[ 56.769496] sshd (6050) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 56.955033] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 57.314286] audit: type=1800 audit(1539154832.378:29): pid=5983 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 59.182107] random: sshd: uninitialized urandom read (32 bytes read) [ 59.755441] random: sshd: uninitialized urandom read (32 bytes read) [ 62.203240] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. [ 67.956885] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 07:00:44 fuzzer started [ 72.464960] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 07:00:49 dialing manager at 10.128.0.26:44001 2018/10/10 07:00:50 syscalls: 1 2018/10/10 07:00:50 code coverage: enabled 2018/10/10 07:00:50 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 07:00:50 setuid sandbox: enabled 2018/10/10 07:00:50 namespace sandbox: enabled 2018/10/10 07:00:50 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 07:00:50 fault injection: enabled 2018/10/10 07:00:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 07:00:50 net packed injection: enabled 2018/10/10 07:00:50 net device setup: enabled [ 77.384292] random: crng init done 07:02:46 executing program 0: [ 191.986681] IPVS: ftp: loaded support on port[0] = 21 [ 194.318488] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.325131] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.333868] device bridge_slave_0 entered promiscuous mode [ 194.476756] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.483377] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.492079] device bridge_slave_1 entered promiscuous mode [ 194.634000] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 194.776636] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 07:02:50 executing program 1: [ 195.359101] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 195.657561] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 195.909532] IPVS: ftp: loaded support on port[0] = 21 [ 195.946005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 195.953305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.239265] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 196.246545] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.961821] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 196.970009] team0: Port device team_slave_0 added [ 197.155979] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 197.164113] team0: Port device team_slave_1 added [ 197.384279] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 197.414314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.423484] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.665928] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.826570] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 197.834338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 197.843679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.085235] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 198.092859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.102246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.633059] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.639537] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.648185] device bridge_slave_0 entered promiscuous mode [ 199.885173] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.891800] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.900196] device bridge_slave_1 entered promiscuous mode [ 200.061323] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 200.312936] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 07:02:55 executing program 2: [ 200.637583] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.644179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.651135] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.657776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.666743] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 200.782062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.169362] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 201.507314] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 201.638485] IPVS: ftp: loaded support on port[0] = 21 [ 201.778815] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 201.786705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.102489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 202.109496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.942581] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 202.950566] team0: Port device team_slave_0 added [ 203.187879] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 203.195951] team0: Port device team_slave_1 added [ 203.424732] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 203.431929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.441338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.785215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 203.792413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.801065] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.126744] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 204.134431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.143379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.416043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 204.423738] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.432808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 206.404436] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.410941] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.419851] device bridge_slave_0 entered promiscuous mode [ 206.709766] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.716568] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.725179] device bridge_slave_1 entered promiscuous mode [ 207.032144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 207.281036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 207.573685] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.580190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.587301] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.593823] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.603030] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 207.903106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.270062] bond0: Enslaving bond_slave_0 as an active interface with an up link 07:03:03 executing program 3: [ 208.492781] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.857578] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 208.866226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.248459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.255665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.508557] IPVS: ftp: loaded support on port[0] = 21 [ 210.291240] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.299365] team0: Port device team_slave_0 added [ 210.705132] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.713305] team0: Port device team_slave_1 added [ 211.044832] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.052055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.060777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.373792] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.380761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.389786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.706159] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.713767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.722678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.025781] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.033603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.042557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.294082] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.982612] ip (6581) used greatest stack depth: 53056 bytes left [ 214.428825] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 214.911197] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.917742] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.926214] device bridge_slave_0 entered promiscuous mode [ 215.259801] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.266465] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.274957] device bridge_slave_1 entered promiscuous mode [ 215.628781] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.663058] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 215.669385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 215.677476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 215.873334] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.879774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.886770] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.893281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.901872] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 215.948410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.309921] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.798848] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.065886] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 217.415287] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.756107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 217.763237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.071691] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.078704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:03:14 executing program 4: [ 219.138158] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.146293] team0: Port device team_slave_0 added [ 219.514141] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.522260] team0: Port device team_slave_1 added [ 219.976261] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 219.983463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.992585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.278503] IPVS: ftp: loaded support on port[0] = 21 [ 220.392795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 220.399781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.408671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.840635] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.848224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.857264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.240697] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 221.248451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.257551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.732112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.194714] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 224.836917] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 224.843531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 224.851665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.692858] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.699387] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.706353] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.712914] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.721481] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 225.852201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 07:03:21 executing program 0: [ 226.578281] 8021q: adding VLAN 0 to HW filter on device team0 07:03:21 executing program 0: prctl$seccomp(0x16, 0x2, &(0x7f0000000040)={0x0, &(0x7f0000000100)}) get_robust_list(0x0, &(0x7f00000002c0)=&(0x7f0000000280)={&(0x7f00000001c0)={&(0x7f0000000180)}, 0x0, &(0x7f0000000240)={&(0x7f0000000200)}}, &(0x7f0000000300)=0x18) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') r3 = memfd_create(&(0x7f0000000040)='/dev/loop#\x00', 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000005c0)) getegid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000007c0)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000580), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x4}, 0x40000) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r4 = getpid() r5 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup(r5) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r7, &(0x7f0000000040), &(0x7f00000002c0)=""/4096}, 0x18) pipe2(&(0x7f0000000080), 0x0) sched_setscheduler(r4, 0x5, &(0x7f0000000200)) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000480)) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x68, r8, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5b}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x100}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @remote}}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x80}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) capset(&(0x7f00000001c0)={0x0, r4}, &(0x7f0000000300)={0x2, 0x8, 0x0, 0x3f}) r9 = getuid() sendfile(r3, r2, &(0x7f0000000240), 0x2000005) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000400)={0x78, 0x0, 0x7, {0x81, 0x8001, 0x0, {0x3, 0xd01a, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80, 0x20, 0x0, r9, 0x0, 0x8, 0x54892704}}}, 0x78) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) [ 226.768530] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.775087] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.783498] device bridge_slave_0 entered promiscuous mode [ 227.246146] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.252724] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.261038] device bridge_slave_1 entered promiscuous mode [ 227.713371] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 228.085279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 229.354016] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 229.738376] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 230.111037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 230.118485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 07:03:25 executing program 0: prctl$seccomp(0x16, 0x2, &(0x7f0000000040)={0x0, &(0x7f0000000100)}) get_robust_list(0x0, &(0x7f00000002c0)=&(0x7f0000000280)={&(0x7f00000001c0)={&(0x7f0000000180)}, 0x0, &(0x7f0000000240)={&(0x7f0000000200)}}, &(0x7f0000000300)=0x18) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') r3 = memfd_create(&(0x7f0000000040)='/dev/loop#\x00', 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000005c0)) getegid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000007c0)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000580), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x4}, 0x40000) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r4 = getpid() r5 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup(r5) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r7, &(0x7f0000000040), &(0x7f00000002c0)=""/4096}, 0x18) pipe2(&(0x7f0000000080), 0x0) sched_setscheduler(r4, 0x5, &(0x7f0000000200)) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000480)) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x68, r8, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5b}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x100}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @remote}}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x80}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) capset(&(0x7f00000001c0)={0x0, r4}, &(0x7f0000000300)={0x2, 0x8, 0x0, 0x3f}) r9 = getuid() sendfile(r3, r2, &(0x7f0000000240), 0x2000005) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000400)={0x78, 0x0, 0x7, {0x81, 0x8001, 0x0, {0x3, 0xd01a, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80, 0x20, 0x0, r9, 0x0, 0x8, 0x54892704}}}, 0x78) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) [ 230.647690] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 230.654851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 07:03:25 executing program 5: prctl$seccomp(0x16, 0x2, &(0x7f0000000040)={0x0, &(0x7f0000000100)}) get_robust_list(0x0, &(0x7f00000002c0)=&(0x7f0000000280)={&(0x7f00000001c0)={&(0x7f0000000180)}, 0x0, &(0x7f0000000240)={&(0x7f0000000200)}}, &(0x7f0000000300)=0x18) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') r3 = memfd_create(&(0x7f0000000040)='/dev/loop#\x00', 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000005c0)) getegid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000007c0)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000580), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x4}, 0x40000) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r4 = getpid() r5 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup(r5) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r7, &(0x7f0000000040), &(0x7f00000002c0)=""/4096}, 0x18) pipe2(&(0x7f0000000080), 0x0) sched_setscheduler(r4, 0x5, &(0x7f0000000200)) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000480)) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x68, r8, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5b}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x100}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @remote}}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x80}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) capset(&(0x7f00000001c0)={0x0, r4}, &(0x7f0000000300)={0x2, 0x8, 0x0, 0x3f}) r9 = getuid() sendfile(r3, r2, &(0x7f0000000240), 0x2000005) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000400)={0x78, 0x0, 0x7, {0x81, 0x8001, 0x0, {0x3, 0xd01a, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80, 0x20, 0x0, r9, 0x0, 0x8, 0x54892704}}}, 0x78) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) [ 231.889767] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.897953] team0: Port device team_slave_0 added [ 232.109264] IPVS: ftp: loaded support on port[0] = 21 [ 232.320205] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.328352] team0: Port device team_slave_1 added [ 232.391425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.815742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.822874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.831691] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.200652] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 233.207748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 233.216512] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.597126] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 233.604715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.613988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 233.938938] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 233.946592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.955586] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.068390] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 235.634479] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 235.640790] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 235.648587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 07:03:30 executing program 1: 07:03:31 executing program 0: prctl$seccomp(0x16, 0x2, &(0x7f0000000040)={0x0, &(0x7f0000000100)}) get_robust_list(0x0, &(0x7f00000002c0)=&(0x7f0000000280)={&(0x7f00000001c0)={&(0x7f0000000180)}, 0x0, &(0x7f0000000240)={&(0x7f0000000200)}}, &(0x7f0000000300)=0x18) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') r3 = memfd_create(&(0x7f0000000040)='/dev/loop#\x00', 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000005c0)) getegid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000007c0)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000580), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x4}, 0x40000) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r4 = getpid() r5 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup(r5) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r7, &(0x7f0000000040), &(0x7f00000002c0)=""/4096}, 0x18) pipe2(&(0x7f0000000080), 0x0) sched_setscheduler(r4, 0x5, &(0x7f0000000200)) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000480)) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x68, r8, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5b}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x100}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @remote}}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x80}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) capset(&(0x7f00000001c0)={0x0, r4}, &(0x7f0000000300)={0x2, 0x8, 0x0, 0x3f}) r9 = getuid() sendfile(r3, r2, &(0x7f0000000240), 0x2000005) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000400)={0x78, 0x0, 0x7, {0x81, 0x8001, 0x0, {0x3, 0xd01a, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80, 0x20, 0x0, r9, 0x0, 0x8, 0x54892704}}}, 0x78) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) 07:03:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") r1 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x2f, 0x0, &(0x7f00000000c0)=[@release={0x40046307}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 236.559622] binder: 7147:7148 Acquire 1 refcount change on invalid ref 0 ret -22 [ 236.586498] binder: 7147:7148 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 236.594384] binder: 7147:7148 unknown command 0 [ 236.599093] binder: 7147:7148 ioctl c0306201 20008fd0 returned -22 [ 236.652305] binder: 7147:7155 Acquire 1 refcount change on invalid ref 0 ret -22 [ 236.682669] binder: 7147:7156 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 236.690293] binder: 7147:7156 unknown command 0 [ 236.695280] binder: 7147:7156 ioctl c0306201 20008fd0 returned -22 07:03:32 executing program 1: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) write$FUSE_OPEN(r0, &(0x7f0000000040)={0x20}, 0x20) 07:03:32 executing program 1: chdir(&(0x7f0000000000)='./file0\x00') r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000080)='security.selinux\x00', &(0x7f0000000140)='system_u:object_r:ptmx_t:s0\x00', 0x1c, 0x1) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000800)=ANY=[], &(0x7f00000002c0)) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/dev/qat_adf_ctl\x00', 0x600001, 0x0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000540)=@nbd={'/dev/nbd'}, &(0x7f0000000200)='./file0/file0\x00', &(0x7f00000005c0)='f2fs\x00', 0x10, &(0x7f0000000640)='/dev/qat_adf_ctl\x00') mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) socket(0x0, 0x3, 0x0) syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x1ff, 0x2808c2) [ 237.395146] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.511639] hrtimer: interrupt took 102751 ns [ 239.457346] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.464054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.470983] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.477576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.486137] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.829009] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.835619] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.844045] device bridge_slave_0 entered promiscuous mode [ 240.246912] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.253496] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.261983] device bridge_slave_1 entered promiscuous mode [ 240.342132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.578600] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 240.956672] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 241.877936] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 242.186150] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 242.486215] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 242.493399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.705405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.803144] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.810141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 243.704213] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 243.712691] team0: Port device team_slave_0 added [ 243.837996] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 243.925562] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 243.933830] team0: Port device team_slave_1 added [ 244.112603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 244.119684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.128517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.400977] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 244.408201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 244.416822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 244.740613] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 244.748358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.757197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.886600] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.893149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.900762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.012245] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 245.019889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.028724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 07:03:40 executing program 2: chdir(&(0x7f0000000000)='./file0\x00') r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000080)='security.selinux\x00', &(0x7f0000000140)='system_u:object_r:ptmx_t:s0\x00', 0x1c, 0x1) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000800)=ANY=[], &(0x7f00000002c0)) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/dev/qat_adf_ctl\x00', 0x600001, 0x0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000540)=@nbd={'/dev/nbd'}, &(0x7f0000000200)='./file0/file0\x00', &(0x7f00000005c0)='f2fs\x00', 0x10, &(0x7f0000000640)='/dev/qat_adf_ctl\x00') mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) socket(0x0, 0x3, 0x0) syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x1ff, 0x2808c2) [ 246.035861] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.792729] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.799205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.806246] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.812773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.821335] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 247.828018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.588908] 8021q: adding VLAN 0 to HW filter on device bond0 07:03:46 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f00000002c0)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)={@multicast2, @loopback, 0x1}, 0x10) [ 251.342799] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 251.894518] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 251.900924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 251.909080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 252.442125] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.817364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.352463] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 07:03:50 executing program 4: r0 = socket$kcm(0xa, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000346fc8), &(0x7f0000f6bffb)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 07:03:50 executing program 1: chdir(&(0x7f0000000000)='./file0\x00') r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000080)='security.selinux\x00', &(0x7f0000000140)='system_u:object_r:ptmx_t:s0\x00', 0x1c, 0x1) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000800)=ANY=[], &(0x7f00000002c0)) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/dev/qat_adf_ctl\x00', 0x600001, 0x0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000540)=@nbd={'/dev/nbd'}, &(0x7f0000000200)='./file0/file0\x00', &(0x7f00000005c0)='f2fs\x00', 0x10, &(0x7f0000000640)='/dev/qat_adf_ctl\x00') mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) socket(0x0, 0x3, 0x0) syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x1ff, 0x2808c2) 07:03:50 executing program 0: prctl$seccomp(0x16, 0x2, &(0x7f0000000040)={0x0, &(0x7f0000000100)}) get_robust_list(0x0, &(0x7f00000002c0)=&(0x7f0000000280)={&(0x7f00000001c0)={&(0x7f0000000180)}, 0x0, &(0x7f0000000240)={&(0x7f0000000200)}}, &(0x7f0000000300)=0x18) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') r3 = memfd_create(&(0x7f0000000040)='/dev/loop#\x00', 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000005c0)) getegid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000007c0)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000580), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x4}, 0x40000) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r4 = getpid() r5 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup(r5) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r7, &(0x7f0000000040), &(0x7f00000002c0)=""/4096}, 0x18) pipe2(&(0x7f0000000080), 0x0) sched_setscheduler(r4, 0x5, &(0x7f0000000200)) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000480)) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x68, r8, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5b}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x100}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @remote}}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x80}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) capset(&(0x7f00000001c0)={0x0, r4}, &(0x7f0000000300)={0x2, 0x8, 0x0, 0x3f}) r9 = getuid() sendfile(r3, r2, &(0x7f0000000240), 0x2000005) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000400)={0x78, 0x0, 0x7, {0x81, 0x8001, 0x0, {0x3, 0xd01a, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80, 0x20, 0x0, r9, 0x0, 0x8, 0x54892704}}}, 0x78) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) 07:03:50 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f00000000c0)={0x10, 0x34005, 0x4602000000000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)={0x18, 0x32, 0x82d, 0x0, 0x0, {0x3}, [@nested={0x4}]}, 0x18}}, 0x0) [ 255.830081] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 255.836535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 255.844478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 256.938887] 8021q: adding VLAN 0 to HW filter on device team0 07:03:55 executing program 5: prctl$seccomp(0x16, 0x2, &(0x7f0000000040)={0x0, &(0x7f0000000100)}) get_robust_list(0x0, &(0x7f00000002c0)=&(0x7f0000000280)={&(0x7f00000001c0)={&(0x7f0000000180)}, 0x0, &(0x7f0000000240)={&(0x7f0000000200)}}, &(0x7f0000000300)=0x18) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') r3 = memfd_create(&(0x7f0000000040)='/dev/loop#\x00', 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000005c0)) getegid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000007c0)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000580), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x4}, 0x40000) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r4 = getpid() r5 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup(r5) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r7, &(0x7f0000000040), &(0x7f00000002c0)=""/4096}, 0x18) pipe2(&(0x7f0000000080), 0x0) sched_setscheduler(r4, 0x5, &(0x7f0000000200)) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000480)) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x68, r8, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5b}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x100}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @remote}}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x80}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) capset(&(0x7f00000001c0)={0x0, r4}, &(0x7f0000000300)={0x2, 0x8, 0x0, 0x3f}) r9 = getuid() sendfile(r3, r2, &(0x7f0000000240), 0x2000005) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000400)={0x78, 0x0, 0x7, {0x81, 0x8001, 0x0, {0x3, 0xd01a, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80, 0x20, 0x0, r9, 0x0, 0x8, 0x54892704}}}, 0x78) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) 07:03:55 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net\x00') getdents64(r0, &(0x7f0000001340)=""/4096, 0xdaf) 07:03:55 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = socket$netlink(0x10, 0x3, 0x0) write(r1, &(0x7f0000000200)="24000000260077000000000000007701000000ff0100000000000000dfffffff013fe836", 0x24) 07:03:55 executing program 2: bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000ec0)={&(0x7f0000000e80)='./file0\x00'}, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x22, &(0x7f0000000400)={0x0, 0x0}}, 0x10) perf_event_open(&(0x7f0000000380)={0x0, 0x70, 0x0, 0x100, 0x0, 0x6, 0x0, 0x100000000, 0x0, 0x0, 0x1f, 0x0, 0x2, 0x6, 0x0, 0x4, 0x75, 0x0, 0xba7c, 0x0, 0x0, 0x600000, 0x0, 0x6e, 0x0, 0x7, 0x0, 0xae54, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1000, 0x0, 0x0, 0x20000000d, 0x7, @perf_bp={&(0x7f0000000280)}, 0x1, 0x7, 0x0, 0x6, 0x5, 0x2fd, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0xb) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0xfffffffffffffffe) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)="2f67726f75702e73746174003c23fb572a1f0494e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a471b4a7fa2f3fdf6e034d804e5f0df4b1dee483b157624c59c0100e89e6a357c000000", 0x2761, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000200), 0xd14cc5addfad2f5d) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x15, 0x6, 0x4, 0x0, 0xffffffffffffff9c}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000240)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r2}, 0x10) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$kcm(0x10, 0x1000000000000002, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000e80)='#', 0x1}], 0x1, &(0x7f0000000a00)}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x200, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000800)}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={r0, 0x7, 0x10}, 0xc) socketpair(0x1b, 0x4004, 0x4, &(0x7f00000004c0)) write$cgroup_int(r1, &(0x7f0000000100)=0x4, 0x12) close(r4) ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0x9) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00', r1}, 0x10) 07:03:55 executing program 1: r0 = socket$kcm(0xa, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000346fc8), &(0x7f0000f6bffb)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 07:03:55 executing program 0: prctl$seccomp(0x16, 0x2, &(0x7f0000000040)={0x0, &(0x7f0000000100)}) get_robust_list(0x0, &(0x7f00000002c0)=&(0x7f0000000280)={&(0x7f00000001c0)={&(0x7f0000000180)}, 0x0, &(0x7f0000000240)={&(0x7f0000000200)}}, &(0x7f0000000300)=0x18) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') r3 = memfd_create(&(0x7f0000000040)='/dev/loop#\x00', 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000005c0)) getegid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000007c0)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000380)=@abs, 0x6e, &(0x7f0000000580), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x4}, 0x40000) getsockopt$SO_COOKIE(0xffffffffffffffff, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r4 = getpid() r5 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup(r5) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r7, &(0x7f0000000040), &(0x7f00000002c0)=""/4096}, 0x18) pipe2(&(0x7f0000000080), 0x0) sched_setscheduler(r4, 0x5, &(0x7f0000000200)) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000480)) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x68, r8, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5b}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x100}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @remote}}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x80}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) capset(&(0x7f00000001c0)={0x0, r4}, &(0x7f0000000300)={0x2, 0x8, 0x0, 0x3f}) r9 = getuid() sendfile(r3, r2, &(0x7f0000000240), 0x2000005) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000400)={0x78, 0x0, 0x7, {0x81, 0x8001, 0x0, {0x3, 0xd01a, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80, 0x20, 0x0, r9, 0x0, 0x8, 0x54892704}}}, 0x78) 07:03:55 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x40000) 07:03:55 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000000)={0x4, [0x0, 0x0, 0x400, 0xfffffffffffffffc]}, 0xc) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000240)={0x0, 0x8000}) ioctl$KVM_NMI(r3, 0xae9a) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f0000000340)="643e67660f3a61ca9bbaf80c66b8bc5d158866efbafc0c66ed66b9800000c00f326635001000000f30f40f38c94bf80f380b5775260f01ca0f21360f180ad810", 0x40}], 0x2d3, 0xfffffffffffffffc, &(0x7f0000000280), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 07:03:55 executing program 1: 07:03:55 executing program 4: 07:03:55 executing program 3: [ 260.706415] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 260.944506] ================================================================== [ 260.951935] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 260.959586] CPU: 0 PID: 7820 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #65 [ 260.966791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 260.976155] Call Trace: [ 260.978773] dump_stack+0x306/0x460 [ 260.982434] ? vmx_set_constant_host_state+0x1778/0x1830 [ 260.987941] kmsan_report+0x1a2/0x2e0 [ 260.991787] __msan_warning+0x7c/0xe0 [ 260.995631] vmx_set_constant_host_state+0x1778/0x1830 [ 261.000950] vmx_create_vcpu+0x3e6f/0x7870 [ 261.005256] ? kmsan_set_origin_inline+0x6b/0x120 [ 261.010126] ? __msan_poison_alloca+0x17a/0x210 [ 261.014845] ? vmx_vm_init+0x340/0x340 [ 261.018764] kvm_arch_vcpu_create+0x25d/0x2f0 [ 261.023290] kvm_vm_ioctl+0x13fd/0x33d0 [ 261.027305] ? __msan_poison_alloca+0x17a/0x210 [ 261.032029] ? do_vfs_ioctl+0x18a/0x2810 [ 261.036142] ? __se_sys_ioctl+0x1da/0x270 [ 261.040328] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 261.045218] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 261.050114] do_vfs_ioctl+0xcf3/0x2810 [ 261.054064] ? security_file_ioctl+0x92/0x200 [ 261.058617] __se_sys_ioctl+0x1da/0x270 [ 261.062650] __x64_sys_ioctl+0x4a/0x70 [ 261.066567] do_syscall_64+0xbe/0x100 [ 261.070405] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 261.075614] RIP: 0033:0x457579 [ 261.078834] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 261.097759] RSP: 002b:00007fcd18a3ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 261.105497] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 261.112783] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 261.120085] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 261.127388] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcd18a3b6d4 [ 261.134676] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 261.141974] [ 261.143642] Local variable description: ----dt@vmx_set_constant_host_state [ 261.150666] Variable was created at: [ 261.154423] vmx_set_constant_host_state+0x2b0/0x1830 [ 261.159638] vmx_create_vcpu+0x3e6f/0x7870 [ 261.163887] ================================================================== [ 261.171259] Disabling lock debugging due to kernel taint [ 261.176725] Kernel panic - not syncing: panic_on_warn set ... [ 261.176725] [ 261.184128] CPU: 0 PID: 7820 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #65 [ 261.192719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 261.202088] Call Trace: [ 261.204709] dump_stack+0x306/0x460 [ 261.208390] panic+0x54c/0xafa [ 261.211672] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 261.217156] kmsan_report+0x2d3/0x2e0 [ 261.220998] __msan_warning+0x7c/0xe0 [ 261.224859] vmx_set_constant_host_state+0x1778/0x1830 [ 261.230196] vmx_create_vcpu+0x3e6f/0x7870 [ 261.234469] ? kmsan_set_origin_inline+0x6b/0x120 [ 261.239346] ? __msan_poison_alloca+0x17a/0x210 [ 261.244076] ? vmx_vm_init+0x340/0x340 [ 261.247996] kvm_arch_vcpu_create+0x25d/0x2f0 [ 261.252544] kvm_vm_ioctl+0x13fd/0x33d0 [ 261.256557] ? __msan_poison_alloca+0x17a/0x210 [ 261.261264] ? do_vfs_ioctl+0x18a/0x2810 [ 261.265367] ? __se_sys_ioctl+0x1da/0x270 [ 261.269556] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 261.274425] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 261.279300] do_vfs_ioctl+0xcf3/0x2810 [ 261.283253] ? security_file_ioctl+0x92/0x200 [ 261.287798] __se_sys_ioctl+0x1da/0x270 [ 261.291816] __x64_sys_ioctl+0x4a/0x70 [ 261.295730] do_syscall_64+0xbe/0x100 [ 261.299569] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 261.304777] RIP: 0033:0x457579 [ 261.307998] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 261.326922] RSP: 002b:00007fcd18a3ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 261.334657] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 261.341942] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006 [ 261.349228] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 261.356514] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcd18a3b6d4 [ 261.363800] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 261.372012] Kernel Offset: disabled [ 261.375683] Rebooting in 86400 seconds..