xa44, 0x0, 0x8, 0x9, 0x4, 0x5, 0x6, 0x6, r8, r9, 0x0, 0x2}}, {0x0, 0x6, 0x9, 0x3, 'skcipher\x00'}}, {{0x2, 0x1, 0x0, 0xfff, 0x87, 0x9, {0x5, 0x646, 0x0, 0x40, 0x9, 0x8, 0x4963, 0x10001, 0x2, 0x5, 0x1c, r10, r11, 0x6, 0x4}}, {0x1, 0x1, 0x3, 0xb4, 'GPL'}}]}, 0x358) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0), 0x0) [ 203.658838] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.665590] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.673802] device bridge_slave_0 entered promiscuous mode 02:37:31 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0xd, &(0x7f0000000040)='/dev/snd/seq\x00', 0xffffffffffffffff}, 0x30) ptrace$getregset(0x4204, r1, 0x6, &(0x7f0000000180)={&(0x7f00000000c0)=""/161, 0xa1}) fcntl$getown(r0, 0x9) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000240), 0xffffffffffffffff) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)) getpeername(0xffffffffffffffff, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @rand_addr}}}, &(0x7f00000001c0)=0x80) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="b70ea6c298324f963036ba149a3acc537cd2d24b58e85a85d70a88870212428d04ff6af49e80842efa3683d5ef56e4c6d522ae0fa6703de035e2010218e2de5d92c55b14a19e39b862fe09d02b28b9c5d1f0b41706c328a613ac9511da37bea8ed48e848fc72e6b48d0ff9999c4ca1e88e665ac049bd2a9f40f6", @ANYRES32=0x0], &(0x7f00000003c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000400)={r3, 0x1, 0x10}, 0xc) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000280)={{0x0, 0x7f}}) [ 204.124158] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.130621] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.139031] device bridge_slave_1 entered promiscuous mode 02:37:31 executing program 0: openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(&(0x7f00000001c0)=ANY=[], &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000100), 0x12) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x40a000, 0x0) preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0) [ 204.630272] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.973413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 02:37:32 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x23) r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x802) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x40010, r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x5, &(0x7f0000000000)=@framed={{}, [@map={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000080)='GPL\x00', 0x800, 0xb0, &(0x7f0000000280)=""/176, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x23) 02:37:32 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0x101}, 0x23) r1 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x802) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x40010, r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x5, &(0x7f0000000000)=@framed={{}, [@map={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000080)='GPL\x00', 0x800, 0xb0, &(0x7f0000000280)=""/176, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x23) 02:37:33 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$FS_IOC_FSGETXATTR(r0, 0xc00c5512, &(0x7f0000000000)={0x0, 0xa000000}) getdents64(r0, &(0x7f0000000040)=""/14, 0xe) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x2}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x79, 0xd5, 0x2, 0x7, 0x400, 0x8001, 0xd830, 0x3, r2}, 0x20) setsockopt$inet6_dccp_int(r0, 0x21, 0x1b, &(0x7f0000000080)=0xb64, 0x4) [ 206.106422] bond0: Enslaving bond_slave_0 as an active interface with an up link 02:37:33 executing program 0: r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendto(r0, &(0x7f0000000100), 0x0, 0x48005, &(0x7f0000000200)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-aesni\x00'}, 0x80) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @dev, @rand_addr}, &(0x7f0000000080)=0xc) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00') sendmsg$FOU_CMD_DEL(r1, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r2, 0x800, 0x70bd29, 0x25dfdbfe, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e20}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x3b}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x8040) [ 206.564785] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 206.976838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 206.983962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.236808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 207.243957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.093689] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.101614] team0: Port device team_slave_0 added [ 208.330565] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 208.338693] team0: Port device team_slave_1 added [ 208.362714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.646506] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 208.653720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.662457] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.891304] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 208.898607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.907207] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.130760] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.138544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.147276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.352682] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.416932] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.424748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.433579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.210861] netlink: 'syz-executor1': attribute type 3 has an invalid length. [ 210.279356] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 210.286008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.293836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.944223] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.947653] netlink: 'syz-executor1': attribute type 3 has an invalid length. 02:37:38 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x3) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f0000000100)=0x4, 0x4) sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) recvmmsg(r1, &(0x7f0000001a40)=[{{&(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f00000018c0), 0x0, &(0x7f0000001980)=""/185, 0xb9}}], 0x1, 0x0, &(0x7f0000001ac0)) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) close(r1) r4 = accept4(r0, 0x0, &(0x7f0000000340)=0xff92, 0x0) write$binfmt_misc(r4, &(0x7f0000000180)=ANY=[@ANYBLOB="c80108664a065004b14ac0df4c1fc5c2bccaf21372b6f2b4174906660243c3dd24fbd880f17b920c915a8da721d614"], 0x1) [ 212.060159] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.066679] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.073651] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.080087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.088464] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 212.095243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.220096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.837880] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 02:37:42 executing program 2: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x4000, 0x0) [ 215.570960] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 215.577534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 215.585457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.175905] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.587491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.028337] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 02:37:46 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl(r1, 0x8912, &(0x7f0000000140)="153f6234488dd25d766070") r2 = socket$inet6(0xa, 0x3, 0x7) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000200)={@remote, 0x0, r3}) [ 219.470466] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 219.476910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.484739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.764219] 8021q: adding VLAN 0 to HW filter on device team0 02:37:49 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @remote, 0x804}, 0x1c) 02:37:49 executing program 1: pipe2(&(0x7f0000002f40), 0x84000) accept4$inet6(0xffffffffffffff9c, &(0x7f0000003340)={0xa, 0x0, 0x0, @remote}, &(0x7f0000003380)=0x1c, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000033c0)='/dev/hwrng\x00', 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) pipe2(&(0x7f0000003440), 0x0) syz_open_dev$usb(&(0x7f0000003680)='/dev/bus/usb/00#/00#\x00', 0xfffffffffffffc01, 0x142) openat$uinput(0xffffffffffffff9c, &(0x7f00000036c0)='/dev/uinput\x00', 0x0, 0x0) getegid() getpgid(0xffffffffffffffff) geteuid() stat(&(0x7f0000003940)='./file1\x00', &(0x7f0000003980)) syz_open_dev$midi(&(0x7f0000003a00)='/dev/midi#\x00', 0x7, 0x42040) openat$pfkey(0xffffffffffffff9c, &(0x7f0000003a40)='/proc/self/net/pfkey\x00', 0x101800, 0x0) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000003c40)) syz_open_dev$usbmon(&(0x7f0000003cc0)='/dev/usbmon#\x00', 0x100000, 0x80000) syz_open_dev$sndctrl(&(0x7f0000003dc0)='/dev/snd/controlC#\x00', 0x80000001, 0x400) epoll_create(0x4851) fanotify_init(0x0, 0x8000) dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x0) socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000004f40)) epoll_create1(0x80000) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000004f80)='/dev/vhost-vsock\x00', 0x2, 0x0) getpid() syz_open_dev$sndmidi(&(0x7f00000054c0)='/dev/snd/midiC#D#\x00', 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000005500)='/dev/dmmidi#\x00', 0x5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000005580)='./cgroup.net/syz1\x00', 0x200002, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet(0x10, 0x3, 0xc) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000002580)={0x0, 0x0}) recvmmsg(r0, &(0x7f0000002500)=[{{&(0x7f00000000c0)=@ipx, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000240)=""/90, 0x5a}], 0x1, 0x0, 0x0, 0x8}, 0x10001}, {{&(0x7f0000001d00)=@generic, 0x80, &(0x7f0000002380)=[{&(0x7f0000001f00)=""/102, 0x66}, {&(0x7f0000002080)=""/79, 0x4f}, {&(0x7f0000002240)=""/71, 0x47}], 0x3, &(0x7f0000002400)=""/207, 0xcf}}], 0x2, 0x20, &(0x7f00000025c0)={r1, r2+30000000}) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000130a07031dfffd946fa2830020200a0009000300001d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) stat(&(0x7f0000002600)='./file0\x00', &(0x7f0000002640)) getegid() clock_adjtime(0x3, &(0x7f0000000040)={0x1000, 0x4, 0x4, 0x3d4, 0x9, 0x5d6e, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6, 0xaa44, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x5, 0x5}) 02:37:49 executing program 0: r0 = socket$inet6(0xa, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x0, @rand_addr=0xfffffffffffffff9}, @in={0x2, 0x0, @remote}]}, &(0x7f00000002c0)=0x10) 02:37:49 executing program 5: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000000c0)={0x15, 0x110, 0xfa00, {r1, 0xfc, 0x0, 0x0, 0x0, @in={0x2, 0x4e20}, @in6={0xa, 0x4e24, 0x2, @loopback, 0xa132}}}, 0x118) r2 = memfd_create(&(0x7f0000000200)='mime_type&md5sum%vmnet1\x00', 0x2) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000240), 0x2) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000280)={0x9, 0x0, 0x10001}) ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f00000002c0)={r3, 0x6}) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={r0, 0x10, &(0x7f0000000380)={&(0x7f0000000300)=""/102, 0x66, 0xffffffffffffffff}}, 0x10) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400)=r4, 0x4) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=r4, 0x4) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000480)=0x7, 0x4) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f00000004c0)={0x3, 0xfffffffffffffffe}) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000580)={r5, 0x10, &(0x7f0000000540)={&(0x7f0000000500)=""/27, 0x1b, r4}}, 0x10) write$FUSE_INTERRUPT(r2, &(0x7f00000005c0)={0x10, 0x0, 0x4}, 0x10) r7 = gettid() ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000600)=0x0) kcmp$KCMP_EPOLL_TFD(r7, r8, 0x7, r2, &(0x7f0000000640)={r0, r6, 0x7}) r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000680)='/dev/rtc0\x00', 0x103081, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000006c0)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000700)=0x10) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000740)={r10, 0x5440, 0x0, 0x3, 0x40}, &(0x7f0000000780)=0x18) socket$nl_netfilter(0x10, 0x3, 0xc) r11 = semget(0x1, 0x7, 0x1c8) getresuid(&(0x7f00000007c0)=0x0, &(0x7f0000000800), &(0x7f0000000840)) r13 = getgid() getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000880)={0x0, 0x0}, &(0x7f00000008c0)=0xc) getgroups(0x2, &(0x7f0000000900)=[0xffffffffffffffff, 0xffffffffffffffff]) semctl$IPC_SET(r11, 0x0, 0x1, &(0x7f0000000940)={{0x7, r12, r13, r14, r15, 0x4, 0x80000000}, 0xffffffffffff8000, 0xe25a179, 0x7fff}) ioctl$UI_GET_VERSION(r2, 0x8004552d, &(0x7f00000009c0)) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r9, 0x40bc5311, &(0x7f0000000a00)={0x15, 0x0, 'client0\x00', 0xffffffff80000000, "8d1a6a223c97b132", "0848b072bb6aba43cfe322b154367ea2c85affd2030578826fe2ab1292bca9ca", 0x2, 0x80}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000ac0)={0x0, 0x80000, r2}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000b00)={r16, 0x80000, r0}) 02:37:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fdb000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000280)="66b94f0600000f320f9584aa8a440f20c0663508000000440f22c0d5fe66b9da0800000f32650f5ffa66b8592000000f23d00f21f866351000000b0f23f83e0f013bd9e166b92102000066b8ab340ccd66bad5ae4d710f30", 0x58}], 0x34d, 0x0, &(0x7f0000000040), 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000080), &(0x7f00000000c0)=0x8) 02:37:49 executing program 3: r0 = socket$packet(0x11, 0x200000002, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'bridge_slave_0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'bridge_slave_0\x00', 0x2000000c0ffffff}) [ 222.436269] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 02:37:49 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000005ff7)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000000)={0xffffffffffffff4e, 0x0, &(0x7f0000000040)}) [ 222.480093] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.536027] ================================================================== [ 222.543538] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 222.550134] CPU: 1 PID: 7522 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #63 [ 222.557327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.566688] Call Trace: [ 222.569303] dump_stack+0x306/0x460 [ 222.572946] ? _raw_spin_lock_irqsave+0x227/0x340 [ 222.577808] ? vmx_create_vcpu+0x10df/0x7920 [ 222.582239] kmsan_report+0x1a3/0x2d0 [ 222.586057] __msan_warning+0x7c/0xe0 [ 222.589877] vmx_create_vcpu+0x10df/0x7920 [ 222.594131] ? kmsan_set_origin_inline+0x6b/0x120 [ 222.599077] ? __msan_poison_alloca+0x17a/0x210 [ 222.603778] ? vmx_vm_init+0x340/0x340 [ 222.607691] kvm_arch_vcpu_create+0x25d/0x2f0 [ 222.612210] kvm_vm_ioctl+0x13fd/0x33d0 [ 222.616208] ? __msan_poison_alloca+0x17a/0x210 [ 222.620906] ? do_vfs_ioctl+0x18a/0x2810 [ 222.624983] ? __se_sys_ioctl+0x1da/0x270 [ 222.629156] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 222.634018] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 222.638879] do_vfs_ioctl+0xcf3/0x2810 [ 222.642799] ? security_file_ioctl+0x92/0x200 [ 222.647338] __se_sys_ioctl+0x1da/0x270 [ 222.651351] __x64_sys_ioctl+0x4a/0x70 [ 222.655262] do_syscall_64+0xbe/0x100 [ 222.659093] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 222.664306] RIP: 0033:0x457579 [ 222.667507] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.686525] RSP: 002b:00007f3e3e340c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.694258] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 222.701550] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 222.708836] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 222.716118] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e3e3416d4 [ 222.723409] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 222.730816] [ 222.732454] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 222.739374] Variable was created at: [ 222.743105] vmx_create_vcpu+0xd5/0x7920 [ 222.747191] kvm_arch_vcpu_create+0x25d/0x2f0 [ 222.751686] ================================================================== [ 222.759047] Disabling lock debugging due to kernel taint [ 222.764506] Kernel panic - not syncing: panic_on_warn set ... [ 222.764506] [ 222.771896] CPU: 1 PID: 7522 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #63 02:37:49 executing program 0: r0 = socket$inet6(0xa, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x0, @rand_addr=0xfffffffffffffff9}, @in={0x2, 0x0, @remote}]}, &(0x7f00000002c0)=0x10) [ 222.780479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.789839] Call Trace: [ 222.792447] dump_stack+0x306/0x460 [ 222.796110] panic+0x54c/0xafa [ 222.799364] kmsan_report+0x2cd/0x2d0 [ 222.803215] __msan_warning+0x7c/0xe0 [ 222.807041] vmx_create_vcpu+0x10df/0x7920 [ 222.811308] ? kmsan_set_origin_inline+0x6b/0x120 [ 222.816180] ? __msan_poison_alloca+0x17a/0x210 [ 222.820887] ? vmx_vm_init+0x340/0x340 [ 222.824797] kvm_arch_vcpu_create+0x25d/0x2f0 [ 222.829330] kvm_vm_ioctl+0x13fd/0x33d0 [ 222.833344] ? __msan_poison_alloca+0x17a/0x210 [ 222.838126] ? do_vfs_ioctl+0x18a/0x2810 [ 222.842199] ? __se_sys_ioctl+0x1da/0x270 [ 222.846368] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 222.851231] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 222.856090] do_vfs_ioctl+0xcf3/0x2810 [ 222.860009] ? security_file_ioctl+0x92/0x200 [ 222.864532] __se_sys_ioctl+0x1da/0x270 [ 222.868537] __x64_sys_ioctl+0x4a/0x70 [ 222.872451] do_syscall_64+0xbe/0x100 [ 222.876277] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 222.881599] RIP: 0033:0x457579 [ 222.884813] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.903732] RSP: 002b:00007f3e3e340c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.911475] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 222.918759] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 222.926045] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 222.933337] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3e3e3416d4 [ 222.940620] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 222.949206] Kernel Offset: disabled [ 222.952833] Rebooting in 86400 seconds..