[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 50.325343] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 50.662696] audit: type=1800 audit(1538963065.711:29): pid=5899 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 52.122814] random: sshd: uninitialized urandom read (32 bytes read) [ 52.482035] random: sshd: uninitialized urandom read (32 bytes read) [ 54.037401] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.115' (ECDSA) to the list of known hosts. [ 59.808740] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/08 01:44:36 fuzzer started [ 63.872918] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/08 01:44:40 dialing manager at 10.128.0.26:36867 2018/10/08 01:44:40 syscalls: 1 2018/10/08 01:44:40 code coverage: enabled 2018/10/08 01:44:40 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/08 01:44:40 setuid sandbox: enabled 2018/10/08 01:44:40 namespace sandbox: enabled 2018/10/08 01:44:40 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/08 01:44:40 fault injection: enabled 2018/10/08 01:44:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/08 01:44:40 net packed injection: enabled 2018/10/08 01:44:40 net device setup: enabled [ 68.714527] random: crng init done 01:46:17 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2000, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in6=@local, @in6}}, {{@in6=@mcast1}, 0x0, @in=@local}}, &(0x7f0000000180)=0xe8) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3}) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000015c0)={r4, 0x1, 0x2, r3}) eventfd(0x0) r5 = socket$inet(0x2, 0x200000002, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'veth0_to_bridge\x00', 0x0}) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f00000000c0)={r7, 0x1, 0x6, @local}, 0x8) ioctl$sock_ifreq(r6, 0x8922, &(0x7f0000000400)={'ip6tnl0\x00', @ifru_ivalue}) ioctl$sock_ifreq(r6, 0x891d, &(0x7f0000000300)={'veth1_to_bridge\x00', @ifru_map={0x8, 0x0, 0x9, 0x8000, 0x100}}) ioctl$sock_ifreq(r6, 0x8990, &(0x7f0000000040)={'bond0\x00', @ifru_names='bond_slave_1\x00'}) r9 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x213e, 0x0) syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') sendmsg$TEAM_CMD_OPTIONS_GET(r9, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8088}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c00010024000100656e61626c656401feffff000800000000000000000000000000000000000000080003000600000004000400080006edf7264232207a6e59e0bed5f0c6c693ede801a88a70093cc9cf2713f729cb734f158e75c1d0109216439303fc4fbc3253eb8740c9021fff0aff8267e69805dff87343301ca1b6d66680dce1b73ea18faaf79dfce9b47f1e171463e786fa7fb0403aa275fcd9e1ef0b17c187aeec5f74772945252154e31e53748f04e66f491887838ccf78908a15cd3b718983c28609", @ANYRES32=r7], 0x2}, 0x1, 0x0, 0x0, 0x20000841}, 0x20000040) bind$inet(r5, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0xb) ioctl$sock_SIOCGIFCONF(r6, 0x8910, &(0x7f0000000240)=@req) connect$netlink(r6, &(0x7f00000003c0)=@unspec, 0x3de) fcntl$F_GET_RW_HINT(r9, 0x40b, &(0x7f00000002c0)) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x6, 0x4, 0x8000, 0x3f}, 0x2c) mq_timedsend(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0xffffffffffffae2c, &(0x7f0000000100)={0x77359400}) flock(r4, 0x3) fgetxattr(r10, &(0x7f0000000340)=@random={'trusted.', '\x00'}, &(0x7f0000000380)=""/24, 0x18) [ 162.870203] IPVS: ftp: loaded support on port[0] = 21 [ 165.057545] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.064123] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.072461] device bridge_slave_0 entered promiscuous mode [ 165.194276] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.200726] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.208961] device bridge_slave_1 entered promiscuous mode [ 165.330013] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 165.455289] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 01:46:20 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x4, 0x4, 0x400000000004, 0x9}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r0, &(0x7f0000000140)="d6"}, 0x10) [ 165.825130] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 166.023658] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 166.404787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 166.411880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.597238] IPVS: ftp: loaded support on port[0] = 21 [ 167.017634] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 167.025703] team0: Port device team_slave_0 added [ 167.234457] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 167.242477] team0: Port device team_slave_1 added [ 167.374407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.502260] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 167.509289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 167.518027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.695759] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 167.703497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.712274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.864155] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 167.871839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.880585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 169.894890] ip (6189) used greatest stack depth: 53056 bytes left [ 169.937835] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.944379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.951240] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.957785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.966254] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 170.042640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.114046] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.120505] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.128827] device bridge_slave_0 entered promiscuous mode [ 170.400710] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.407235] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.415570] device bridge_slave_1 entered promiscuous mode 01:46:25 executing program 2: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000040)={0xffffffff}) [ 170.669050] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 170.910017] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 171.546316] IPVS: ftp: loaded support on port[0] = 21 [ 171.715513] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.915607] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.135832] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 172.143000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.400913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 172.408058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.323250] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 173.330985] team0: Port device team_slave_0 added [ 173.653186] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 173.661021] team0: Port device team_slave_1 added [ 173.971647] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 173.978707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.987595] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.217730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 174.225245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.234272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.493511] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 174.500992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.509921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 174.808734] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 174.816406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.825264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 175.471130] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.477785] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.486102] device bridge_slave_0 entered promiscuous mode [ 175.773763] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.780214] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.788601] device bridge_slave_1 entered promiscuous mode [ 175.971826] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 176.197686] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 177.030548] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 177.279937] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 177.525020] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.531481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 177.538427] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.544933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.553725] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 177.606632] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 177.614797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 01:46:32 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x4, 0x4, 0x400000000004, 0x9}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000000), &(0x7f0000000180)="2b62603e8df59be9786c207a1c2249f3515692da4aaba7d0a06068b39b9bd3d22daf79d00005b4b5d7302071eb80471bc20b77c3cdba27356156b9790d25f301606abe731b308fcff5104a9d0f271bda4cfa79b2e2fea1054492183a4946d0f47d46b6d6239e17378c85d45c74e236f9b8180d6b0961e33942ac4d61fc054e8911fcdf263a2d13c26c951c51cc99f8bcaaadd189273f9e0ab3281cebd1c04b4d3fd004ef040de34d480da52e0a4e0f32b3563f105730a3c11b205fc13f8e3e282776ce19184c407b6f3f98fd1aa79a6f2a397422295e6dfce4de0ac6b682c720c8d2af15a59b1722dc4c3af252a20181edb08b3baa3ec8038f695a69f801c647d5042e9888cd029350832c9a686fe269ad1dbccf78ed", 0x2000000000}, 0x20) [ 177.826639] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 177.833788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 178.226505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 178.785848] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 178.793860] team0: Port device team_slave_0 added [ 178.880764] IPVS: ftp: loaded support on port[0] = 21 [ 179.123267] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 179.131140] team0: Port device team_slave_1 added [ 179.472197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 179.479236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.487906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.783056] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 179.790087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.798661] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.065767] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 180.073460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.082188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.385901] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 180.393550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.402329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.094051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.364781] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 183.452312] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 183.460093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.468505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.973489] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.979955] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.988286] device bridge_slave_0 entered promiscuous mode [ 184.042768] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.049228] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.056160] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.062716] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.071218] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 184.339656] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.346260] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.354596] device bridge_slave_1 entered promiscuous mode [ 184.412409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.536625] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.664319] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 184.953158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 185.898718] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 186.213916] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 186.565336] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 186.572878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.957266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 186.964628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 01:46:42 executing program 4: capset(&(0x7f0000000000)={0x19980330}, &(0x7f00000000c0)) semtimedop(0x0, &(0x7f0000000580)=[{}], 0x1, &(0x7f0000000600)) [ 188.130314] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.138459] team0: Port device team_slave_0 added [ 188.438718] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.447156] team0: Port device team_slave_1 added [ 188.504006] IPVS: ftp: loaded support on port[0] = 21 [ 188.775795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 188.783031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.791803] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.273366] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.280421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.289378] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.645037] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.652751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.661678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.962083] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.969598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.978256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.545981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.483955] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 192.544511] ip6tnl0: mtu less than device minimum [ 192.572818] bond0: Error: Device is in use and cannot be enslaved [ 192.636756] ip6tnl0: mtu less than device minimum [ 192.663963] bond0: Error: Device is in use and cannot be enslaved [ 193.007052] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 01:46:48 executing program 0: prctl$intptr(0x1, 0x100) 01:46:48 executing program 0: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000140), &(0x7f0000000180)) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) munlockall() 01:46:48 executing program 0: r0 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x200, 0x86080) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x24000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x7c, r1, 0x800, 0xbcaa, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3b}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3f}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x54}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x100}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}]}, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x80) prctl$getreaper(0x18, &(0x7f0000000900)) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xf0, r3, 0x400, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x67}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1f}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x80}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x6e}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x7f}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfe63}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x15}}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xf8a}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_bond\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x801}, 0x0) [ 194.037140] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.043676] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.050495] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.057085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.065208] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 01:46:49 executing program 0: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) gettid() fcntl$getownex(r0, 0x10, &(0x7f0000000300)={0x0, 0x0}) r2 = syz_open_procfs(r1, &(0x7f0000000340)='coredump_filter\x00') ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000180)=""/196) preadv(r2, &(0x7f0000000480), 0x10000000000001a2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$packet_buf(r2, 0x107, 0x6, &(0x7f0000000040)="1e9902bac79edb269fdef7c0678cc42b75b58a5506b04c70a22e7a07c83b0f191786b5c92141e135b792561bdc732a0aded1d1293d492a64279403cff438df3a7bbda7b9d57a56a6f67f7f6be0a88b1cf77be84b9e4618cf1bdbd627eb47353cbabe4e3b5ff30c17136be995d2b0868add03967e4cefa5fe4689bd99bc82babe0377a1ade666f9a289ec8afbfa", 0x8d) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000000), 0x66d42b78bd2a4d5e) [ 194.202272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.439765] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 194.446662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.454396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:46:49 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$admmidi(&(0x7f0000002680)='/dev/admmidi#\x00', 0x200000020000000, 0x400400290000) ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000002580)={0x7, &(0x7f0000000100)=""/4096, &(0x7f00000024c0)=[{0xfb, 0x95, 0x9, &(0x7f0000001100)=""/149}, {0x7, 0xd7, 0x9, &(0x7f00000011c0)=""/215}, {0x4, 0x7e, 0xa6e, &(0x7f0000000040)=""/126}, {0x5, 0x1000, 0x4bf, &(0x7f00000012c0)=""/4096}, {0x4, 0x21, 0x7, &(0x7f00000022c0)=""/33}, {0xe57, 0xe5, 0x1, &(0x7f0000002300)=""/229}, {0x905, 0x8d, 0x66b, &(0x7f0000002400)=""/141}]}) ioctl$PPPIOCGFLAGS(r1, 0x8004745a, &(0x7f00000025c0)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mremap(&(0x7f00000df000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1f) 01:46:50 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6_sctp(0xa, 0x200000000000005, 0x84) r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0xffffffff, 0x8200) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x52, &(0x7f00000000c0)}, &(0x7f0000000380)=0xf3) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000002c0)={r3, 0x84, &(0x7f00000001c0)=[@in6={0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, [], 0x11}, 0x100000000}, @in6={0xa, 0x4e23, 0x2, @loopback, 0x1}, @in6={0xa, 0x4e21, 0x7fff, @remote, 0x5}, @in={0x2, 0x4e20, @remote}, @in={0x2, 0x4e23, @local}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1d}}]}, &(0x7f0000000300)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x6d, &(0x7f0000000000)=ANY=[@ANYBLOB="00fe00883c1be2adcd355a23ffc9ff00"], &(0x7f0000000080)=0x23c) [ 195.237486] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.244144] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.252371] device bridge_slave_0 entered promiscuous mode 01:46:50 executing program 0: r0 = dup(0xffffffffffffff9c) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000100)={0x0, r1, 0x6, 0x6, 0x401, 0x72}) r2 = accept$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000200)=0xfffffffffffffca3) poll(&(0x7f0000000000)=[{r2, 0x4052}], 0x1, 0x68d1) [ 195.731069] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.737792] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.745984] device bridge_slave_1 entered promiscuous mode [ 195.848004] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.134813] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 196.510336] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 01:46:51 executing program 0: pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) munlock(&(0x7f0000003000/0x3000)=nil, 0x3000) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080)={0x5, 0x81}, 0x2) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x141200, 0x143) r2 = open(&(0x7f0000000140)='./file0\x00', 0x141042, 0x180) write$uinput_user_dev(r1, &(0x7f0000000180)={'syz0\x00', {0x7, 0x6, 0x7f, 0x3}, 0x41, [0xfffffffffffffe01, 0x40, 0x43, 0x2a, 0x7, 0x740, 0xcb43, 0x9, 0x7e, 0x40, 0xd90, 0x4, 0x2, 0x4, 0x3f, 0x8, 0x5, 0x200, 0x53c, 0x800, 0x1, 0x8, 0x0, 0xfffffffffffffff7, 0x4, 0x8001, 0x80000001, 0x7fffffff, 0x6, 0x4, 0xe2ba, 0x8, 0x8000, 0x8, 0x2, 0x8, 0x1, 0x7, 0x6, 0x2, 0xbb, 0x3f, 0xfffffffffffffffa, 0xff, 0x2, 0x4, 0x3, 0x2, 0x0, 0x4, 0x4, 0x10001, 0x9, 0x6, 0x6, 0x8000, 0x7, 0xf6, 0x52c3, 0x3ff, 0x7fffffff, 0xffffffff80000000, 0x5a7e4e23, 0x3ff], [0x2, 0x1, 0xfff, 0x6, 0x2, 0x800, 0xa8, 0x1, 0x0, 0x7, 0x1, 0x200, 0x7, 0x0, 0x4, 0xecb, 0x0, 0x16ce, 0x0, 0x2, 0x4d, 0x9, 0x7, 0x101, 0x9, 0xfffffffffffffffa, 0x10001, 0x4, 0xc, 0x800, 0x5ec, 0x88b, 0x7, 0xfffffffeffffffff, 0x5, 0xac7d, 0x3f, 0xaba1, 0x7, 0x6, 0x80, 0x4, 0x80000001, 0x9, 0x7ff, 0x401, 0x7, 0x9, 0x7, 0x4, 0x6, 0x8, 0x3, 0x1db, 0x0, 0x8, 0x1, 0x6, 0x8, 0x5, 0x2, 0x400, 0xfffffffffffffffe, 0x9], [0xbd, 0x2, 0x2, 0x6, 0x4, 0x3, 0x8, 0x0, 0x2, 0x80, 0x5, 0x9, 0x80000001, 0x9, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x2, 0x400, 0x1, 0xce7d, 0x10001, 0x20, 0x80000001, 0x9, 0x100000000, 0x8001, 0x6, 0x1, 0x2, 0x10001, 0x3, 0x3, 0x401, 0x10001, 0x8, 0x7fff, 0xff, 0x1, 0x8bfa, 0x1b6cc644, 0x8, 0x80000000, 0x3da, 0x2, 0xfffffffffffffff8, 0x3, 0x20, 0x7, 0x2, 0x3ff, 0x0, 0x40, 0x9, 0x6, 0xffffffffffffffc0, 0x9, 0x8ebe, 0x40, 0x25, 0x6, 0x8001, 0x1], [0xb32, 0x890c, 0x5, 0x0, 0x8, 0x7, 0x3f, 0x1000, 0x3, 0x7fffffff, 0x0, 0x3, 0xce, 0x4, 0x0, 0x5, 0x200, 0x944d, 0x64, 0x3, 0x9, 0xefd, 0x8, 0x8, 0x5, 0x7, 0x100, 0x2, 0x32, 0x8, 0x3ff, 0x74, 0x8, 0x4d, 0x34734800, 0xe3b, 0x401, 0x1, 0x401, 0x6, 0x4, 0x7ff, 0xffffffff80000000, 0x3, 0x78d, 0x4, 0x0, 0xfffffffffffffff9, 0x5, 0x21, 0xc05d, 0x401, 0x6, 0x1, 0x0, 0x5, 0x3, 0x2, 0x0, 0x787, 0x6, 0x8001, 0x9, 0xb8]}, 0x45c) ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000000)={0x1, 0xff8000000000, 0x941}) fstat(r2, &(0x7f0000000fbc)) sigaltstack(&(0x7f0000001000/0x3000)=nil, 0x0) [ 197.633981] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 198.015229] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 198.242842] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 198.250775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.463823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 198.471152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.557476] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.225288] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.233406] team0: Port device team_slave_0 added [ 199.503003] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 199.510857] team0: Port device team_slave_1 added [ 199.548185] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.791154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 199.798851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.807520] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.051408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.058689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.067354] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.337383] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 200.345051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.353844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.615543] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 200.623348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.632011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.649532] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 200.656018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.663715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.673276] 8021q: adding VLAN 0 to HW filter on device team0 01:46:57 executing program 1: [ 203.150816] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.157321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.164250] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.170662] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.179219] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 203.186286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.889866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.652601] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 206.376749] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 206.382001] usb usb5: usbfs: interface 0 claimed by hub while 'syz-executor2' sets config #-1 [ 206.383267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 206.399244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:47:01 executing program 2: [ 207.013580] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.747571] 8021q: adding VLAN 0 to HW filter on device bond0 01:47:05 executing program 3: [ 210.219534] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 210.520587] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 210.526902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.534724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.811036] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.557856] capability: warning: `syz-executor4' uses 32-bit capabilities (legacy support in use) 01:47:07 executing program 4: 01:47:07 executing program 0: openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000280)=""/40, &(0x7f0000000200)=0x28) 01:47:07 executing program 5: r0 = pkey_alloc(0x0, 0x3) pkey_mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, r0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x9, 0x80000) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000040)) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000080)={0x3ff, 0x0, 0x8, 0x0, 0x8, 0x3, 0xffffffff, 0xa0a, 0x6, 0x200, 0x6}) ioctl$TIOCSTI(r1, 0x5412, 0x8) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) setsockopt$inet_tcp_buf(r1, 0x6, 0xd, &(0x7f0000000200)="3f9dbfc632765e1b1c7b9dbd6ad7a4b96b0c964875896db0b1197575cd01b7a5e808fb90bb4f136fadb69156672c0bee7baca7874a0dc0d863e6b6e336a16b904c759e90f25904383fe3981d33e38dd4f64815642642738ede4b2b1765c3c14eccd8e5ce73ad5a48a88d4a2f58adb08d3d6e869007720b7261320170322d39663ccf8047c4586d0ff263aa3f5f2a322b", 0x90) ioctl$KDGETLED(r1, 0x4b31, &(0x7f00000002c0)) ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000300)) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000340)={{0x4, 0x3}, {0x2, 0x4}, 0xbf, 0x1, 0x8}) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r1, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x44, r3, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4000001) ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000540)=0x5) r4 = msgget$private(0x0, 0x40) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = getgid() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000640)=0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000680)=0x0) msgctl$IPC_SET(r4, 0x1, &(0x7f00000006c0)={{0x100000000, r2, r5, r2, r6, 0x1c, 0x81}, 0x3, 0x3, 0x0, 0x4000000000000, 0x9, 0x6, r7, r8}) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000740)={0x0, 0x7, 0x9a, 0x5}) pkey_mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x300000a, r0) r9 = syz_genetlink_get_family_id$fou(&(0x7f00000007c0)='fou\x00') sendmsg$FOU_CMD_GET(r1, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x48, r9, 0x404, 0x70bd2a, 0x25dfdbfd, {}, [@FOU_ATTR_AF={0x8, 0x2, 0xa}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0xaf}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_TYPE={0x8, 0x4, 0x3}, @FOU_ATTR_AF={0x8, 0x2, 0xa}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e23}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x40800) msgget$private(0x0, 0x100) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000900)={0x0, @in={{0x2, 0x4e21, @loopback}}, 0x8, 0x7fff}, &(0x7f00000009c0)=0x90) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000a00)={r10, 0x5}, 0x8) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000a40)={0xa, [0x10001, 0x6, 0x100000000, 0x9, 0x6, 0x5, 0xc0e0, 0x401, 0x3, 0x400]}, &(0x7f0000000a80)=0x18) fsetxattr$security_evm(r1, &(0x7f0000000ac0)='security.evm\x00', &(0x7f0000000b00)=@sha1={0x1, "b8864eca662a5aedeaed09e76fc070c7e152d50f"}, 0x15, 0x1) socket$inet_tcp(0x2, 0x1, 0x0) 01:47:07 executing program 1: 01:47:07 executing program 2: 01:47:07 executing program 3: 01:47:07 executing program 3: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = mq_open(&(0x7f0000000000)="5cf7a0cc16482d6f0037e6b31a8e697add303650d4880073ef75df610179dec236aa04e9468779ba0700000000000000359855b49b889bb5e49b358e793a6f7af52766d6fe93ca0672ac1b8a87ca6677d5220fb77cb613b3db9104d16aa1ca6cc76a74e7bd4bdc5226757b03f85b010324576c40c1c8655c739fc1a68df5e2bcb6e5ed46c8289e48ea75e785eb5d6497cd233b10b91832cf5e31767c1c419d4646cd883f25", 0x0, 0x0, &(0x7f0000664fc0)) mq_getsetattr(r1, &(0x7f0000738fc0), &(0x7f0000356000)) 01:47:07 executing program 2: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") mq_open(&(0x7f0000000000)="5cf7a0cc16482d6f0037e6b31a8e697add303650d4880073ef75df610179dec236aa04e9468779ba0700000000000000359855b49b889bb5e49b358e793a6f7af52766d6fe93ca0672ac1b8a87ca6677d5220fb77cb613b3db9104d16aa1ca6cc76a74e7bd4bdc5226757b03f85b010324576c40c1c8655c739fc1a68df5e2bcb6e5ed46c8289e48ea75e785eb5d6497cd233b10b91832cf5e31767c1c419d4646cd883f25", 0x0, 0x0, &(0x7f0000664fc0)) 01:47:08 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234488dd2be7d6070") r1 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'veth1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000440), 0xc, &(0x7f0000000040)={&(0x7f0000000380)=@ipv4_newaddr={0x20, 0x14, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @loopback}]}, 0x20}}, 0x0) r3 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 01:47:08 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4f, 0x31}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x201a7f1b, 0x0, 0x201a7fd7, 0xa, 0x0, 0xff00}]}, &(0x7f0000000000)="1d4e4cc000", 0x20000, 0xffe3, &(0x7f00001a7f05)=""/251}, 0x48) 01:47:08 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cd34660", 0x10) 01:47:08 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f00000004c0)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000040)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd401000100ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000780)={0x25, @time}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5332, &(0x7f0000000580)={0x0, 0x0, 0x0, 'queue0\x00'}) 01:47:08 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005", 0x5) r1 = accept$alg(r0, 0x0, 0x0) write$sndseq(r1, &(0x7f0000000080), 0x54c) recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0x8}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x40000000000022d, 0x0, &(0x7f0000001380)={0x77359400}) 01:47:08 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000000840), 0xc, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0xaa09, 0x6, 0xffffffffffffffff}, 0x14}}, 0x0) [ 213.877885] IPVS: ftp: loaded support on port[0] = 21 [ 215.075547] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.082019] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.089441] device bridge_slave_0 entered promiscuous mode [ 215.163843] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.170250] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.178571] device bridge_slave_1 entered promiscuous mode [ 215.251771] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.326291] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 215.547929] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 215.625877] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 215.769083] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 215.776121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 215.995287] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 216.002835] team0: Port device team_slave_0 added [ 216.077136] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 216.084670] team0: Port device team_slave_1 added [ 216.158314] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 216.232555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 216.308951] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 216.316277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.325150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 216.394005] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 216.401245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 216.410131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.231825] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.238235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.245112] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.251633] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.259236] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.742050] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.278914] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.556863] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 220.839392] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.845873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.853863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.135798] 8021q: adding VLAN 0 to HW filter on device team0 01:47:18 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r1, 0x40087602, &(0x7f00000000c0)={&(0x7f0000ffa000/0x3000)=nil, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil}) ioctl$DRM_IOCTL_AUTH_MAGIC(r1, 0x40046411, &(0x7f0000000040)=0x1) dup2(r0, r1) 01:47:18 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000000)) 01:47:18 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") close(r1) 01:47:18 executing program 2: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") recvfrom(r0, &(0x7f0000000100)=""/36, 0x24, 0x0, &(0x7f00000001c0)=@nfc_llcp={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "4affd700ae2faa8aed72791c4adea867139df153302dcf7b91e31079bd1a93f810624228d933d7cfdd911bb8175e4bea31f6f297f09a7c33be1926c128a36e"}, 0x80) 01:47:18 executing program 3: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x805, 0x0) ioctl(r1, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') sendfile(r0, r2, &(0x7f0000000100), 0x480000001) 01:47:18 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/255, 0x443}], 0xc8) io_submit(0x0, 0x1, &(0x7f0000000500)=[&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x3}]) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)) mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) r1 = syz_open_pts(r0, 0x2) dup3(r1, r0, 0x80000) write(r0, &(0x7f0000c34fff), 0xffffff0b) 01:47:18 executing program 3: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/attr/keycreate\x00', 0x2, 0x0) readv(r0, &(0x7f0000000300)=[{&(0x7f0000000140)=""/95, 0x5f}], 0x1) 01:47:18 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000ac5000)='./file0\x00', 0xa400295c) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000280)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", 0x1) 01:47:18 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x2, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") close(r1) 01:47:18 executing program 4: r0 = socket$inet6(0xa, 0x1080000000002, 0x0) ioctl(r0, 0x4000100000008912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x40000000002, 0x0) writev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0bd2430f080319", 0x7}], 0x1) 01:47:18 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0105512, &(0x7f0000000040)) 01:47:18 executing program 5: 01:47:18 executing program 3: 01:47:18 executing program 1: 01:47:18 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000ac5000)='./file0\x00', 0xa400295c) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000280)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", 0x1) 01:47:18 executing program 4: 01:47:19 executing program 0: 01:47:19 executing program 5: 01:47:19 executing program 1: 01:47:19 executing program 3: 01:47:19 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000ac5000)='./file0\x00', 0xa400295c) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000280)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", 0x1) 01:47:19 executing program 5: 01:47:19 executing program 4: 01:47:19 executing program 1: 01:47:19 executing program 0: 01:47:19 executing program 3: 01:47:19 executing program 5: 01:47:19 executing program 0: 01:47:19 executing program 1: 01:47:19 executing program 4: 01:47:19 executing program 2: 01:47:19 executing program 3: 01:47:20 executing program 1: 01:47:20 executing program 5: 01:47:20 executing program 3: 01:47:20 executing program 0: 01:47:20 executing program 4: 01:47:20 executing program 2: 01:47:20 executing program 1: 01:47:20 executing program 5: 01:47:20 executing program 0: 01:47:20 executing program 3: 01:47:20 executing program 4: 01:47:20 executing program 2: 01:47:20 executing program 3: 01:47:20 executing program 5: 01:47:21 executing program 0: 01:47:21 executing program 1: 01:47:21 executing program 4: 01:47:21 executing program 3: 01:47:21 executing program 5: 01:47:21 executing program 2: 01:47:21 executing program 0: 01:47:21 executing program 4: 01:47:21 executing program 1: 01:47:21 executing program 3: 01:47:21 executing program 2: 01:47:21 executing program 5: 01:47:21 executing program 0: 01:47:21 executing program 1: 01:47:22 executing program 2: 01:47:22 executing program 3: r0 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x3) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000000100)='F', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in={{0xa, 0x0, @dev, [0x0, 0x300000000000000, 0x0, 0x0, 0x4000000]}}, 0x0, 0x0, 0x40000004, 0x0, 0x14}, 0x98) r2 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r2, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, &(0x7f00000000c0)) getgroups(0x0, &(0x7f0000000240)) write$P9_RFSYNC(0xffffffffffffffff, &(0x7f0000000040)={0x7}, 0x7) 01:47:22 executing program 4: add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz'}, &(0x7f0000000340)='4', 0x1, 0xfffffffffffffffc) 01:47:22 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x1000000000000001) ioctl$FS_IOC_FSGETXATTR(r1, 0x80085504, &(0x7f0000000040)) 01:47:22 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x5452, &(0x7f0000000200)=0x800000e7) [ 227.298133] usb usb5: usbfs: process 7850 (syz-executor5) did not claim interface 0 before use 01:47:22 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f00000000c0)=@get={0x1, &(0x7f0000000000)=""/141, 0x4b}) 01:47:22 executing program 1: r0 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$xdp(r0, &(0x7f00000001c0)={&(0x7f0000000040), 0x10, &(0x7f0000000180)}, 0x0) 01:47:22 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4f}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x3, &(0x7f0000346fc8)=@framed={{}, [], {0x95, 0x0, 0x0, 0x79}}, &(0x7f0000000000)="1d4e4cc000", 0x20000, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 01:47:22 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f00000003c0), 0x4) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000140)) 01:47:22 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000040c0), 0x1000) read$FUSE(r0, &(0x7f00000020c0), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) readlink(&(0x7f0000001580)='./file0/file0\x00', &(0x7f0000000480)=""/4096, 0x1000) write$FUSE_DIRENT(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="90000000000000000200000000000000010000000045000000000000000000000b08956d069e000000002066ce654d316e6f646576656d3100f9ff00000000000000000000000000000000000001000000000000002c00000000000008000000000000000000000000000000001c00000000000051a717000418b9b3cc002b737973740400000065746367726f757024"], 0x90) creat(&(0x7f0000000400)='./file0/file0\x00', 0x0) 01:47:22 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x0) 01:47:22 executing program 0: rt_sigprocmask(0x0, &(0x7f0000000100)={0xfffffffffffffffa}, 0x0, 0x8) r0 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x7, 0x4, @tid=r0}, &(0x7f0000000080)) timer_settime(0x0, 0x3, &(0x7f000004a000)={{0x0, 0x1}, {0x7, 0xe4c}}, &(0x7f0000040000)) rt_sigreturn() 01:47:22 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="9d09"], 0x2) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000140)={0x7f}) 01:47:23 executing program 1: r0 = socket$l2tp(0x18, 0x1, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket(0x200000000000011, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r2}, 0x14) sendmmsg$inet_sctp(r1, &(0x7f0000871fc8), 0x71, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x369, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$ndb(&(0x7f0000000280)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") 01:47:23 executing program 3: syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000180), &(0x7f0000000240)=0x20) syz_open_dev$dri(&(0x7f00000006c0)='/dev/dri/card#\x00', 0x0, 0x0) add_key(&(0x7f0000000440)='.dead\x00', &(0x7f0000000480)={'syz'}, &(0x7f00000004c0), 0x0, 0xfffffffffffffffc) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x390, 0xfffffffffffffffb) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes-aesni)\x00'}, 0x1c) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000340)={0x7}, 0x7) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000300)) 01:47:23 executing program 1: r0 = syz_open_dev$mice(&(0x7f0000000380)='/dev/input/mice\x00', 0x0, 0x0) pipe(&(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xffffffea) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) timerfd_gettime(r0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x2a}, &(0x7f0000000200)={0x0, r3+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) ppoll(&(0x7f0000000280), 0x0, &(0x7f0000000340)={0x0, 0x1c9c380}, &(0x7f00000003c0)={0xfffffffffffffffd}, 0x8) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 228.518119] Invalid option length (261) for dns_resolver key 01:47:23 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x10) 01:47:23 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000014c0), 0x700) read$FUSE(r0, &(0x7f00000044c0), 0x9c) 01:47:23 executing program 2: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000014c0), 0x700) read$FUSE(r0, &(0x7f00000004c0), 0x700) [ 228.902495] hrtimer: interrupt took 101416 ns 01:47:24 executing program 5: r0 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$NBD_DISCONNECT(r0, 0xab08) 01:47:24 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x4f}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x3, &(0x7f0000346fc8)=@framed={{}, [], {0x95, 0x7a}}, &(0x7f0000000000)="1d4e4cc000", 0x20000, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 01:47:24 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000440)=ANY=[@ANYBLOB="e74528ea6738dc83b68e02f511ceda138e3539296e1b4bb3048349f78db1f77f0d5d3b5ba56b7148fecd4634cfd9d03512a90d322920e738ed6aae9407baff2994b361"], 0x1) 01:47:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x40000106]}) 01:47:24 executing program 4: msgget(0x2, 0xffffffffffffffff) 01:47:24 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x0) 01:47:25 executing program 3: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000140)=""/11, 0xfc5c) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)) clone(0x1102001bfc, 0x0, 0xfffffffffffffffe, &(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000480)={@mcast2}) 01:47:25 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x800000e7) [ 230.170533] ================================================================== [ 230.177955] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920 [ 230.184549] CPU: 0 PID: 7974 Comm: syz-executor5 Not tainted 4.19.0-rc4+ #63 [ 230.191736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 230.201094] Call Trace: [ 230.203701] dump_stack+0x306/0x460 [ 230.207344] ? _raw_spin_lock_irqsave+0x227/0x340 [ 230.212203] ? vmx_create_vcpu+0x10df/0x7920 [ 230.216641] kmsan_report+0x1a3/0x2d0 [ 230.220483] __msan_warning+0x7c/0xe0 [ 230.224306] vmx_create_vcpu+0x10df/0x7920 [ 230.228562] ? kmsan_set_origin_inline+0x6b/0x120 [ 230.233427] ? __msan_poison_alloca+0x17a/0x210 [ 230.238134] ? vmx_vm_init+0x340/0x340 [ 230.242039] kvm_arch_vcpu_create+0x25d/0x2f0 [ 230.246558] kvm_vm_ioctl+0x13fd/0x33d0 [ 230.250550] ? __msan_poison_alloca+0x17a/0x210 [ 230.255237] ? do_vfs_ioctl+0x18a/0x2810 [ 230.259320] ? __se_sys_ioctl+0x1da/0x270 [ 230.263496] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 230.268359] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 230.273224] do_vfs_ioctl+0xcf3/0x2810 [ 230.277137] ? security_file_ioctl+0x92/0x200 [ 230.281658] __se_sys_ioctl+0x1da/0x270 [ 230.285663] __x64_sys_ioctl+0x4a/0x70 [ 230.290172] do_syscall_64+0xbe/0x100 [ 230.294345] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 230.299542] RIP: 0033:0x457579 [ 230.302757] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 230.321673] RSP: 002b:00007fc107935c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 230.329397] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 230.336681] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 230.343964] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 230.351239] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc1079366d4 [ 230.358518] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 230.365805] 01:47:25 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x4, 0x4, 0x400000000004, 0x9}, 0x2c) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000080), &(0x7f0000000980)}, 0x20) r2 = dup2(r1, r0) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f00000002c0)={0x0, 0x0, 0x10001}) msgget$private(0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x101, 0x0) ioctl$LOOP_SET_CAPACITY(r3, 0x4c07) ioctl$EVIOCGABS3F(r3, 0x8018457f, &(0x7f0000000100)=""/237) 01:47:25 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f00000014c0), 0x1000) read$FUSE(r1, &(0x7f00000024c0), 0x1000) 01:47:25 executing program 2: add_key(&(0x7f0000000380)='difs.spnego\x00', &(0x7f0000000580), &(0x7f0000000140), 0x0, 0x0) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x390, 0xfffffffffffffffb) [ 230.367452] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu [ 230.374382] Variable was created at: [ 230.378116] vmx_create_vcpu+0xd5/0x7920 [ 230.383770] kvm_arch_vcpu_create+0x25d/0x2f0 [ 230.388270] ================================================================== [ 230.395633] Disabling lock debugging due to kernel taint [ 230.401086] Kernel panic - not syncing: panic_on_warn set ... [ 230.401086] [ 230.408994] CPU: 0 PID: 7974 Comm: syz-executor5 Tainted: G B 4.19.0-rc4+ #63 [ 230.417577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 230.428154] Call Trace: [ 230.430762] dump_stack+0x306/0x460 [ 230.434421] panic+0x54c/0xafa [ 230.437680] kmsan_report+0x2cd/0x2d0 [ 230.441504] __msan_warning+0x7c/0xe0 [ 230.445776] vmx_create_vcpu+0x10df/0x7920 [ 230.450030] ? kmsan_set_origin_inline+0x6b/0x120 [ 230.454896] ? __msan_poison_alloca+0x17a/0x210 [ 230.459593] ? vmx_vm_init+0x340/0x340 [ 230.463501] kvm_arch_vcpu_create+0x25d/0x2f0 [ 230.468021] kvm_vm_ioctl+0x13fd/0x33d0 [ 230.472018] ? __msan_poison_alloca+0x17a/0x210 [ 230.476710] ? do_vfs_ioctl+0x18a/0x2810 [ 230.480791] ? __se_sys_ioctl+0x1da/0x270 [ 230.484960] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 230.489821] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 230.494684] do_vfs_ioctl+0xcf3/0x2810 [ 230.499040] ? security_file_ioctl+0x92/0x200 [ 230.503566] __se_sys_ioctl+0x1da/0x270 [ 230.507561] __x64_sys_ioctl+0x4a/0x70 [ 230.511479] do_syscall_64+0xbe/0x100 [ 230.515299] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 230.520501] RIP: 0033:0x457579 [ 230.523706] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 230.542624] RSP: 002b:00007fc107935c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 230.550362] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 230.557651] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 230.564935] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 230.572215] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc1079366d4 [ 230.579497] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 230.588406] Kernel Offset: disabled [ 230.592064] Rebooting in 86400 seconds..