[....] Starting OpenBSD Secure Shell server: sshd[ 51.154375] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 51.492048] audit: type=1800 audit(1538949680.551:29): pid=5912 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 51.511710] audit: type=1800 audit(1538949680.551:30): pid=5912 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 55.518444] random: sshd: uninitialized urandom read (32 bytes read) [ 55.882650] random: sshd: uninitialized urandom read (32 bytes read) [ 57.527451] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts. [ 63.260662] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/07 22:01:34 fuzzer started [ 67.416897] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/07 22:01:38 dialing manager at 10.128.0.26:36867 2018/10/07 22:01:38 syscalls: 1 2018/10/07 22:01:38 code coverage: enabled 2018/10/07 22:01:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/07 22:01:38 setuid sandbox: enabled 2018/10/07 22:01:38 namespace sandbox: enabled 2018/10/07 22:01:38 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/07 22:01:38 fault injection: enabled 2018/10/07 22:01:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/07 22:01:38 net packed injection: enabled 2018/10/07 22:01:38 net device setup: enabled [ 72.402054] random: crng init done 22:03:25 executing program 0: r0 = syz_open_dev$dspn(&(0x7f000000bff6)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c0045006, &(0x7f0000595ff8)=0x2) mmap$binder(&(0x7f00004be000/0x1000)=nil, 0x1000, 0x100000b, 0x52, r0, 0x0) writev(r0, &(0x7f0000001500)=[{&(0x7f00000011c0)="ec", 0x1}], 0x1) close(r0) [ 176.991715] IPVS: ftp: loaded support on port[0] = 21 [ 179.156676] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.163245] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.171435] device bridge_slave_0 entered promiscuous mode [ 179.294562] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.301025] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.309313] device bridge_slave_1 entered promiscuous mode [ 179.429763] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 179.549458] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 179.919510] bond0: Enslaving bond_slave_0 as an active interface with an up link 22:03:29 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000840)) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000740)={{0x0, @dev={0xac, 0x14, 0x14, 0x21}, 0x0, 0x0, 'rr\x00'}, {@loopback}}, 0x44) bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0xe, 0x3, &(0x7f0000000b40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000bc0)='syzkaller\x00', 0x0, 0x3e, &(0x7f0000000cc0)=""/62, 0x41000}, 0x48) io_pgetevents(0x0, 0x0, 0x3, &(0x7f0000000a40)=[{}, {}, {}], &(0x7f0000000980), 0x0) mknod(&(0x7f0000000a00)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000900)={0x0, 0x70, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000008c0)}, 0x0, 0x0, 0x0, 0x1, 0x100000001}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-vsock\x00', 0x2, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000c00), 0x12) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, &(0x7f00000000c0)) set_thread_area(&(0x7f0000000700)={0x0, 0x20000000}) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, &(0x7f0000000c40)={'veth1_to_bond\x00', 0xc8}) unshare(0x0) ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f0000000d80)) [ 180.086416] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 180.726569] IPVS: ftp: loaded support on port[0] = 21 [ 180.806405] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 180.814396] team0: Port device team_slave_0 added [ 181.055165] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 181.063135] team0: Port device team_slave_1 added [ 181.234243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 181.262260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.270945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.403531] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.613328] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 181.620832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.629819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.775745] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 181.783320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.792203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.765101] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.771748] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.779882] device bridge_slave_0 entered promiscuous mode [ 183.929438] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.936071] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.944306] device bridge_slave_1 entered promiscuous mode [ 184.121423] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.160811] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.167415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.174928] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.181355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.189779] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.322981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 22:03:33 executing program 2: r0 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$rds(r1, &(0x7f0000001c00)={&(0x7f0000000080), 0x10, &(0x7f00000002c0)=[{&(0x7f0000000500)=""/4096, 0x20071e61}], 0x1, &(0x7f0000001b40)}, 0x0) sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f0000000300)={&(0x7f0000000280), 0xc, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[]}}, 0x480c0) [ 184.972284] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.075330] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 185.366586] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 185.444329] IPVS: ftp: loaded support on port[0] = 21 [ 185.684845] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 185.692571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.985982] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 185.993457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.787218] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 186.795188] team0: Port device team_slave_0 added [ 187.078590] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 187.086701] team0: Port device team_slave_1 added [ 187.352963] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 187.360147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.368983] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.550392] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 187.557762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.566443] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.760885] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 187.768587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.777561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.973969] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 187.981471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.990391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.507127] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.513850] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.522240] device bridge_slave_0 entered promiscuous mode [ 189.820477] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.827151] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.835304] device bridge_slave_1 entered promiscuous mode [ 190.094730] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.324440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.931880] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.938368] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.945349] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.951835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.960183] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.030429] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.215778] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.321920] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.558290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 191.565535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.782903] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 191.790060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 22:03:40 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000480)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a20fe01000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0xe, 0x29, &(0x7f0000000100)="b90703e6680d698cb89e408a6558", &(0x7f00000001c0)=""/41}, 0x28) [ 192.566650] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 192.574787] team0: Port device team_slave_0 added [ 192.852087] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 192.860045] team0: Port device team_slave_1 added [ 192.966260] IPVS: ftp: loaded support on port[0] = 21 [ 193.193978] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 193.214524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.223406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.469575] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 193.476847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.485532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.808492] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 193.816153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.824944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.093389] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 194.100937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.109890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.954088] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.034302] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 197.185373] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 197.191885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.199672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.603394] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.609958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.616931] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.623458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.632123] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 197.921943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.394642] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.514869] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.521329] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.529625] device bridge_slave_0 entered promiscuous mode [ 198.834196] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.840666] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.848962] device bridge_slave_1 entered promiscuous mode [ 199.121405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 199.435204] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 200.375818] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 200.651268] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 200.932920] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 200.945815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 22:03:50 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000700), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000001fc8)={&(0x7f0000000000)={0x1d, r1}, 0x10, &(0x7f0000017ff0)={&(0x7f00000002c0)=@canfd={{0x1}, 0x0, 0x0, 0x0, 0x0, "0327e19a2b0100000000000000f9030008990039966a7d5c037dc12502000000a0000007496e6866856b76b5010000000000000000060000000118fa1efd9b0b"}, 0x48}}, 0x0) [ 201.332454] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 201.339517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.367955] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 202.375879] team0: Port device team_slave_0 added [ 202.497848] IPVS: ftp: loaded support on port[0] = 21 [ 202.704361] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 202.712313] team0: Port device team_slave_1 added [ 203.111258] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 203.118526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.127065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.485779] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 203.493075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.501905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.858187] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 203.865947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.874725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.248442] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 204.256101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.264984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.614493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.978811] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 207.296213] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 207.302780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.310442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 22:03:57 executing program 0: prctl$getname(0x10, &(0x7f0000000000)=""/4) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0xfed1, &(0x7f000000a000)={@broadcast=[0xff, 0xe0], @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0xfec3, 0x0, 0x0, 0x0, 0x29, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 22:03:57 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x5a93905274f3461b, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000000c0)={'team0\x00'}) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x0, [], [{0x4, 0x0, 0x100000000, 0xffff, 0x40, 0x1}, {0x4, 0x100, 0x1, 0x0, 0x9}], [[], []]}) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) setsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000080)=0x20394, 0x1) [ 208.452253] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.461916] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.468367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.475330] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.481815] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.489941] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 22:03:57 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4000004e20}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0xb}, 0x7a) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100), 0xfef7) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0xfffffffffffffffc}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote, @local, {[], @udp={0x0, 0x4e20, 0x8}}}}}}, &(0x7f0000000040)) [ 208.853535] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.860016] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.868195] device bridge_slave_0 entered promiscuous mode [ 209.063575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 22:03:58 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00002eaffc)=0x101, 0x4) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000266ffc)=0x3, 0x4) write$FUSE_INIT(r1, &(0x7f0000000180)={0x50, 0x0, 0x5, {0x7, 0x1b, 0x3, 0x80020, 0x58a7c32b, 0x6, 0xdc97, 0x81}}, 0x50) sendmmsg(r1, &(0x7f0000004580)=[{{&(0x7f0000000080)=@pptp, 0x80, &(0x7f0000000140)=[{&(0x7f0000000840)='F', 0x1}], 0x1, &(0x7f00000009c0)}}], 0x1, 0x0) [ 209.283695] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.290166] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.298626] device bridge_slave_1 entered promiscuous mode [ 209.591924] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 22:03:58 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080)) fcntl$setstatus(r0, 0x4, 0x2c00) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) dup2(r1, r0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000100)) dup2(r0, r2) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) ioctl$TUNSETGROUP(r1, 0x400454ce, r3) [ 209.968373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 22:03:59 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0xffffffffffffff00, 0x800) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e21, @rand_addr=0x9}}, 0x80000000, 0x8, 0x8000, 0x3, 0x86}, &(0x7f0000000080)=0x98) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e24, @local}}, [0x7ff, 0x3, 0x20, 0x5, 0x401, 0x7fff, 0x80, 0x1200000000000000, 0x8, 0x4, 0xe7a3, 0x100000001, 0xffff, 0x80, 0x8000]}, &(0x7f00000002c0)=0x100) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={r1, @in={{0x2, 0x4e23, @rand_addr=0x7ff}}, 0x6, 0x0, 0x233, 0x80000000, 0x2}, &(0x7f00000003c0)=0x98) ioctl$FS_IOC_FSGETXATTR(r0, 0xc00c5512, &(0x7f0000000000)={0x0, 0xa000000}) 22:03:59 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffd, 0x1) fsetxattr$security_capability(r0, &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000140)=@v2={0x2000000, [{0x9, 0x20}, {0xfffffffffffffff7, 0x2}]}, 0x14, 0x2) ioctl$RTC_UIE_ON(r0, 0x4004551e) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x3f, @ipv4={[], [], @multicast2}}, {0xa, 0x4e21, 0x7, @mcast1, 0x800}, r1, 0x2}}, 0x48) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000080)=0x100000000, 0x4) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ashmem\x00', 0x401, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000100)=0x400, 0x4) [ 211.132878] bond0: Enslaving bond_slave_0 as an active interface with an up link 22:04:00 executing program 0: r0 = socket$inet(0x2, 0x805, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x2, 0x400) r2 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x1f, 0x1) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000180)={r1, r2, 0xf, 0x3}, 0x10) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000040)={0x401, 0xc}, 0x8) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000340)={0xc, 0xfffffffffffffd45, 0xfa00, {&(0x7f00000001c0)}}, 0x10) sendto$inet(r0, &(0x7f0000000000)="f1", 0x1, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) [ 211.606794] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.956942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.990762] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.997936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.323773] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.330855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.073316] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 213.235381] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.243511] team0: Port device team_slave_0 added [ 213.449014] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 213.457039] team0: Port device team_slave_1 added [ 213.770657] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 213.777968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.786856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.947492] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 213.954575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.962417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.057130] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.064332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.072982] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.250792] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 214.258646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.267269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.436491] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 214.444211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.453016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.919023] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.866246] hrtimer: interrupt took 43569 ns 22:04:05 executing program 1: [ 217.155395] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.161933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.168815] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.175388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.183501] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.190078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.460317] 8021q: adding VLAN 0 to HW filter on device bond0 22:04:08 executing program 2: r0 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$rds(r1, &(0x7f0000001c00)={&(0x7f0000000080), 0x10, &(0x7f00000002c0)=[{&(0x7f0000000500)=""/4096, 0x20071e61}], 0x1, &(0x7f0000001b40)}, 0x0) sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f0000000300)={&(0x7f0000000280), 0xc, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[]}}, 0x480c0) [ 220.149720] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 220.640101] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.646664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.654559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.132644] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.403672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.870934] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 22:04:13 executing program 3: [ 224.325125] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 224.331400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.339313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.619032] 8021q: adding VLAN 0 to HW filter on device team0 22:04:15 executing program 4: 22:04:15 executing program 0: r0 = socket$kcm(0xa, 0x1, 0x0) write$P9_RCREATE(r0, &(0x7f0000000000)={0x18, 0x73, 0x1, {{0x9, 0x2, 0x4}, 0x9}}, 0x18) sendmsg(r0, &(0x7f0000001540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @empty={[0x5636e047, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}}, 0x80, &(0x7f00000013c0), 0x0, &(0x7f0000001400), 0x4f}, 0x2000c4ff) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0xb1b4, 0x0) ioctl$KDENABIO(r1, 0x4b36) syncfs(r0) 22:04:15 executing program 5: ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000000)=0x0) ptrace$peekuser(0x3, r0, 0xcd00) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x4000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000080), &(0x7f00000000c0)=0x4) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000100), 0x4) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000140)={0xffffffffffffffff}, 0x106, 0x100b}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r2, 0x30, 0x0, @in6={0xa, 0x4e23, 0xc34, @mcast1, 0x80000001}}}, 0x90) setsockopt$inet_mreqsrc(r1, 0x0, 0x2e, &(0x7f0000000280)={@local, @local, @dev={0xac, 0x14, 0x14, 0xf}}, 0xc) ptrace$setopts(0x4200, r0, 0x3, 0x41) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f00000002c0)={'filter\x00', 0x4}, 0x68) semget(0x3, 0x4, 0x9) ioctl$EVIOCGABS3F(r1, 0x8018457f, &(0x7f0000000340)=""/242) r3 = memfd_create(&(0x7f0000000440)='\x00', 0x2) socket$inet_udp(0x2, 0x2, 0x0) open_by_handle_at(r3, &(0x7f0000000480)={0x45, 0x9, "272500557cd07f0285c20f1304337453964656b8310f0f01c0209dbb3378120fd031ea1dfb95f4ba8b6229e24a3f6965d100faf51d3d3780ba8da79ad1"}, 0x200000) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x13}}}, [0x2, 0x100, 0xffffffffffffffe0, 0x3, 0x8001, 0x5, 0x6, 0x8000, 0xab6, 0x9, 0x6, 0x8000, 0x0, 0x4, 0x9b]}, &(0x7f0000000600)=0x100) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000640)={0x2, 0x4, 0x0, 0xed, 0x40, 0x0, 0x100, 0x4b, r4}, &(0x7f0000000680)=0x20) ioctl$DRM_IOCTL_FREE_BUFS(r3, 0x4010641a, &(0x7f0000000700)={0xa, &(0x7f00000006c0)=[0xd0a9, 0x4842, 0x7fff, 0x8, 0x5, 0x5, 0x8, 0x80000000, 0x8, 0x9]}) socketpair$inet(0x2, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f0000000780)) openat$cuse(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/cuse\x00', 0x2, 0x0) ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000800)={0xfb, 0x3, 0x0, 0x1, 0x6, 0x3ff, 0x0, 0x7fff, 0x0, 0x200, 0xfff, 0x6}) ioctl$LOOP_CLR_FD(r3, 0x4c01) msgget(0x1, 0x202) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000840)={r5, 0x2}, 0x8) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r3, 0x80045301, &(0x7f0000000880)) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f00000008c0)={'syz_tun\x00', 0x400}) getsockopt$inet_IP_IPSEC_POLICY(r6, 0x0, 0x10, &(0x7f0000000900)={{{@in6, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@loopback}}, &(0x7f0000000a00)=0xe8) lstat(&(0x7f0000000a40)='./file0\x00', &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(r7, r8) 22:04:15 executing program 1: 22:04:15 executing program 2: 22:04:15 executing program 3: 22:04:15 executing program 0: 22:04:15 executing program 2: r0 = getpgrp(0x0) sched_setparam(r0, &(0x7f0000000180)=0x10000) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{}]}) accept4$unix(r1, 0x0, &(0x7f0000000000), 0x80000) socket$inet6(0xa, 0x1000000000002, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0xfffffffffffff898, &(0x7f00000003c0)="67897ce020c6dc12ef1ce1c1da71c555e5bad68da8c5b6c9e8a24e315d57195186b546732547a828c834fbb4d1f955caba0a17acb67c918564aa6e250d5679a24428acee93c062c8a6e2ee28a56bc8674c300bcff01a5cf09c75360230c7ee292e82871dd29cb723cc3146b42c14534310e51ee0e9d6e8d35706d29006e231277920d04e9e6e9c9993c663c1d64bf721d1493b637d7f6cc0e62cb7") clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000240), 0xffffffffffffffff) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={"00ffff"}, &(0x7f0000000100), 0x390, 0xfffffffffffffffb) 22:04:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c2134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa684020000", 0x0, &(0x7f0000000200)) chroot(&(0x7f00000003c0)='./file0\x00') r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000100)="2e650f983df3cf0f01751a6a000f320fae29670f01ca0f01dfbaf80c66b8114eeb8266efbafc0cec0f01c8", 0x2b}], 0x1, 0x0, &(0x7f0000000080), 0x0) getdents(0xffffffffffffffff, &(0x7f0000000380)=""/48, 0x30) 22:04:15 executing program 1: r0 = socket(0xa, 0x1, 0x0) fstat(r0, &(0x7f0000003640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) llistxattr(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)=""/24, 0x18) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, &(0x7f0000000080)={0x80000000000005d, &(0x7f0000000000)=[{0x0, 0x0, 0x0, @dev}, {0x0, 0x0, 0x0, @local}, {}, {}]}) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000840)={0x3, &(0x7f0000000680)=[{}, {}, {}]}) r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setgid(r1) r3 = gettid() getpgrp(r3) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setgroups(0x8, &(0x7f00000036c0)=[r1, r7, r7, r1, r7, r1, r7, r7]) getrlimit(0xb, &(0x7f0000000100)) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f00000003c0)={0x0, 'veth1_to_bridge\x00', 0x3}, 0x18) setresuid(0x0, r6, 0x0) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380)='/dev/uinput\x00', 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='ppp0$vboxnet1procem1&vmnet0^nodev\x00', 0xffffffffffffff9c}, 0x10) creat(&(0x7f0000000880)='./file0\x00', 0x80) syz_open_dev$dspn(&(0x7f00000002c0)='/dev/dsp#\x00', 0x4, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000900)='/dev/ppp\x00', 0x400840, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000004300)={&(0x7f0000003580)='btrfs\x00', r2}, 0x10) syz_open_dev$mouse(&(0x7f0000004340)='/dev/input/mouse#\x00', 0x3, 0x80) openat$vcs(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/vcs\x00', 0x400, 0x0) socketpair(0x18, 0x804, 0x200, &(0x7f00000043c0)={0xffffffffffffffff}) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r9, 0x3) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x0, 0x109001) shmget$private(0x0, 0x4000, 0x1808, &(0x7f0000ffb000/0x4000)=nil) sched_rr_get_interval(r5, &(0x7f0000000480)) recvmmsg(r4, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000940)=""/172, 0xac}, {&(0x7f0000000a00)=""/155, 0x9b}, {&(0x7f0000000ac0)=""/191, 0xbf}, {&(0x7f0000000b80)=""/95, 0x5f}, {&(0x7f0000000c00)=""/3, 0x3}, {&(0x7f0000000c40)=""/115, 0x73}, {&(0x7f0000000cc0)=""/76, 0x4c}, {&(0x7f0000000d40)=""/153, 0x99}], 0x8, 0x0, 0x0, 0x8}, 0xffffffffffffffc1}, {{0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000e80)=""/88, 0x58}, {&(0x7f0000000f00)=""/120, 0x78}], 0x2, &(0x7f0000000fc0)=""/87, 0x57, 0x7}, 0x10001}, {{&(0x7f0000001040)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f00000020c0)=[{&(0x7f00000010c0)=""/4096, 0x1000}], 0x1, &(0x7f0000002100)=""/4096, 0x1000, 0x9}, 0x10001}, {{&(0x7f0000003100)=@nl, 0x80, &(0x7f0000003240)=[{&(0x7f0000003180)=""/148, 0x94}], 0x1, 0x0, 0x3d4, 0x8000}, 0xda6e}, {{&(0x7f0000003280)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000003780)=[{&(0x7f0000003300)=""/173, 0xad}, {&(0x7f00000033c0)=""/76, 0x4c}, {&(0x7f0000003440)=""/70, 0x46}, {&(0x7f00000034c0)=""/81, 0x51}, {&(0x7f0000003540)=""/22, 0x328}, {&(0x7f0000003580)}, {&(0x7f00000035c0)=""/88, 0x58}, {&(0x7f0000004400)=""/234, 0xea}, {&(0x7f0000003740)=""/15, 0xf}], 0x9, 0x0, 0x0, 0x3}, 0xfc3}, {{&(0x7f0000003840)=@nl, 0x80, &(0x7f0000003980)=[{&(0x7f00000038c0)=""/150, 0x96}], 0x1, &(0x7f00000039c0)=""/134, 0x86, 0x2}, 0x7}, {{&(0x7f0000003a80)=@rc, 0x80, &(0x7f0000003c00)=[{&(0x7f0000003b00)=""/64, 0x40}, {&(0x7f0000003b40)=""/47, 0x2f}, {&(0x7f0000003b80)=""/100, 0x64}], 0x3, &(0x7f0000003c40)=""/168, 0xa8, 0xfffffffffffffffd}, 0x100000000}, {{&(0x7f0000003d00)=@l2, 0x80, &(0x7f0000003f00)=[{&(0x7f0000003d80)=""/185, 0xb9}, {&(0x7f0000003e40)=""/97, 0x61}, {&(0x7f0000003ec0)=""/52, 0x34}], 0x3, &(0x7f0000003f40)=""/220, 0xdc, 0x401}, 0x2}], 0x8, 0x40, &(0x7f0000004240)={0x77359400}) ioctl$sock_inet6_SIOCDELRT(r8, 0x890c, &(0x7f0000004280)={@loopback, @mcast1, @empty, 0x4, 0x8, 0x9, 0x400, 0x555, 0x110010, r10}) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, &(0x7f00000001c0)={{0x4, 0x3, 0x3, 0x0, 0x4}, 0xfffffffffffffffd, 0x3ff, 'id0\x00', 'timer1\x00', 0x0, 0x1638, 0x3, 0x9, 0x7fffffff}) 22:04:15 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0x800000000000009) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0xffefffefffffff84) r2 = socket$inet6_sctp(0xa, 0x20000000001, 0x84) sendto$inet6(r2, &(0x7f0000000000)="f8", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6, 0x0, 0x0, 0x8000, 0x0, 0x11}, 0x98) sendto$inet6(r2, &(0x7f0000000280)="bc", 0x1, 0x0, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="73797a316dad84484be1845c7608963d65359049168098468277815c0baabbff3b6afc621fff953ad4bb87663379a7ddfba05471bd336f7116cdb47c7e80338bbe5ed4a9b00060362e6db94bc9ce425d9d6608744bdb805014b025539f538354a63a25dcb6f49bb04789c7941625aa04ce32e1f526de74895163029e5345fde499241d7bb519fcb7d1d5e310a7381d96086aeffbefa6f3d1d2f005fe5891c23d6f290b1a04e23c7b"], 0xa8) [ 226.813684] Option ' 1F,SCWҐ1'y NncK!I;c}l,' to dns_resolver key: bad/missing value [ 226.932818] Option ' 1F,SCWҐ1'y NncK!I;c}l,' to dns_resolver key: bad/missing value 22:04:16 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x1, 0x0) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x54}, {&(0x7f0000000200)=""/98, 0x62}, {&(0x7f0000000280)=""/112, 0x200003d9}, {&(0x7f0000000340)=""/249, 0xf9}], 0x4, &(0x7f0000000440)=""/45, 0x2d}}], 0x1, 0x0, &(0x7f00000050c0)={0x77359400}) 22:04:16 executing program 0: socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x0, 0x30}, 0xc) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x1}, 0x8) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[], 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000240)={'syz1'}, 0x34000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000240), 0x8) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8937, &(0x7f0000000000)={'bridge_slave_1\x00', @random="01003a1e2410"}) [ 227.032388] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 227.123624] sctp: failed to load transform for md5: -2 [ 227.207868] ================================================================== [ 227.215309] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 227.221904] CPU: 1 PID: 7441 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63 [ 227.229096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.238455] Call Trace: [ 227.241069] dump_stack+0x306/0x460 [ 227.244798] ? _raw_spin_lock_irqsave+0x227/0x340 [ 227.249658] ? vmx_create_vcpu+0x10df/0x7920 [ 227.254093] kmsan_report+0x1a3/0x2d0 [ 227.257913] __msan_warning+0x7c/0xe0 [ 227.261734] vmx_create_vcpu+0x10df/0x7920 [ 227.265986] ? kmsan_set_origin_inline+0x6b/0x120 [ 227.270842] ? __msan_poison_alloca+0x17a/0x210 [ 227.275534] ? vmx_vm_init+0x340/0x340 [ 227.279443] kvm_arch_vcpu_create+0x25d/0x2f0 [ 227.283958] kvm_vm_ioctl+0x13fd/0x33d0 [ 227.287959] ? __msan_poison_alloca+0x17a/0x210 [ 227.292651] ? do_vfs_ioctl+0x18a/0x2810 [ 227.296733] ? __se_sys_ioctl+0x1da/0x270 [ 227.300901] ? vcpu_stat_clear_per_vm+0x420/0x420 22:04:16 executing program 4: [ 227.305874] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 227.310734] do_vfs_ioctl+0xcf3/0x2810 [ 227.314650] ? security_file_ioctl+0x92/0x200 [ 227.319168] __se_sys_ioctl+0x1da/0x270 [ 227.323259] __x64_sys_ioctl+0x4a/0x70 [ 227.327157] do_syscall_64+0xbe/0x100 [ 227.330977] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 227.336178] RIP: 0033:0x457579 [ 227.339388] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.358305] RSP: 002b:00007f57bdbdbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.366037] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 227.373318] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 227.380607] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 227.387889] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f57bdbdc6d4 [ 227.395167] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 227.402567] [ 227.404215] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 227.411137] Variable was created at: [ 227.414867] vmx_create_vcpu+0xd5/0x7920 [ 227.418938] kvm_arch_vcpu_create+0x25d/0x2f0 [ 227.423434] ================================================================== [ 227.430797] Disabling lock debugging due to kernel taint [ 227.436255] Kernel panic - not syncing: panic_on_warn set ... [ 227.436255] [ 227.443750] CPU: 1 PID: 7441 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #63 [ 227.452339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.461699] Call Trace: [ 227.464306] dump_stack+0x306/0x460 [ 227.467959] panic+0x54c/0xafa [ 227.471205] kmsan_report+0x2cd/0x2d0 [ 227.475031] __msan_warning+0x7c/0xe0 [ 227.478856] vmx_create_vcpu+0x10df/0x7920 [ 227.483109] ? kmsan_set_origin_inline+0x6b/0x120 [ 227.487969] ? __msan_poison_alloca+0x17a/0x210 [ 227.492664] ? vmx_vm_init+0x340/0x340 [ 227.496566] kvm_arch_vcpu_create+0x25d/0x2f0 [ 227.501097] kvm_vm_ioctl+0x13fd/0x33d0 [ 227.505103] ? __msan_poison_alloca+0x17a/0x210 [ 227.509796] ? do_vfs_ioctl+0x18a/0x2810 [ 227.513873] ? __se_sys_ioctl+0x1da/0x270 [ 227.518044] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 227.522907] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 227.527765] do_vfs_ioctl+0xcf3/0x2810 [ 227.531681] ? security_file_ioctl+0x92/0x200 [ 227.536204] __se_sys_ioctl+0x1da/0x270 [ 227.540208] __x64_sys_ioctl+0x4a/0x70 [ 227.544110] do_syscall_64+0xbe/0x100 [ 227.547932] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 227.553130] RIP: 0033:0x457579 [ 227.556329] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.575248] RSP: 002b:00007f57bdbdbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.582981] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 227.590265] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005 [ 227.597552] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 227.604851] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f57bdbdc6d4 [ 227.612136] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 227.620756] Kernel Offset: disabled [ 227.624391] Rebooting in 86400 seconds..