[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   57.651781] audit: type=1800 audit(1540524677.701:25): pid=5982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   57.670939] audit: type=1800 audit(1540524677.701:26): pid=5982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   57.690536] audit: type=1800 audit(1540524677.731:27): pid=5982 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts.
2018/10/26 03:31:32 fuzzer started
2018/10/26 03:31:37 dialing manager at 10.128.0.26:35127
2018/10/26 03:31:37 syscalls: 1
2018/10/26 03:31:37 code coverage: enabled
2018/10/26 03:31:37 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/26 03:31:37 setuid sandbox: enabled
2018/10/26 03:31:37 namespace sandbox: enabled
2018/10/26 03:31:37 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/26 03:31:37 fault injection: enabled
2018/10/26 03:31:37 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/26 03:31:37 net packed injection: enabled
2018/10/26 03:31:37 net device setup: enabled
03:34:26 executing program 0:
r0 = socket$inet(0x10, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="240000005e0007031dfffd946fa2830020200a0009000300f01d85680c1ba3a22008ff7e", 0x24}], 0x1}, 0x0)

syzkaller login: [  247.176345] IPVS: ftp: loaded support on port[0] = 21
[  249.658523] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.665121] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.673669] device bridge_slave_0 entered promiscuous mode
[  249.822174] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.828812] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.837410] device bridge_slave_1 entered promiscuous mode
[  249.983658] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  250.130331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
03:34:30 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair(0x0, 0xa, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000), &(0x7f0000000040)=0x8)
pipe2(&(0x7f0000000440), 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000140)="360f303e0f01df6766c7442400090000006766c7442402020000006766c744240600000000670f011c240f20c06635200000060f22c0263356470f0764f30f2a342e260f0f970a008e0f08660f5808", 0x4f}], 0x1, 0x0, &(0x7f0000000200), 0x0)

[  250.602886] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  250.750835] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  251.051103] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  251.058485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  251.318899] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  251.326131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  251.354981] IPVS: ftp: loaded support on port[0] = 21
[  252.168814] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  252.177257] team0: Port device team_slave_0 added
[  252.395603] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  252.403699] team0: Port device team_slave_1 added
[  252.700629] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  252.707845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  252.716841] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  252.862093] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  252.869333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  252.878123] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  253.129942] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  253.137818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  253.147164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  253.406538] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  253.414412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  253.423340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  255.409818] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.416471] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.425077] device bridge_slave_0 entered promiscuous mode
[  255.708296] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.715056] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.723535] device bridge_slave_1 entered promiscuous mode
[  256.006364] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  256.131514] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.138111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  256.145176] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.151634] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.160517] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
03:34:36 executing program 2:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x202000000802, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@loopback, 0x0, 0x1}, 0x20)

[  256.241589] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  256.249056] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  257.050340] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  257.202692] IPVS: ftp: loaded support on port[0] = 21
[  257.392055] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  257.683138] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  257.690580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  258.023162] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  258.030327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  258.891709] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  258.899854] team0: Port device team_slave_0 added
[  259.225460] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  259.233681] team0: Port device team_slave_1 added
[  259.539250] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  259.546537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  259.555552] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  259.902231] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  259.909552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  259.918466] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  260.194036] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  260.201735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  260.211121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  260.520437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  260.528204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  260.537537] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  261.968126] bridge0: port 1(bridge_slave_0) entered blocking state
[  261.974773] bridge0: port 1(bridge_slave_0) entered disabled state
[  261.983301] device bridge_slave_0 entered promiscuous mode
[  262.267679] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.274179] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.282856] device bridge_slave_1 entered promiscuous mode
[  262.546221] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  262.825992] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  263.628557] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  263.831262] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.837817] bridge0: port 2(bridge_slave_1) entered forwarding state
[  263.844793] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.851243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  263.860278] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  263.885660] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  264.139257] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  264.146434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  264.383550] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  264.390785] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  264.504695] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
03:34:45 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x1000000000000002, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000100)="2300000052008152915a655067d7aee4050c0000136017edcaa30000000000008b1832", 0x23}], 0x1, &(0x7f0000000040)}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)="2f67726f3c23fb57e6c60f1f4b45b74d999a9a8c2ce15b26e518a4cb3a9cd12dcea440d899c22c652b3a471b4a7db7f3fef6e02e2be389de133945a385bd81e9bdeeee03000000000000005b540745df4b1dee483b157624c5bc719a099e6a3509000000398c34", 0x2761, 0x0)
socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f00000002c0))
ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f00000000c0))
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0)
ioctl$RNDGETENTCNT(r1, 0x80045200, &(0x7f0000000080))
getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f00000000c0), 0x4)
recvmsg$kcm(r0, &(0x7f0000000540)={&(0x7f0000000280)=@nfc_llcp, 0x80, &(0x7f00000004c0), 0x0, &(0x7f0000000500)=""/30, 0x1e}, 0x0)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000580), 0x4)

[  265.244790] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  265.252855] team0: Port device team_slave_0 added
[  265.612735] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  265.620883] team0: Port device team_slave_1 added
[  265.986085] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  265.993153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  266.001929] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  266.314754] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  266.321798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  266.330790] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  266.401203] IPVS: ftp: loaded support on port[0] = 21
[  266.698399] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  266.706094] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  266.715318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  267.044578] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  267.052165] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  267.061508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  269.551426] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.000025] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  271.406196] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.412675] bridge0: port 2(bridge_slave_1) entered forwarding state
[  271.419716] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.426264] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.435116] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  271.786195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  272.456474] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  272.463044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  272.471222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  272.636444] bridge0: port 1(bridge_slave_0) entered blocking state
[  272.642947] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.651730] device bridge_slave_0 entered promiscuous mode
[  273.067594] bridge0: port 2(bridge_slave_1) entered blocking state
[  273.074153] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.082759] device bridge_slave_1 entered promiscuous mode
[  273.476460] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  273.799682] 8021q: adding VLAN 0 to HW filter on device team0
[  273.818556] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  274.824202] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  275.156361] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  275.472462] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  275.479866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
03:34:55 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000018000)={&(0x7f0000000000), 0xc, &(0x7f0000013ff1)={&(0x7f0000000040)=ANY=[@ANYBLOB="24000000180001e3007d00000000000001000000100006000c0000000000000080000000"], 0x1}}, 0x0)

[  275.878375] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  275.885549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  277.274526] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  277.282814] team0: Port device team_slave_0 added
[  277.345420] IPVS: ftp: loaded support on port[0] = 21
[  277.734173] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  277.742294] team0: Port device team_slave_1 added
[  278.108719] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  278.115900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  278.124940] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  278.492992] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  278.500420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  278.509404] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  278.962368] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  278.970233] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  278.979325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  279.332894] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  279.340839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  279.349702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  279.948230] 8021q: adding VLAN 0 to HW filter on device bond0
[  281.542061] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  283.224025] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  283.230557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  283.238655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
03:35:04 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1, 0x3, 0xf000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  284.235442] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  284.311248] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.317941] bridge0: port 2(bridge_slave_1) entered forwarding state
[  284.325056] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.331548] bridge0: port 1(bridge_slave_0) entered forwarding state
[  284.340203] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  284.646446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  284.768599] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.775366] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.783763] device bridge_slave_0 entered promiscuous mode
03:35:04 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x0, 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="8a3b370971a8380000e6464069b2fd913fc027ab07d79d8e450b85b67a8fa6df9e3f70dd76a91c00000000001eefeceeed6b55bd1b9292c952"], &(0x7f0000003ff6)='syzkaller\x00', 0x0, 0xc3, &(0x7f0000009f3d)=""/195}, 0x48)
r0 = syz_open_dev$usbmon(&(0x7f0000000180)='/dev/usbmon#\x00', 0x800, 0x800)
ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x200d01, 0x0)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000040)={0x0, 0x0, @ioapic})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffff9f}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x437, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [0x7a]}, 0x48)

[  284.989542] 8021q: adding VLAN 0 to HW filter on device team0
[  285.218651] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.225398] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.233793] device bridge_slave_1 entered promiscuous mode
03:35:05 executing program 0:
r0 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x100000001)
read(r0, &(0x7f0000000140)=""/113, 0x352)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000100)=0x7f, 0x4)
r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x5, 0x80)
ioctl$DRM_IOCTL_AGP_INFO(r1, 0x80386433, &(0x7f00000001c0)=""/233)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r2, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x40004e23, 0x0, @loopback}, 0x1c)

[  285.785304] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
03:35:06 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000040))
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000000740)}}], 0x1, 0x0, &(0x7f0000003280))
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='comm\x00')
preadv(r1, &(0x7f00000017c0), 0x1d0, 0x0)

[  286.154351] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
03:35:06 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x200000000010000, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000))

03:35:07 executing program 0:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x800000002)
r1 = socket$inet6_sctp(0xa, 0x1000000003, 0x84)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200000, 0x16)
getsockname$inet(r2, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000080)=0x10)
sendto$inet6(r1, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000200), &(0x7f0000000140)=0x8)

[  287.493856] bond0: Enslaving bond_slave_0 as an active interface with an up link
03:35:07 executing program 0:
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0))
r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/7, 0x1}], 0x2d5)
r1 = gettid()
ioctl$int_in(r0, 0x800000800c5011, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680))
tkill(r1, 0x15)

[  287.984196] bond0: Enslaving bond_slave_1 as an active interface with an up link
03:35:08 executing program 0:
r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000100)='/dev/md0\x00', 0x5, 0x0)
unshare(0x40000)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x4, 0x480080)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f00000001c0)={0xffffffff, 0x7fffffff, 0x9, {0x77359400}, 0x80000000, 0x7})
close(r0)
sync_file_range(r0, 0x0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x0, 0x0)
write$P9_RVERSION(r2, &(0x7f00000000c0)={0x11, 0x65, 0xffff, 0x4000040040000000, 0xc4, '9P2000.L'}, 0xc)
socketpair(0x0, 0xe, 0xc1e, &(0x7f0000000000))

[  288.428403] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  288.435722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  288.871881] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  288.879058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  289.358370] 8021q: adding VLAN 0 to HW filter on device bond0
[  289.755788] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  289.763863] team0: Port device team_slave_0 added
[  290.098430] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  290.106786] team0: Port device team_slave_1 added
[  290.380460] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  290.387662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  290.396460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  290.460227] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  290.689960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  290.697228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  290.706097] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  290.982977] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  290.990730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  290.999745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  291.218000] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  291.225822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  291.234765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  291.712721] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  291.719298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  291.727314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  292.846672] 8021q: adding VLAN 0 to HW filter on device team0
[  293.588743] hrtimer: interrupt took 45709 ns
03:35:14 executing program 1:
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30)
keyctl$join(0x1, &(0x7f00000005c0))
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0)
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x0, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev={[], 0x16}}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x101000, 0x43)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f00000003c0)={0xb7, @multicast1, 0x4e21, 0x2, 'rr\x00', 0x0, 0x3b703358, 0x4f}, 0x2c)
ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000))
openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x2, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040))

[  294.961759] bridge0: port 2(bridge_slave_1) entered blocking state
[  294.968348] bridge0: port 2(bridge_slave_1) entered forwarding state
[  294.975388] bridge0: port 1(bridge_slave_0) entered blocking state
[  294.981860] bridge0: port 1(bridge_slave_0) entered forwarding state
[  294.990459] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  294.997286] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  297.975986] 8021q: adding VLAN 0 to HW filter on device bond0
[  298.804167] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
03:35:19 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x4000010004002)
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x0)

[  299.661875] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  299.668379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  299.676340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  300.233574] 8021q: adding VLAN 0 to HW filter on device team0
[  302.603918] 8021q: adding VLAN 0 to HW filter on device bond0
[  303.150949] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
03:35:23 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee6b}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
seccomp(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffff7f7ffffffe}]})

[  303.694909] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  303.701370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  303.709556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  304.137112] 8021q: adding VLAN 0 to HW filter on device team0
03:35:26 executing program 4:
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000380)=0x40, 0x12)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2)
keyctl$join(0x1, &(0x7f00000005c0))
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0)
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev={[], 0x16}}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = fcntl$dupfd(r1, 0x0, r0)
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800))
r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
timerfd_settime(r5, 0x1, &(0x7f0000000240)={{}, {0x0, 0x1c9c380}}, &(0x7f0000000280))
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={0x0, r2, 0x2, 0x1}, 0x14)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x101000, 0x43)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94)
ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f00000003c0)={0xb7, @multicast1, 0x4e21, 0x2, 'rr\x00', 0x0, 0x3b703358, 0x4f}, 0x2c)
ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000))
openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x2, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040))

03:35:26 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = accept(r0, &(0x7f00000003c0)=@l2, &(0x7f0000000440)=0x80)
setsockopt$inet6_tcp_int(r1, 0x6, 0x0, &(0x7f0000000480)=0x7ff, 0x4)
close(r0)
setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000000)=0x1000, 0x4)
r2 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f0000000200)="2f6578650000c10000000000e9ff0700000000000054fa07424adee916d2da75afe70b35a0fd6a1f0200f5ab26d7a071fb3556aa7b9ce38ff18b1006d7c0206a74e33326530000000000000000000000")
sendfile(r2, r3, &(0x7f0000000180), 0x20)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r4, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8080}, 0x8000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000380)={&(0x7f0000000280)=[0x0, 0x0], &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x1, 0x6, 0x8})

03:35:26 executing program 1:
r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30)
keyctl$join(0x1, &(0x7f00000005c0))
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0)
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x0, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev={[], 0x16}}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r0)
ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x101000, 0x43)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f00000003c0)={0xb7, @multicast1, 0x4e21, 0x2, 'rr\x00', 0x0, 0x3b703358, 0x4f}, 0x2c)
ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000))
openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x2, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040))

03:35:26 executing program 5:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x100, 0x0)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x10001, 0x8}, {0x1, 0x1}]})
getresgid(&(0x7f00000000c0), &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140))
setgid(r1)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000180)={0x1, 0x80000000, 0x0, 0x4f, 0x2})
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000200)={<r2=>0xffffffffffffffff}, 0x2, 0x100b}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000280)={0x16, 0x98, 0xfa00, {&(0x7f00000001c0), 0x1, r2, 0x10, 0x1, @in6={0xa, 0x4e21, 0x7676935f, @dev={0xfe, 0x80, [], 0x19}, 0x4}}}, 0xa0)
ioctl$BLKREPORTZONE(r0, 0xc0101282, &(0x7f0000000340)={0x10001, 0x6, 0x0, [{0x9, 0xff, 0x8, 0x100000000, 0x1, 0x4, 0x1ff}, {0x0, 0x1, 0xffffffffffff547f, 0xe2, 0x6d3e, 0x8000000000000000, 0x4}, {0x3f, 0x1, 0xfff, 0x401, 0x0, 0x0, 0x8}, {0x0, 0x3a41, 0x4, 0x9182, 0x400, 0x8, 0x6}, {0x81, 0xffffffffffffff7f, 0xfffffffffffffffb, 0x1, 0x7, 0x7}, {0xfffffffffffffffa, 0x7, 0x1000, 0x7, 0x1, 0x3, 0x7}]})
r3 = add_key$keyring(&(0x7f00000005c0)='keyring\x00', &(0x7f0000000600)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
add_key(&(0x7f0000000500)='big_key\x00', &(0x7f0000000540)={'syz', 0x3}, &(0x7f0000000580)="b880ec8d21d1", 0x6, r3)
write$P9_ROPEN(r0, &(0x7f0000000640)={0x18, 0x71, 0x1, {{0x10, 0x4, 0x7}, 0x4}}, 0x18)
r4 = socket$key(0xf, 0x3, 0x2)
fadvise64(r0, 0x0, 0x5, 0x1)
r5 = syz_genetlink_get_family_id$fou(&(0x7f00000006c0)='fou\x00')
sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x81020000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x38, r5, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0x3f}, @FOU_ATTR_TYPE={0x8, 0x4, 0x3}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x32}, @FOU_ATTR_TYPE={0x8, 0x4, 0x2}]}, 0x38}}, 0x48000)
keyctl$link(0x8, r3, r3)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000007c0)={<r6=>0x0, 0x19, "eb73578627338def762e45a945bd16cc28805449d7d92532b0"}, &(0x7f0000000800)=0x21)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000840)={r6, 0x5}, 0x8)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$TIOCGSID(r7, 0x5429, &(0x7f0000000880)=<r8=>0x0)
fcntl$lock(r4, 0x7, &(0x7f00000008c0)={0x2, 0x2, 0x0, 0x0, r8})
r9 = msgget$private(0x0, 0x4)
msgsnd(r9, &(0x7f0000000900)={0x2, "2833cbb5b4c4e8ad031aa02c"}, 0x14, 0x800)
sendmsg$key(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000940)={0x2, 0x15, 0x7ff, 0x9, 0x29, 0x0, 0x70bd2a, 0x25dfdbfb, [@sadb_lifetime={0x4, 0x6, 0x80000001, 0xfbfd, 0x4, 0x1}, @sadb_x_policy={0x8, 0x12, 0x4, 0x0, 0x0, 0x6e6bb7, 0x6, {0x6, 0x3f, 0x7, 0x1, 0x0, 0x0, 0x0, @in6, @in6=@remote}}, @sadb_x_nat_t_port={0x1, 0x16, 0x4e22}, @sadb_x_nat_t_type={0x1, 0x14, 0x101}, @sadb_sa={0x2, 0x1, 0x4d3, 0x80000001, 0x2, 0x6c, 0x1, 0x40000000}, @sadb_address={0x5, 0x5, 0xff, 0xa0, 0x0, @in6={0xa, 0x4e22, 0x400, @ipv4={[], [], @broadcast}, 0x1}}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x10}}, @in6={0xa, 0x4e22, 0x4, @loopback, 0x6}}, @sadb_address={0x3, 0x0, 0xff, 0x20, 0x0, @in={0x2, 0x4e20, @local}}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x4e23, 0x1, @dev={0xfe, 0x80, [], 0xf}, 0x4}, @in={0x2, 0x4e24, @local}}, @sadb_x_nat_t_type={0x1, 0x14, 0x1}]}, 0x148}}, 0x0)
ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000b40))
setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000b80)=0x66a9, 0x2)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000bc0)={0xaa, 0x10})
r10 = socket(0x4, 0x2, 0xfffffffeffffffff)
setsockopt$inet_sctp6_SCTP_RTOINFO(r10, 0x84, 0x0, &(0x7f0000000c00)={r6, 0xfff, 0x16da, 0x3}, 0x10)
iopl(0x69f)

03:35:26 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ifreq(r0, 0x89a2, &(0x7f0000000000)={'bond0\x00', @ifru_names='bond_slave_1\x00'})

03:35:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000000100)={0x2794a437d75b4f29, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000040)={0x7b})

03:35:26 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00', 0x101})
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000240)={@multicast2, @remote, @dev}, 0xc)

03:35:26 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000140)='./bus\x00', 0x149042, 0x0)
r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
write$P9_RREMOVE(r2, &(0x7f0000000080)={0xfffffffffffffeb6}, 0x257)
syncfs(r2)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r2, 0x0, 0x4})

03:35:26 executing program 3:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000000c0)=0x4000, 0x4)

03:35:27 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x14, 0x0, 0x0, 0x0, 0x25dfdbfc}, 0x14}}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000013000/0x3000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x26a, 0x0, &(0x7f0000000100), 0xffffffffffffe82)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, &(0x7f0000000240)={&(0x7f0000004000/0x3000)=nil, 0x0, 0x0, 0x50, &(0x7f0000000000/0x4000)=nil, 0x40})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)

[  307.136631] ==================================================================
[  307.144108] BUG: KMSAN: kernel-infoleak in kvm_write_guest_page+0x366/0x4c0
[  307.151252] CPU: 0 PID: 7524 Comm: syz-executor0 Not tainted 4.19.0-rc8+ #70
[  307.158466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  307.167849] Call Trace:
[  307.170480]  dump_stack+0x306/0x460
[  307.174153]  ? kvm_write_guest_page+0x366/0x4c0
[  307.178886]  kmsan_report+0x1a2/0x2e0
[  307.182864]  kmsan_internal_check_memory+0x374/0x460
[  307.188045]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  307.193565]  kmsan_copy_to_user+0x89/0xe0
[  307.197844]  kvm_write_guest_page+0x366/0x4c0
[  307.202405]  kvm_write_guest+0x1d6/0x350
[  307.206534]  kvm_emulate_hypercall+0x1cb9/0x20d0
[  307.211391]  handle_vmcall+0x41/0x50
[  307.215151]  ? handle_rdpmc+0x80/0x80
[  307.218992]  vmx_handle_exit+0x20f5/0xb900
[  307.223336]  ? vmx_flush_tlb_gva+0x450/0x450
[  307.227793]  kvm_arch_vcpu_ioctl_run+0xa22b/0x10ab0
[  307.232874]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  307.238423]  ? __msan_poison_alloca+0x17a/0x210
[  307.243153]  ? kmsan_set_origin+0x83/0x140
[  307.247435]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[  307.252853]  ? __msan_get_context_state+0x9/0x30
[  307.257735]  ? INIT_BOOL+0xc/0x30
[  307.261231]  ? mutex_lock_killable+0x2c5/0x420
[  307.265879]  kvm_vcpu_ioctl+0x11a7/0x20b0
[  307.270112]  ? do_vfs_ioctl+0x187/0x2ca0
[  307.274219]  ? __se_sys_ioctl+0x1da/0x270
[  307.278530]  ? kvm_vm_release+0x90/0x90
[  307.282549]  do_vfs_ioctl+0xf28/0x2ca0
[  307.286499]  ? security_file_ioctl+0x92/0x200
[  307.291077]  __se_sys_ioctl+0x1da/0x270
[  307.295112]  __x64_sys_ioctl+0x4a/0x70
[  307.299067]  do_syscall_64+0xbe/0x100
[  307.302921]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  307.308154] RIP: 0033:0x457569
[  307.311384] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  307.330393] RSP: 002b:00007fe4e4ed3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  307.338149] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  307.345484] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  307.352794] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  307.360100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe4e4ed46d4
[  307.367409] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff
[  307.374731] 
[  307.376511] Local variable description: ----clock_pairing.i@kvm_emulate_hypercall
[  307.384157] Variable was created at:
[  307.387912]  kvm_emulate_hypercall+0x60/0x20d0
[  307.392539]  handle_vmcall+0x41/0x50
[  307.396276] 
[  307.397937] Bytes 28-63 of 64 are uninitialized
[  307.402633] Memory access of size 64 starts at ffff88012eeaf440
[  307.408718] ==================================================================
[  307.416104] Disabling lock debugging due to kernel taint
[  307.421582] Kernel panic - not syncing: panic_on_warn set ...
[  307.421582] 
[  307.428994] CPU: 0 PID: 7524 Comm: syz-executor0 Tainted: G    B             4.19.0-rc8+ #70
[  307.437628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  307.447013] Call Trace:
[  307.449676]  dump_stack+0x306/0x460
[  307.453370]  panic+0x54c/0xafa
[  307.456748]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  307.462251]  kmsan_report+0x2d3/0x2e0
[  307.466115]  kmsan_internal_check_memory+0x374/0x460
[  307.471265]  ? __msan_metadata_ptr_for_store_4+0x13/0x20
[  307.476782]  kmsan_copy_to_user+0x89/0xe0
[  307.480977]  kvm_write_guest_page+0x366/0x4c0
[  307.485562]  kvm_write_guest+0x1d6/0x350
[  307.489692]  kvm_emulate_hypercall+0x1cb9/0x20d0
[  307.494539]  handle_vmcall+0x41/0x50
[  307.498304]  ? handle_rdpmc+0x80/0x80
[  307.502336]  vmx_handle_exit+0x20f5/0xb900
[  307.506646]  ? vmx_flush_tlb_gva+0x450/0x450
[  307.511098]  kvm_arch_vcpu_ioctl_run+0xa22b/0x10ab0
[  307.516179]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[  307.521715]  ? __msan_poison_alloca+0x17a/0x210
[  307.526443]  ? kmsan_set_origin+0x83/0x140
[  307.530722]  ? kmsan_internal_unpoison_shadow+0x83/0xe0
[  307.536135]  ? __msan_get_context_state+0x9/0x30
[  307.540927]  ? INIT_BOOL+0xc/0x30
[  307.544424]  ? mutex_lock_killable+0x2c5/0x420
[  307.549096]  kvm_vcpu_ioctl+0x11a7/0x20b0
[  307.553316]  ? do_vfs_ioctl+0x187/0x2ca0
[  307.557413]  ? __se_sys_ioctl+0x1da/0x270
[  307.561605]  ? kvm_vm_release+0x90/0x90
[  307.565623]  do_vfs_ioctl+0xf28/0x2ca0
[  307.569572]  ? security_file_ioctl+0x92/0x200
[  307.574126]  __se_sys_ioctl+0x1da/0x270
[  307.578153]  __x64_sys_ioctl+0x4a/0x70
[  307.582095]  do_syscall_64+0xbe/0x100
[  307.585941]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  307.591166] RIP: 0033:0x457569
[  307.594394] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  307.613333] RSP: 002b:00007fe4e4ed3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  307.621084] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  307.628385] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  307.635778] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  307.643086] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe4e4ed46d4
[  307.650394] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff
[  307.658801] Kernel Offset: disabled
[  307.662456] Rebooting in 86400 seconds..