[   61.025219] audit: type=1800 audit(1539267202.091:27): pid=6076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   62.648888] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   66.135919] random: sshd: uninitialized urandom read (32 bytes read)
[   66.712359] random: sshd: uninitialized urandom read (32 bytes read)
[   69.445989] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts.
[   75.446877] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/11 14:13:38 fuzzer started
[   80.131540] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/11 14:13:43 dialing manager at 10.128.0.26:39089
2018/10/11 14:13:43 syscalls: 1
2018/10/11 14:13:43 code coverage: enabled
2018/10/11 14:13:43 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/11 14:13:43 setuid sandbox: enabled
2018/10/11 14:13:43 namespace sandbox: enabled
2018/10/11 14:13:43 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/11 14:13:43 fault injection: enabled
2018/10/11 14:13:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/11 14:13:43 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory)
2018/10/11 14:13:43 net device setup: enabled
[   85.352358] random: crng init done
14:15:57 executing program 0:
r0 = socket$vsock_dgram(0x28, 0x2, 0x0)
shutdown(r0, 0x0)

[  216.996603] IPVS: ftp: loaded support on port[0] = 21
[  218.468607] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.475372] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.484418] device bridge_slave_0 entered promiscuous mode
[  218.655305] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.661946] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.670658] device bridge_slave_1 entered promiscuous mode
[  218.822625] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  218.976736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  219.443875] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  219.599408] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  219.754237] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  219.761533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  219.915444] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  219.922661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
14:16:01 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000380), 0x4)
connect$inet6(r0, &(0x7f00000000c0), 0x1c)
r1 = dup2(r0, r0)
r2 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0)
r3 = dup(r2)
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x102)
write$evdev(r4, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132320)
clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff)
setsockopt$inet_buf(r1, 0x0, 0x23, &(0x7f00000002c0), 0x0)
ioctl$LOOP_SET_DIRECT_IO(r3, 0x4c08, 0xbf8e)

[  220.538923] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  220.547433] team0: Port device team_slave_0 added
[  220.793526] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  220.802037] team0: Port device team_slave_1 added
[  221.052634] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  221.059725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  221.068932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  221.218356] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  221.225658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  221.234597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  221.344724] IPVS: ftp: loaded support on port[0] = 21
[  221.479429] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  221.487627] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  221.497528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  221.750392] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  221.758189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  221.767700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  223.490656] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.497558] bridge0: port 1(bridge_slave_0) entered disabled state
[  223.506582] device bridge_slave_0 entered promiscuous mode
[  223.791140] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.797650] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.806409] device bridge_slave_1 entered promiscuous mode
[  223.956147] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  224.144029] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  224.795947] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.802530] bridge0: port 2(bridge_slave_1) entered forwarding state
[  224.809558] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.816297] bridge0: port 1(bridge_slave_0) entered forwarding state
[  224.825497] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  224.832164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  224.862945] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  225.171094] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  225.370511] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  225.377809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  225.620478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  225.627754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
14:16:07 executing program 2:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(&(0x7f0000000300)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f0000000580)='sockfs\x00', 0x0, &(0x7f00000005c0)="55b3976bfcfd9e18b5db931d42d8603a1aaeb527a1782d23eee7ff47826eb732d919f9412aa1361f4983b4b66250bd2dab714446ef99e970bbf06bebc02a61cfc50170f3b488c7f03b4790a9353f6424f7cb89467203a527e7cf0369b63b1fb83036a424b00b5026924f09c715b4fb32d9dbda75c87c704ea066fb2e9cde94989b87628738b1370fefdc468042e566eb37e5bfeaa2957416eaa76f92115a1860e9b478ebbd4fccaecdb60d229db0")

[  226.558266] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  226.566688] team0: Port device team_slave_0 added
[  226.896764] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  226.905267] team0: Port device team_slave_1 added
[  227.265933] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  227.273234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  227.282608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  227.381196] IPVS: ftp: loaded support on port[0] = 21
[  227.608638] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  227.615946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  227.625234] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  227.947358] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  227.955265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  227.964808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  228.266576] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  228.274494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  228.283659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  230.042723] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.049242] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.058131] device bridge_slave_0 entered promiscuous mode
[  230.339453] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.346063] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.354878] device bridge_slave_1 entered promiscuous mode
[  230.689230] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  231.004705] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  231.738049] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.744685] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.751837] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.758328] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.767716] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  231.951444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  232.026887] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  232.294016] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  232.611266] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  232.618404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  232.856567] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  232.864161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  233.861807] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  233.870172] team0: Port device team_slave_0 added
[  234.198458] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  234.207386] team0: Port device team_slave_1 added
[  234.486242] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  234.493923] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  234.503224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
14:16:15 executing program 3:
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$kcm(0x29, 0x5, 0x0)
splice(r1, 0x0, r0, 0x0, 0xced1, 0x0)

[  234.926308] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  234.933842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  234.944063] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  235.266510] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  235.275757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  235.285667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  235.646232] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  235.654354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  235.664343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  236.365572] IPVS: ftp: loaded support on port[0] = 21
[  238.436186] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.790215] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.796852] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.805927] device bridge_slave_0 entered promiscuous mode
[  239.971266] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  240.015985] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.022603] bridge0: port 2(bridge_slave_1) entered forwarding state
[  240.029586] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.036313] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.045397] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  240.142035] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  240.254679] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.261398] bridge0: port 2(bridge_slave_1) entered disabled state
[  240.270526] device bridge_slave_1 entered promiscuous mode
[  240.678824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  241.094052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  241.320547] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  241.329405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  241.337795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  242.269565] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  242.695943] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  242.762248] 8021q: adding VLAN 0 to HW filter on device team0
[  243.145427] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  243.152690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  243.584945] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  243.592259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  244.755469] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  244.763958] team0: Port device team_slave_0 added
[  245.092841] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  245.101974] team0: Port device team_slave_1 added
[  245.455930] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  245.463280] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  245.472710] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  245.810308] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  245.817690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  245.826831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
14:16:27 executing program 4:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet6(0xa, 0x200000000003, 0x87)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmsg(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)="b10b9386", 0x4}], 0x1, &(0x7f0000000180)}, 0x8000)

[  246.286308] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  246.294115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  246.303861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  246.698406] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  246.706454] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  246.715907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  247.298876] 8021q: adding VLAN 0 to HW filter on device bond0
[  248.014131] IPVS: ftp: loaded support on port[0] = 21
[  248.982809] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  250.771782] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  250.778233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  250.786598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  251.893657] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.900175] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.907314] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.913868] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.923149] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  252.231965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  252.496907] 8021q: adding VLAN 0 to HW filter on device team0
[  252.629325] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.636059] bridge0: port 1(bridge_slave_0) entered disabled state
[  252.645358] device bridge_slave_0 entered promiscuous mode
[  253.169291] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.176068] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.184797] device bridge_slave_1 entered promiscuous mode
14:16:34 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00')
preadv(r0, &(0x7f0000000480), 0x1000000000000156, 0x0)

[  253.693439] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  253.704681] hrtimer: interrupt took 46387 ns
[  254.129610] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
14:16:35 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00')
preadv(r0, &(0x7f0000000480), 0x1000000000000156, 0x0)

14:16:35 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00')
preadv(r0, &(0x7f0000000480), 0x1000000000000156, 0x0)

14:16:36 executing program 0:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r0, 0x65, 0x4, &(0x7f0000000080), 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x402000, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x1, @mcast1, 0x7}, 0x1c)
ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000080)={0x1, 0x1})

[  255.674897] bond0: Enslaving bond_slave_0 as an active interface with an up link
14:16:37 executing program 0:
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80, 0x0, 0x0, 0x73d}, 0x305)
sendto$inet6(r0, &(0x7f0000000000), 0x5488, 0x0, 0x0, 0x4b)

[  256.147014] bond0: Enslaving bond_slave_1 as an active interface with an up link
14:16:37 executing program 0:
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80, 0x0, 0x0, 0x73d}, 0x305)
sendto$inet6(r0, &(0x7f0000000000), 0x5488, 0x0, 0x0, 0x4b)

[  256.648783] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  256.656088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  257.040422] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  257.047843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
14:16:38 executing program 0:
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x80, 0x0, 0x0, 0x73d}, 0x305)
sendto$inet6(r0, &(0x7f0000000000), 0x5488, 0x0, 0x0, 0x4b)

14:16:38 executing program 0:
mmap(&(0x7f0000000000/0x7f2000)=nil, 0x7f2000, 0x3, 0x31, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f00003f5000/0xf000)=nil, 0xf000, 0x1)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x204800, 0x0)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000180)={'ipvs\x00'}, &(0x7f00000001c0)=0x1e)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
vmsplice(r1, &(0x7f0000e79000)=[{&(0x7f00003fb000)="f7", 0x1}], 0x1, 0x0)
mbind(&(0x7f00003b5000/0x800000)=nil, 0x800000, 0x0, &(0x7f0000000080), 0x1, 0x3)
r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x201, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000100)={0x8001, 0x0, 0x1, 0x400, 0x53})
r3 = socket(0x1e, 0x804, 0x0)
io_setup(0x1, &(0x7f0000000000)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000a80)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000040)="8b", 0x1}])

[  258.055061] 8021q: adding VLAN 0 to HW filter on device bond0
[  258.395706] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  258.404355] team0: Port device team_slave_0 added
[  258.882615] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  258.891625] team0: Port device team_slave_1 added
[  259.257482] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  259.264859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  259.274009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  259.429907] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  259.520214] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  259.529709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  259.538775] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  259.855620] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  259.863513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  259.872906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  260.149369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  260.157268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  260.166382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  260.618555] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  260.625290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  260.633301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  261.792011] 8021q: adding VLAN 0 to HW filter on device team0
[  265.135485] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.142163] bridge0: port 2(bridge_slave_1) entered forwarding state
[  265.149157] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.155799] bridge0: port 1(bridge_slave_0) entered forwarding state
[  265.164456] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  265.174925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  265.680498] clocksource: timekeeping watchdog on CPU1: Marking clocksource 'tsc' as unstable because the skew is too large:
[  265.691933] clocksource:                       'acpi_pm' wd_now: 603522 wd_last: 7c79d8 mask: ffffff
[  265.701402] clocksource:                       'tsc' cs_now: 9693cf5f71 cs_last: 945838f8b8 mask: ffffffffffffffff
[  265.712058] tsc: Marking TSC unstable due to clocksource watchdog
[  265.726870] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'.
[  265.735822] sched_clock: Marking unstable (265815983638, -89136681)<-(265852534130, -125686229)
[  265.736846] clocksource: Switched to clocksource acpi_pm
14:16:47 executing program 1:

[  268.182569] 8021q: adding VLAN 0 to HW filter on device bond0
[  268.913442] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  269.614725] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  269.621376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  269.629349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
14:16:50 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000540)={<r1=>0xffffffffffffffff})
dup3(r0, r1, 0x0)

[  270.416583] 8021q: adding VLAN 0 to HW filter on device team0
[  273.568499] 8021q: adding VLAN 0 to HW filter on device bond0
[  274.121209] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  274.512367] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  274.518681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  274.526943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  274.906880] 8021q: adding VLAN 0 to HW filter on device team0
14:16:58 executing program 3:
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$kcm(0x29, 0x5, 0x0)
splice(r1, 0x0, r0, 0x0, 0xced1, 0x0)

14:16:58 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}, @sadb_address={0x5, 0x9, 0xffffff80, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0)

14:16:58 executing program 5:
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_GET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r1, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0x77}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e24}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000180)=0xffffffff, 0x2)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0)=<r2=>0x0)
ptrace$poke(0x4, r2, &(0x7f0000000200), 0x240)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
ptrace(0x4208, r2)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f00000002c0), 0x4)
r3 = syz_open_dev$midi(&(0x7f0000000300)='/dev/midi#\x00', 0x8000, 0x440000)
ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f0000000340)=r2)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000380)={0x0, 0x0, 0x3, 0x0, [], [{0xea98, 0x8, 0x9, 0x0, 0x3f}, {0x80000000, 0x8001, 0x3, 0x40, 0x8, 0x7ff}], [[], [], []]})
ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000500)=0x8000)
ioctl$TIOCMSET(r3, 0x5418, &(0x7f0000000540)=0x401)
setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000580), 0x4)
signalfd4(r3, &(0x7f00000005c0)={0x8}, 0x8, 0x800)
pipe2(&(0x7f0000000600)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000640)={<r6=>0x0, 0xb0, 0x2, [0x2560707e, 0x1]}, &(0x7f0000000680)=0xc)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f00000006c0)={r6, @in={{0x2, 0x4e22, @multicast1}}, 0x3, 0x4}, 0x90)
ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000780)={0x1d, 0x1, 0x2})
ioctl$sock_netdev_private(r0, 0x89f1, &(0x7f00000007c0)="4191365599ec7c53fcbc210c8f986c923dd6df66501d22c01321b115c629ab3cc9f8736dff8f06c48864de899c0f35904f4ca115c25dd4a00fda2949834c40575ab6038ee18df2af95decec859f021dd90df6f6980f80a")
ioctl$sock_inet_udp_SIOCOUTQ(r5, 0x5411, &(0x7f0000000840))
r7 = syz_genetlink_get_family_id$team(&(0x7f00000008c0)='team\x00')
accept4$packet(r3, &(0x7f0000000900)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000940)=0x14, 0x800)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000980)={{{@in=@dev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in=@rand_addr}, 0x0, @in=@multicast2}}, &(0x7f0000000a80)=0xe8)
getsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000c40)={@empty, <r10=>0x0}, &(0x7f0000000c80)=0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000cc0)={'vcan0\x00', <r11=>0x0})
getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000d00)={@mcast2, <r12=>0x0}, &(0x7f0000000d40)=0x14)
getsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000d80)={{{@in6=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0}}, {{@in=@rand_addr}, 0x0, @in6=@remote}}, &(0x7f0000000e80)=0xe8)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f00000011c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001180)={&(0x7f0000000ec0)={0x290, r7, 0x200, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r8}, {0xf8, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0xc49d}}}, {0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0xc, 0x4, 'random\x00'}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0x174, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r11}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0xc000000000000000}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r12}}, {0x8}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'broadcast\x00'}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r13}}}]}}]}, 0x290}, 0x1, 0x0, 0x0, 0x4040004}, 0x20000000)

14:16:58 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000023c0)=""/4096, 0x3000}], 0x1, &(0x7f00000007c0)=""/16, 0x10}, 0x0)

14:16:58 executing program 2:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x2, 0x0)
write$binfmt_aout(r0, &(0x7f0000000140)={{0x0, 0x0, 0x1}}, 0x20)

14:16:58 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040))
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x6, 0x200)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffff9c, 0xc008640a, &(0x7f0000000080)={<r2=>0x0})
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x8800, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r2, 0x80000, r3})
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DAEMON(r3, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x282}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c00000e8e00", @ANYRES16=r4, @ANYBLOB="1b0b25bd7000fedbdf250a0000000400020008000500080000003c000200080003000300000008000600000001000800070000080000080003000000000008000600030000000800070008000000080006003f0000000800050007000000080005000100010008000400ffff00000800060005000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x4000810)
r5 = syz_open_pts(r0, 0x0)
ioctl$TCXONC(r5, 0x540a, 0x2)

14:16:58 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r2 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000023c0)=""/4096, 0x3000}], 0x1, &(0x7f00000007c0)=""/16, 0x10}, 0x0)

14:16:59 executing program 0:
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff)
rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000040))
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x4000)
ptrace(0x10, r0)
ptrace(0x11, r0)

14:16:59 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cgroup.max.descendants\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000100), 0x12)

14:16:59 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r2 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000300)=ANY=[], 0xffffffaa)
recvmsg(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000023c0)=""/4096, 0x3000}], 0x1, &(0x7f00000007c0)=""/16, 0x10}, 0x0)

14:16:59 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}, @sadb_address={0x5, 0x9, 0xffffff80, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0)

14:16:59 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x2004e20, @multicast1}, 0x10)
setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000080), 0x4)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @rand_addr}, 0x10)
r1 = fcntl$dupfd(r0, 0x0, r0)
sendmsg$rds(r1, &(0x7f0000003c80)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000001c0)=""/65, 0x41}], 0x1, &(0x7f0000003b40)}, 0x0)

[  278.725049] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  279.118092] IPVS: ftp: loaded support on port[0] = 21
[  280.091436] bridge0: port 1(bridge_slave_0) entered blocking state
[  280.097838] bridge0: port 1(bridge_slave_0) entered disabled state
[  280.106641] device bridge_slave_0 entered promiscuous mode
14:17:01 executing program 3:
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$kcm(0x29, 0x5, 0x0)
splice(r1, 0x0, r0, 0x0, 0xced1, 0x0)

[  280.247089] bridge0: port 2(bridge_slave_1) entered blocking state
[  280.253769] bridge0: port 2(bridge_slave_1) entered disabled state
[  280.262578] device bridge_slave_1 entered promiscuous mode
[  280.389693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  280.491336] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  280.860829] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  280.969031] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  281.073313] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  281.086394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  281.450146] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  281.458142] team0: Port device team_slave_0 added
[  281.552536] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  281.560436] team0: Port device team_slave_1 added
[  281.654192] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  281.748330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  281.755439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  281.764533] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  281.851231] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  281.858559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  281.867702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  281.955025] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  281.962528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  281.971749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  283.012164] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.018603] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.025817] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.032387] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.041911] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  283.048431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  286.481116] 8021q: adding VLAN 0 to HW filter on device bond0
[  286.783343] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  287.081769] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  287.088019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  287.096179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  287.393377] 8021q: adding VLAN 0 to HW filter on device team0
14:17:10 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}, @sadb_address={0x5, 0x9, 0xffffff80, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0)

14:17:10 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00001a2000/0xc00000)=nil, 0xc04000, 0x4000000000000008)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)

14:17:10 executing program 0:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000000), 0x84, 0x0, &(0x7f0000fd3ff0)={0xffff, 0x4}, &(0x7f0000000ffc), 0x0)

14:17:10 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r2, &(0x7f0000000100), 0xffffffffffffffd6, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c)
r3 = socket$inet(0x10, 0x3, 0x4)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000000000)="4c0000001200ff09fffefd956fa264b724a6007e00000000000000683540150024001d001fc41180b598be593ab6821148a730bb1aa49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0)

14:17:10 executing program 3:
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$kcm(0x29, 0x5, 0x0)
splice(r1, 0x0, r0, 0x0, 0xced1, 0x0)

14:17:10 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)="68756765746c04000000000000006167655f69725f5aa2f4657300", 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xce})
ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040))

[  289.571857] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
14:17:10 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xfe9f, 0x20000802, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000000c0)=0xc)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='ip6_vti0\x00', 0x10)
sendto$inet(r1, &(0x7f0000d7cfcb), 0xfffffffffffffe8f, 0x0, &(0x7f0000893ff0), 0x10)

14:17:10 executing program 2:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0xffffffffffffff05}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x7003, &(0x7f0000000080))

14:17:11 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}, @sadb_address={0x5, 0x9, 0xffffff80, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0)

14:17:11 executing program 5:
bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x8, 0x3, &(0x7f0000000040)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x27}}, &(0x7f0000000240)="47504c0083ff130f5fb00e5d5b644354b6e27770c5a6241e8defd6533e2ae106be655c6c526349216c30bb1f80fb450ec0d5be", 0x1, 0x99, &(0x7f0000000180)=""/153}, 0x48)

14:17:11 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0)
ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f0000000140)={0x7, 0x7})
write$binfmt_misc(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="040000001148f9736fe0ab49d7778f2e1dca7390bd6fda7189a15d150898759f396414968d7741689c9833425817a625ca0642bf2f5ef06669aada1cb71caddfe7d1e4c5c703b397ca7a7b2f8104479f18f167a45e1e05"], 0x57)
ioctl$BLKIOOPT(0xffffffffffffffff, 0x1260, &(0x7f0000000000))
fcntl$setsig(r0, 0xa, 0x3c)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r3, 0x8188aea6, &(0x7f0000000280)={0x0, 0x0, [0x0, 0xa6e8, 0x6]})
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f00000001c0)=0x5)
getrandom(&(0x7f0000000180)=""/43, 0x18a, 0x2)
ioctl$FIDEDUPERANGE(r3, 0xc0189436, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000056f30000000000000000000000000000000000"])

14:17:11 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000000)=""/33)
mlock(&(0x7f0000ff1000/0x2000)=nil, 0x2000)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f00000000c0)={0x18}, 0x18)
keyctl$session_to_parent(0x12)

14:17:11 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}, @sadb_address={0x5, 0x9, 0xffffff80, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0)

14:17:11 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001600)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000000000000bfa30000000000000703000020feffff7a0af0fff8ffffff79a4f0ff00000000b7060000000000012d640300000000006504040001ed0ebb1c04000000000000b7050000000000006203000000000000a40000002e000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48)

14:17:11 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000540)={<r1=>0xffffffffffffffff})
dup3(r0, r1, 0x0)

14:17:12 executing program 1:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x0, 0x0)
fcntl$lock(r1, 0x7, &(0x7f0000000200))
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_ENABLE_CAP(r3, 0x4068aea3, &(0x7f0000000100)={0x79})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x200031, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8400ae8e, &(0x7f0000000000))
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

[  291.379972] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  291.457008] ==================================================================
[  291.461038] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830
[  291.461038] CPU: 1 PID: 7866 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #66
[  291.461038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.481081] Call Trace:
[  291.481081]  dump_stack+0x306/0x460
[  291.494455]  ? vmx_set_constant_host_state+0x1778/0x1830
[  291.494455]  kmsan_report+0x1a2/0x2e0
[  291.494455]  __msan_warning+0x7c/0xe0
[  291.494455]  vmx_set_constant_host_state+0x1778/0x1830
[  291.494455]  vmx_create_vcpu+0x3e6f/0x7870
[  291.494455]  ? vmx_vm_init+0x340/0x340
[  291.494455]  kvm_arch_vcpu_create+0x25d/0x2f0
[  291.494455]  kvm_vm_ioctl+0x13fd/0x33d0
[  291.494455]  ? __msan_poison_alloca+0x17a/0x210
[  291.531103]  ? do_vfs_ioctl+0x18a/0x2810
[  291.531103]  ? __se_sys_ioctl+0x1da/0x270
[  291.531103]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  291.531103]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  291.531103]  do_vfs_ioctl+0xcf3/0x2810
[  291.531103]  ? security_file_ioctl+0x92/0x200
[  291.531103]  __se_sys_ioctl+0x1da/0x270
[  291.531103]  __x64_sys_ioctl+0x4a/0x70
[  291.531103]  do_syscall_64+0xbe/0x100
[  291.531103]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  291.577717] RIP: 0033:0x457519
[  291.580403] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  291.600076] RSP: 002b:00007f30f8784c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  291.608316] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[  291.615970] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[  291.622443] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  291.630043] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f30f87856d4
[  291.637095] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff
[  291.644023] 
[  291.646744] Local variable description: ----dt@vmx_set_constant_host_state
[  291.653522] Variable was created at:
[  291.657620]  vmx_set_constant_host_state+0x2b0/0x1830
[  291.661675]  vmx_create_vcpu+0x3e6f/0x7870
[  291.667088] ==================================================================
[  291.674066] Disabling lock debugging due to kernel taint
[  291.679519] Kernel panic - not syncing: panic_on_warn set ...
[  291.679519] 
[  291.686308] CPU: 1 PID: 7866 Comm: syz-executor1 Tainted: G    B             4.19.0-rc4+ #66
[  291.695783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.704047] Call Trace:
[  291.706769]  dump_stack+0x306/0x460
[  291.711205]  panic+0x54c/0xafa
[  291.714909]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  291.720328]  kmsan_report+0x2d3/0x2e0
[  291.723041]  __msan_warning+0x7c/0xe0
[  291.727129]  vmx_set_constant_host_state+0x1778/0x1830
[  291.732873]  vmx_create_vcpu+0x3e6f/0x7870
[  291.736941]  ? vmx_vm_init+0x340/0x340
[  291.739668]  kvm_arch_vcpu_create+0x25d/0x2f0
[  291.745946]  kvm_vm_ioctl+0x13fd/0x33d0
[  291.749750]  ? __msan_poison_alloca+0x17a/0x210
[  291.754524]  ? do_vfs_ioctl+0x18a/0x2810
[  291.757055]  ? __se_sys_ioctl+0x1da/0x270
[  291.761154]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  291.761154]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  291.771109]  do_vfs_ioctl+0xcf3/0x2810
[  291.771109]  ? security_file_ioctl+0x92/0x200
[  291.771109]  __se_sys_ioctl+0x1da/0x270
[  291.771109]  __x64_sys_ioctl+0x4a/0x70
[  291.788856]  do_syscall_64+0xbe/0x100
[  291.791196]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  291.797209] RIP: 0033:0x457519
[  291.801371] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  291.820366] RSP: 002b:00007f30f8784c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  291.827172] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[  291.834141] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000006
[  291.842260] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  291.849044] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f30f87856d4
[  291.857135] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff
[  291.864066] Kernel Offset: disabled
[  291.864066] Rebooting in 86400 seconds..