[....] Starting OpenBSD Secure Shell server: sshd[   50.245659] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   50.614401] audit: type=1800 audit(1538981940.662:29): pid=5908 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   50.633786] audit: type=1800 audit(1538981940.662:30): pid=5908 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   52.044634] random: sshd: uninitialized urandom read (32 bytes read)
[   52.467371] random: sshd: uninitialized urandom read (32 bytes read)
[   54.340670] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts.
[   60.015451] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/08 06:59:11 fuzzer started
[   64.247517] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/08 06:59:16 dialing manager at 10.128.0.26:36867
2018/10/08 06:59:16 syscalls: 1
2018/10/08 06:59:16 code coverage: enabled
2018/10/08 06:59:16 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/08 06:59:16 setuid sandbox: enabled
2018/10/08 06:59:16 namespace sandbox: enabled
2018/10/08 06:59:16 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/08 06:59:16 fault injection: enabled
2018/10/08 06:59:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/08 06:59:16 net packed injection: enabled
2018/10/08 06:59:16 net device setup: enabled
[   69.046533] random: crng init done
07:00:53 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f00000002c0)={{0x2, 0x0, @multicast1}, {}, 0x18, {0x2, 0x0, @multicast2}, 'ip6gretap0\x00'})

[  163.989328] IPVS: ftp: loaded support on port[0] = 21
[  166.131808] bridge0: port 1(bridge_slave_0) entered blocking state
[  166.138575] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.146933] device bridge_slave_0 entered promiscuous mode
[  166.282841] bridge0: port 2(bridge_slave_1) entered blocking state
[  166.289396] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.297799] device bridge_slave_1 entered promiscuous mode
[  166.419218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  166.546072] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  166.920536] bond0: Enslaving bond_slave_0 as an active interface with an up link
07:00:57 executing program 1:
r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0)
write$eventfd(r0, &(0x7f00000001c0), 0x8)

[  167.107899] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  167.540015] IPVS: ftp: loaded support on port[0] = 21
[  168.170495] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  168.178688] team0: Port device team_slave_0 added
[  168.444537] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  168.452554] team0: Port device team_slave_1 added
[  168.626638] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  168.846119] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  168.853399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  168.862016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  169.113824] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  169.121435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  169.130293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  169.265941] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  169.273557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  169.282532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  170.660744] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.667302] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.675772] device bridge_slave_0 entered promiscuous mode
[  170.835746] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.842331] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.850465] device bridge_slave_1 entered promiscuous mode
[  171.063443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
07:01:01 executing program 2:
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000440)={0x7}, 0xc)

[  171.205641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  171.964985] bridge0: port 2(bridge_slave_1) entered blocking state
[  171.971963] bridge0: port 2(bridge_slave_1) entered forwarding state
[  171.978950] bridge0: port 1(bridge_slave_0) entered blocking state
[  171.985465] bridge0: port 1(bridge_slave_0) entered forwarding state
[  171.994928] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  172.040841] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  172.077576] IPVS: ftp: loaded support on port[0] = 21
[  172.317989] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  172.571826] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  172.580061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  172.703954] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  172.798439] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  172.805589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  173.497811] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  173.505862] team0: Port device team_slave_0 added
[  173.701425] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  173.709287] team0: Port device team_slave_1 added
[  173.959997] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  173.967425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  173.976524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  174.213707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  174.220764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  174.229592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  174.471018] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  174.478884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  174.487811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  174.734737] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  174.742428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  174.751159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  176.207701] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.214307] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.222447] device bridge_slave_0 entered promiscuous mode
[  176.472932] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.479385] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.487744] device bridge_slave_1 entered promiscuous mode
[  176.770084] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  177.025378] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  177.457616] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.464158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.470995] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.477574] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.486062] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  177.764838] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  177.936398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  178.058199] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  178.299624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  178.306801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
07:01:08 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000000)="120000001600e70d017b19000000000000a1", 0x12, 0x0, 0x0, 0x0)

[  178.591500] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  178.598720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  179.467037] IPVS: ftp: loaded support on port[0] = 21
[  179.631415] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  179.639303] team0: Port device team_slave_0 added
[  179.921172] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  179.929124] team0: Port device team_slave_1 added
[  180.251840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  180.259258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  180.268033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  180.543731] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  180.550903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  180.559787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  180.848715] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  180.856493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  180.865412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  181.229566] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  181.237286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  181.246293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  182.966332] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.083604] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  184.656018] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.662566] bridge0: port 2(bridge_slave_1) entered forwarding state
[  184.669404] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.675984] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.684284] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  184.718899] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.725503] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.733756] device bridge_slave_0 entered promiscuous mode
[  185.010121] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.016767] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.025259] device bridge_slave_1 entered promiscuous mode
[  185.212455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  185.298924] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  185.305538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  185.313519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  185.369523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  185.616487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  186.564843] 8021q: adding VLAN 0 to HW filter on device team0
[  186.685829] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  187.032899] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  187.276475] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  187.285068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  187.595536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  187.602779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
07:01:17 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r1, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/169, 0xa9}], 0x1, 0x4000000000001f6)

[  188.716505] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  188.724671] team0: Port device team_slave_0 added
[  188.966482] IPVS: ftp: loaded support on port[0] = 21
[  189.059645] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  189.067708] team0: Port device team_slave_1 added
[  189.450222] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  189.457415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  189.466040] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  189.918386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  189.925615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  189.934434] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  190.314257] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  190.321788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  190.330699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  190.656689] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  190.664343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  190.673257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  190.726179] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.265408] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  193.693907] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  193.700260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  193.708014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  194.801941] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.808575] bridge0: port 2(bridge_slave_1) entered forwarding state
[  194.815595] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.822038] bridge0: port 1(bridge_slave_0) entered forwarding state
[  194.831024] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
07:01:25 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)

[  195.059847] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.066489] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.074756] device bridge_slave_0 entered promiscuous mode
[  195.156599] 8021q: adding VLAN 0 to HW filter on device team0
[  195.293084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
07:01:25 executing program 0:
mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x0, 0x2000000208972, 0xffffffffffffffff, 0x0)
madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1020000000a)
r0 = socket$vsock_dgram(0x28, 0x2, 0x0)
getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040), &(0x7f0000000080)=0x8)
clone(0x0, &(0x7f0000000000), &(0x7f0000000ffc), &(0x7f0000000ffc), &(0x7f0000000000))
open$dir(&(0x7f0000000000)='./file0\x00', 0x2000, 0x60)

[  195.510066] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.516728] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.525124] device bridge_slave_1 entered promiscuous mode
[  195.900674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  196.266998] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
07:01:26 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x3}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000001c00070f000000000000000007000000", @ANYRES32=r1, @ANYBLOB="080600d556520668b9b6f8de22c31f86c5734ff529977c748d26c471c6bd6baff7dc804e83eb7390b3f47ab34d59c84157d627ad27c8cdcad153bb4409e2140e066a3b4acf09214090450852863889636ec04dd23cad182d5a527c0d199dba4e3558409a9cf774ff8392471bd1d8722c6cd06613f9b048ed49a54cc7c91bf6910a42028c6a871db5ddd42a52fd0eca0b3b49a392543ea28d366f70602584791b453c15ab992f6ad8695c84f0f14c95"], 0xfd71}}, 0x0)
fanotify_init(0x1, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'veth1_to_team\x00', 0x2000})

[  196.574902] netlink: 12 bytes leftover after parsing attributes in process `syz-executor0'.
[  196.637135] netlink: 12 bytes leftover after parsing attributes in process `syz-executor0'.
07:01:26 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
fadvise64(r0, 0x0, 0x7, 0x5)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000012c0), 0x0, &(0x7f0000001300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
write$binfmt_script(r1, &(0x7f0000001600)=ANY=[@ANYRES16], 0x2)
recvmsg(r1, &(0x7f0000001480)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/4096, 0x34000}], 0x1, &(0x7f0000001400)=""/123, 0x7b}, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x20000, 0x0)
ioctl$BLKPG(r2, 0x1269, &(0x7f00000001c0)={0x8, 0x33a129e3, 0x7b, &(0x7f0000000140)="59af00bb4720bd9c60933b661d3430f607351c6d4cf6aea92459f0750629fe657e6272ce25526ccdbab1c0abc4ee7ffb92f2b9e1c8f524fb65b3b6a173b21efccf2544de4c493e6929e1d4937bbc4389473339f64aef19e072ccd69a1cdd1f592308fb4613fbfe0e05f7f876c0b3a1e6c4acf85651c706d694e2db"})
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)=0x2, 0x4)

[  198.083752] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  198.527296] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  198.907166] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  198.914546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  199.191834] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  199.199475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
07:01:29 executing program 5:
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'bond_slave_1\x00', {0x2, 0x4e24, @broadcast}})
r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x10d801, 0x0)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r1)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f00000000c0)=0x1a341692)
r3 = inotify_init1(0x80000)
fsetxattr$security_selinux(r3, &(0x7f0000000100)='security.selinux\x00', &(0x7f0000000140)='system_u:object_r:dhcpd_initrc_exec_t:s0\x00', 0x29, 0x1)
r4 = socket$inet6(0xa, 0x4, 0xfffffffffffffffa)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000180)={<r5=>0x0, @rand_addr, @multicast2}, &(0x7f00000001c0)=0xc)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000200)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000300)=0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@local, @in6=@dev={0xfe, 0x80, [], 0xd}, 0x4e24, 0x0, 0x4e22, 0x0, 0x0, 0x80, 0x80, 0xbf, r5, r6}, {0x7, 0x8, 0x1469, 0x7f, 0x7, 0x5, 0x37c3ef4e, 0x4}, {0xffff, 0xefe, 0x9, 0xffffffff}, 0xf18, 0x6e6bb4, 0x0, 0x1, 0x2, 0x3}, {{@in=@multicast2, 0x4d6, 0x33}, 0xa, @in6=@mcast1, 0x34ff, 0x0, 0x3, 0x9, 0x80000001, 0x1, 0x6}}, 0xe8)
ioctl$KDSETMODE(r2, 0x4b3a, 0x401)
ioctl$RTC_RD_TIME(r2, 0x80247009, &(0x7f0000000440))
r7 = syz_open_dev$midi(&(0x7f0000000480)='/dev/midi#\x00', 0x1, 0x60000)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000540)={'tunl0\x00', &(0x7f00000004c0)=@ethtool_coalesce={0xf, 0x1, 0xffffffffffffff80, 0x5, 0x1f, 0x3, 0x6, 0x7, 0x3, 0x6, 0x4622559, 0x8, 0x4, 0x401, 0x1f, 0x1, 0xe812, 0x2, 0x58, 0x7ff, 0x2000, 0xffffffffffff8000, 0xfffffffffffffc01}})
fsetxattr$trusted_overlay_upper(r4, &(0x7f0000000580)='trusted.overlay.upper\x00', &(0x7f00000005c0)={0x0, 0xfb, 0xeb, 0x5, 0x100, "f76eb0c4840f89c1284bf2fee954fa0c", "fc13d8fb84be2146a222167a1e503df7861d31d862b9f65ddce1d8873ea37f815cddc68cce69b808ff1b8e1a395766e354e492d65212d5f1b9ce8bab84bd481f3a9c93a494bd27ca941e0d2da209688aa8f86e53bd673235e7b78d60bb4624b232ca00da30c41729bf2fce5fbe26a82737c41b617d94552062309911eec3260d54faa3030775062c338719fd6a92937869699f8b50985beb083ac1037041912ba34ced18b082a024d8a35179b6b4ab95f952d6c2f1f13dc3852d12bcd3f8fac3944749b64c4bca1f1ac280b0e7718d7eebae2016fdff"}, 0xeb, 0x3)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r7, 0x80045301, &(0x7f00000006c0))
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r7, 0x28, 0x2, &(0x7f0000000700)=0x3f, 0x8)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x9ff8)
sendfile(r4, r0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r2, 0x84, 0x1b, &(0x7f0000000740)={<r8=>0x0, 0xfc, "a7e8e83bb0d0361eb929cee3ab4f110676ea07be9c2ff2c8b376cb68fc268b3f25c1beaf57f66a24ad3d6f867a1b151984e8099673cd9177be0f18a72c2541d9e976d8d3225ed352fc0112f790e8ed98405e54c9fe95b6fe5345e52cb1686bb7386115e453cf6212fe63b02aea5738f75bd3ac0207853f0e290625d3af9c87eddfef9be6cb391043ba877ce1199afc87ce46b0e3aab0fd253b616f2ff62ee2596143b8790ec7ee2731fb7c9391f1d2cb4ffb67782db588779cd554524bc781385914208d640cd027fde6c52654beb77b43555f7db38a5c7591003311ab5649198f231e820d1fcf86bd50b046b4a5abf5b843b0784ce6ef1715f3584f"}, &(0x7f0000000880)=0x104)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f00000008c0)={r8, 0x3, 0x1000, 0xffffffffffff6a6d, 0x8, 0x3ff}, &(0x7f0000000900)=0x14)
connect$pptp(r2, &(0x7f0000000940)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x1e)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000980)={{{@in6, @in6}}, {{@in=@rand_addr}, 0x0, @in6}}, &(0x7f0000000a80)=0xe8)
r9 = getpid()
syz_open_procfs(r9, &(0x7f0000000ac0)='coredump_filter\x00')
r10 = shmat(0x0, &(0x7f0000fff000/0x1000)=nil, 0x2000)
shmdt(r10)
ioctl$TCGETS(r2, 0x5401, &(0x7f0000000b00))
ioctl$NBD_SET_TIMEOUT(r4, 0xab09, 0x9)

[  199.791622] 8021q: adding VLAN 0 to HW filter on device bond0
[  200.097999] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  200.105968] team0: Port device team_slave_0 added
07:01:30 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-asm)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="ab55bb0a065ce1ade97447360e37038b", 0x10)
r1 = accept4(r0, 0x0, &(0x7f00000000c0), 0x0)
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001780)={&(0x7f00000014c0), 0xc, &(0x7f0000001540)={&(0x7f0000001700)={0x20, 0x0, 0x0, 0x0, 0x0, {}, [@NBD_ATTR_TIMEOUT={0xc}]}, 0x20}, 0x1, 0x0, 0x0, 0x40004}, 0x4)

[  200.488201] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  200.496365] team0: Port device team_slave_1 added
[  200.765021] IPVS: ftp: loaded support on port[0] = 21
[  200.777000] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  200.784383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  200.793072] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  201.153693] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  201.205095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  201.232699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  201.241162] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
07:01:31 executing program 0:

[  201.551435] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  201.559151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  201.567915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
07:01:31 executing program 0:

[  201.974841] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  201.982629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  201.991207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  202.539862] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  202.546323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  202.554203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  203.698532] 8021q: adding VLAN 0 to HW filter on device team0
07:01:34 executing program 1:
perf_event_open(&(0x7f0000000180)={0x2, 0xf4, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x200000000000805, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2)
ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x8)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, "73797a30000000000000f6ac00"})

[  204.385421] input: syz1 as /devices/virtual/input/input5
[  205.648141] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.654772] bridge0: port 2(bridge_slave_1) entered forwarding state
[  205.661627] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.668198] bridge0: port 1(bridge_slave_0) entered forwarding state
[  205.676508] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  205.813894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  206.158924] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.165479] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.174106] device bridge_slave_0 entered promiscuous mode
[  206.524228] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.530683] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.539178] device bridge_slave_1 entered promiscuous mode
[  206.830336] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  207.090713] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  207.784792] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  208.068867] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  208.360620] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  208.367879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  208.600224] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.642007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  208.649270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  209.300752] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  209.308759] team0: Port device team_slave_0 added
07:01:39 executing program 2:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000001c0))
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000200))

[  209.585687] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  209.593714] team0: Port device team_slave_1 added
[  209.678065] capability: warning: `syz-executor2' uses deprecated v2 capabilities in a way that may be insecure
[  209.716928] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  209.846547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  209.854802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  209.863620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  210.059087] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  210.066275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  210.074933] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  210.204957] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  210.212890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  210.221523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  210.351798] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  210.359480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  210.368153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  210.613407] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  210.619804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  210.627561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  211.346452] 8021q: adding VLAN 0 to HW filter on device team0
[  212.226625] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.233156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.240008] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.246581] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.255175] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  212.261790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  215.215625] 8021q: adding VLAN 0 to HW filter on device bond0
07:01:45 executing program 3:

[  215.906554] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  216.391374] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  216.397803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  216.405745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  216.885910] 8021q: adding VLAN 0 to HW filter on device team0
[  218.679400] 8021q: adding VLAN 0 to HW filter on device bond0
[  219.156093] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  219.642447] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  219.648855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  219.656740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
07:01:50 executing program 4:

07:01:50 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c)
bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xd, 0x1, 0x4, 0x100000001, 0x0, r0, 0x0, [0x5]}, 0x40)

07:01:50 executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
poll(&(0x7f0000000100)=[{r0}], 0x1, 0xfffffffffffffffa)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x2)
r2 = dup3(r1, r0, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000040)={0x0, 0x3})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write(r2, &(0x7f0000000300)="7b987b577425147e1f639df91e4f9be0acc155f282811c1275db5d2f016eda6bb51e55045450222d2e5bc4a85af087a5664fb7023cdf5f73cab4f7bb3284c5ffde954038e26b3b71998b7730c9da389aa152faa8651fce0d00dabb7e", 0x5c)

07:01:50 executing program 2:

07:01:50 executing program 3:

[  220.283543] hrtimer: interrupt took 52698 ns
[  220.319566] 8021q: adding VLAN 0 to HW filter on device team0
07:01:52 executing program 5:

07:01:52 executing program 2:

07:01:52 executing program 4:

07:01:52 executing program 3:

07:01:52 executing program 0:

07:01:52 executing program 1:

07:01:52 executing program 1:

07:01:52 executing program 3:

07:01:52 executing program 4:
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x0, &(0x7f0000003280))
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00')
preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0)

07:01:52 executing program 5:
r0 = creat(&(0x7f00000005c0)='./file0\x00', 0xc4)
syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9)
ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, &(0x7f0000000380))
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
sendfile(0xffffffffffffffff, r0, 0x0, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff)
execveat(r1, &(0x7f0000000000)='\x00', &(0x7f0000000180), &(0x7f00000001c0), 0x1000)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000240))
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000540))
getpgid(0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000180)={0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8000})
fchown(r0, r2, r3)

07:01:52 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000040)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800})

07:01:52 executing program 2:
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/dev\x00')

07:01:53 executing program 3:

07:01:53 executing program 5:

07:01:53 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x100000002072, r0, 0x0)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000340)=0x4, 0x2)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000100)={0xad, {{0x2, 0x4e21}}}, 0x88)
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f00000002c0))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0x50, &(0x7f00000001c0)={0x0, <r1=>0x0}}, 0x10)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000280)=r1, 0x4)
mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x300000a, 0x8013, r0, 0x0)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000300))
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/21, 0x3c000, 0x800}, 0x18)

[  223.018041] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  223.130363] ==================================================================
[  223.137782] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920
[  223.144377] CPU: 0 PID: 7718 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63
[  223.151568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  223.160930] Call Trace:
[  223.163539]  dump_stack+0x306/0x460
[  223.167176]  ? _raw_spin_lock_irqsave+0x227/0x340
[  223.172032]  ? vmx_create_vcpu+0x10df/0x7920
[  223.176464]  kmsan_report+0x1a3/0x2d0
07:01:53 executing program 4:
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x0, &(0x7f0000003280))
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ptype\x00')
preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0)

[  223.180295]  __msan_warning+0x7c/0xe0
[  223.184118]  vmx_create_vcpu+0x10df/0x7920
[  223.188370]  ? kmsan_set_origin_inline+0x6b/0x120
[  223.193226]  ? __msan_poison_alloca+0x17a/0x210
[  223.197913]  ? vmx_vm_init+0x340/0x340
[  223.201818]  kvm_arch_vcpu_create+0x25d/0x2f0
[  223.206336]  kvm_vm_ioctl+0x13fd/0x33d0
[  223.210331]  ? __msan_poison_alloca+0x17a/0x210
[  223.215024]  ? do_vfs_ioctl+0x18a/0x2810
[  223.219093]  ? __se_sys_ioctl+0x1da/0x270
[  223.223256]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  223.228114]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  223.232974]  do_vfs_ioctl+0xcf3/0x2810
[  223.236892]  ? security_file_ioctl+0x92/0x200
[  223.241414]  __se_sys_ioctl+0x1da/0x270
[  223.245410]  __x64_sys_ioctl+0x4a/0x70
[  223.249312]  do_syscall_64+0xbe/0x100
[  223.253127]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  223.258321] RIP: 0033:0x457579
[  223.261535] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  223.280465] RSP: 002b:00007eff655e2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  223.288209] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  223.295494] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  223.302773] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  223.310048] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff655e36d4
[  223.317328] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  223.324617] 
[  223.326260] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu
[  223.333180] Variable was created at:
[  223.336906]  vmx_create_vcpu+0xd5/0x7920
[  223.340978]  kvm_arch_vcpu_create+0x25d/0x2f0
[  223.345471] ==================================================================
[  223.352839] Disabling lock debugging due to kernel taint
[  223.358297] Kernel panic - not syncing: panic_on_warn set ...
[  223.358297] 
[  223.365768] CPU: 0 PID: 7718 Comm: syz-executor0 Tainted: G    B             4.19.0-rc4+ #63
[  223.374347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  223.383706] Call Trace:
[  223.386318]  dump_stack+0x306/0x460
[  223.389970]  panic+0x54c/0xafa
[  223.393199]  kmsan_report+0x2cd/0x2d0
[  223.397019]  __msan_warning+0x7c/0xe0
[  223.400837]  vmx_create_vcpu+0x10df/0x7920
[  223.405084]  ? kmsan_set_origin_inline+0x6b/0x120
[  223.409942]  ? __msan_poison_alloca+0x17a/0x210
[  223.414631]  ? vmx_vm_init+0x340/0x340
[  223.418545]  kvm_arch_vcpu_create+0x25d/0x2f0
[  223.423065]  kvm_vm_ioctl+0x13fd/0x33d0
[  223.427062]  ? __msan_poison_alloca+0x17a/0x210
07:01:53 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(rfc4309(ccm(serpent-generic)))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x0)

07:01:53 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(rfc4309(ccm(serpent-generic)))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="d489de96d6e2752da5a92b242ef63b028952b0cda8571146f9dc2f94085ef160dbdac259", 0x24)

[  223.431751]  ? do_vfs_ioctl+0x18a/0x2810
[  223.435827]  ? __se_sys_ioctl+0x1da/0x270
[  223.439995]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  223.444851]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  223.449707]  do_vfs_ioctl+0xcf3/0x2810
[  223.453620]  ? security_file_ioctl+0x92/0x200
[  223.458138]  __se_sys_ioctl+0x1da/0x270
[  223.462130]  __x64_sys_ioctl+0x4a/0x70
[  223.466027]  do_syscall_64+0xbe/0x100
[  223.469856]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  223.475058] RIP: 0033:0x457579
[  223.478278] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  223.497189] RSP: 002b:00007eff655e2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  223.505013] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  223.512292] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  223.519577] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  223.526855] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff655e36d4
[  223.534133] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  223.542517] Kernel Offset: disabled
[  223.546144] Rebooting in 86400 seconds..