[ 57.924026] audit: type=1800 audit(1539176508.956:27): pid=6007 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 59.528307] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 60.143930] random: sshd: uninitialized urandom read (32 bytes read) [ 60.761506] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 63.407707] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. [ 69.181594] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 13:02:02 fuzzer started [ 73.792376] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 13:02:07 dialing manager at 10.128.0.26:45337 2018/10/10 13:02:07 syscalls: 1 2018/10/10 13:02:07 code coverage: enabled 2018/10/10 13:02:07 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 13:02:07 setuid sandbox: enabled 2018/10/10 13:02:07 namespace sandbox: enabled 2018/10/10 13:02:07 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 13:02:07 fault injection: enabled 2018/10/10 13:02:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 13:02:07 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/10 13:02:07 net device setup: enabled [ 79.221683] random: crng init done 13:04:06 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f000063a000)=0x2be, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) listen(r1, 0x0) lstat(&(0x7f0000001400)='./file0\x00', &(0x7f0000001440)) getpid() fcntl$getown(0xffffffffffffffff, 0x9) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f00000014c0)) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)) gettid() fstat(0xffffffffffffffff, &(0x7f0000001140)) gettid() getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000011c0)={{{@in6, @in=@multicast2}}, {{@in=@multicast1}, 0x0, @in6=@ipv4}}, &(0x7f00000012c0)=0xe8) sendto$inet6(r0, &(0x7f0000f6f000), 0x1000000, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") [ 196.705891] IPVS: ftp: loaded support on port[0] = 21 [ 198.078646] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.085462] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.094330] device bridge_slave_0 entered promiscuous mode [ 198.256305] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.263022] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.271949] device bridge_slave_1 entered promiscuous mode [ 198.418723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 198.558862] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 199.007472] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.154055] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.433029] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.440192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 13:04:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000040)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000000)={@remote, r1}, 0x14) [ 199.885752] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 199.894120] team0: Port device team_slave_0 added [ 200.103253] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.111784] team0: Port device team_slave_1 added [ 200.296846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.576374] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 200.583754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.593037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 200.842643] IPVS: ftp: loaded support on port[0] = 21 [ 200.939537] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 200.947374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.956702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.113912] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.141842] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.151012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.718471] ip (6254) used greatest stack depth: 53088 bytes left [ 202.857764] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.864410] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.873168] device bridge_slave_0 entered promiscuous mode [ 203.076867] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.083517] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.092183] device bridge_slave_1 entered promiscuous mode [ 203.304836] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.575416] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.805251] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.811825] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.818863] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.825455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.834686] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 204.387406] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 204.643191] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 204.811836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.943740] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 204.950878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.150251] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.157470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.915153] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 205.923531] team0: Port device team_slave_0 added 13:04:17 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) [ 206.113278] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 206.121795] team0: Port device team_slave_1 added [ 206.466135] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 206.473409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 206.482500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 206.813855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 206.820893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 206.830124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.106099] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 207.113869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.123347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.376205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 207.383962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.393218] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.413055] IPVS: ftp: loaded support on port[0] = 21 [ 210.209560] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.216242] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.225326] device bridge_slave_0 entered promiscuous mode [ 210.571032] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.577733] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.586520] device bridge_slave_1 entered promiscuous mode [ 210.749202] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.755769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.762873] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.769341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.778596] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 210.813052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.943570] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 211.229990] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.149252] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.419084] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.609907] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.620819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.901328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.908528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.756816] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.765230] team0: Port device team_slave_0 added [ 214.049347] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 214.057857] team0: Port device team_slave_1 added [ 214.387001] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.394232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.403265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 13:04:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34000}, 0xc, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000003200290800000000000000000300000018000000110001000700000000000000000000000000000127c403b72386f54bc149cb9f6f578867893dfdadacad28d149fbfbfed08ae9ccb1f66360988e089f13ed1ac3d4577592fb71421b9ed43b4f51489cc202bdc04e13e473883186"], 0x1}}, 0x0) [ 214.759016] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.766386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.775556] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 215.226552] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 215.234340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.243690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.646522] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 215.654345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.663756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.717151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.104213] IPVS: ftp: loaded support on port[0] = 21 [ 217.132647] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 218.608488] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 218.614980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 218.623196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.534336] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.540803] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.549533] device bridge_slave_0 entered promiscuous mode [ 219.856533] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.863128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.870093] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.876704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.885860] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 219.955428] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.962061] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.970662] device bridge_slave_1 entered promiscuous mode [ 220.004791] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.147789] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 220.489395] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 220.813605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.543637] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 221.868666] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.215586] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.223014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.563909] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 222.571007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 223.651974] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 223.660198] team0: Port device team_slave_0 added [ 223.978745] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 223.987613] team0: Port device team_slave_1 added [ 224.327405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 224.334725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 224.343831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 224.724422] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 224.731667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 224.740675] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.022084] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 225.029762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.039174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 13:04:36 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_targets\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) [ 225.389447] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 225.397266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.406679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.512716] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.114557] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 227.398817] IPVS: ftp: loaded support on port[0] = 21 [ 228.882241] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.888645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.896801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.432488] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. 13:04:41 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f000063a000)=0x2be, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) listen(r1, 0x0) lstat(&(0x7f0000001400)='./file0\x00', &(0x7f0000001440)) getpid() fcntl$getown(0xffffffffffffffff, 0x9) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f00000014c0)) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)) gettid() fstat(0xffffffffffffffff, &(0x7f0000001140)) gettid() getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000011c0)={{{@in6, @in=@multicast2}}, {{@in=@multicast1}, 0x0, @in6=@ipv4}}, &(0x7f00000012c0)=0xe8) sendto$inet6(r0, &(0x7f0000f6f000), 0x1000000, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") [ 230.556412] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.562993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.570102] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.576702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.585458] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 230.645334] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.735427] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 230.910281] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 231.834456] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.840977] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.849794] device bridge_slave_0 entered promiscuous mode 13:04:42 executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000040)=0x80000002) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x2, 0xc06e000000000000}, 0xfffffefd) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000080), 0x120a, 0x0) [ 232.378846] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.385576] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.394180] device bridge_slave_1 entered promiscuous mode [ 232.850561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 233.349529] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 13:04:44 executing program 0: r0 = socket(0x15, 0x80005, 0x0) getsockopt(r0, 0x114, 0x5, 0xffffffffffffffff, &(0x7f0000000040)) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x0, 0x0) ioctl$IOC_PR_CLEAR(r2, 0x401070cd, &(0x7f00000000c0)) 13:04:45 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x2c0000, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1000000, 0x32, r0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x10001}, &(0x7f0000000100)=0xc) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={r1, 0x8001}, 0x8) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x10) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) close(r2) 13:04:45 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x2c0000, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1000000, 0x32, r0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x10001}, &(0x7f0000000100)=0xc) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={r1, 0x8001}, 0x8) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x10) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) close(r2) [ 234.762185] bond0: Enslaving bond_slave_0 as an active interface with an up link 13:04:46 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000440)={0x0, 0x4ef1, 0x9, [0x9, 0x6, 0x7, 0x1, 0xff, 0xff, 0x20, 0x5, 0x800]}, &(0x7f0000000480)=0x1a) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000004c0)={r1, @in={{0x2, 0x4e22, @loopback}}, 0x1ff, 0x7ff, 0x9, 0x3}, 0x98) r2 = shmget$private(0x0, 0x3000, 0x1fff0, &(0x7f0000ffa000/0x3000)=nil) r3 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1f, 0x80) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000080)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000900000003000000e80200000001000000000000000000000000000000000000500200005002000050020000500200005002000003000000", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000010000000000000000000000000000000000000000000000002000736f636b65740000000000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000200000000000000200054524143450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e80050010000000000000000000000000000000000000000000000002800727066696c7465720000000000000000000000000000000000000000000002000000000000002800727066696c746572000000000000001900000000000000000000000000000c00000000000000680043540000000000000000000000000000000000000000000000000000000200000200e50000000d600000736e6d7000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x348) shmat(r2, &(0x7f0000000000/0x2000)=nil, 0x4000) socket$key(0xf, 0x3, 0x2) [ 235.183925] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.613683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 235.620789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 13:04:46 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000440)={0x0, 0x4ef1, 0x9, [0x9, 0x6, 0x7, 0x1, 0xff, 0xff, 0x20, 0x5, 0x800]}, &(0x7f0000000480)=0x1a) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000004c0)={r1, @in={{0x2, 0x4e22, @loopback}}, 0x1ff, 0x7ff, 0x9, 0x3}, 0x98) r2 = shmget$private(0x0, 0x3000, 0x1fff0, &(0x7f0000ffa000/0x3000)=nil) r3 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1f, 0x80) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000080)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000900000003000000e80200000001000000000000000000000000000000000000500200005002000050020000500200005002000003000000", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000010000000000000000000000000000000000000000000000002000736f636b65740000000000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000200000000000000200054524143450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e80050010000000000000000000000000000000000000000000000002800727066696c7465720000000000000000000000000000000000000000000002000000000000002800727066696c746572000000000000001900000000000000000000000000000c00000000000000680043540000000000000000000000000000000000000000000000000000000200000200e50000000d600000736e6d7000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x348) shmat(r2, &(0x7f0000000000/0x2000)=nil, 0x4000) socket$key(0xf, 0x3, 0x2) 13:04:47 executing program 0: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r0, 0xc0385720, &(0x7f0000000200)={0x1, {0x77359400}, 0x0, 0x10000}) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040), &(0x7f0000000080)=0x4) [ 236.067448] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 236.074643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.255845] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 237.264190] team0: Port device team_slave_0 added [ 237.450111] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.646134] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 237.654710] team0: Port device team_slave_1 added [ 238.081970] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 238.089151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.098168] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.351436] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 238.358689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.367759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.607599] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 238.615429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.624715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.667901] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.975165] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 238.983086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.992153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.857231] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 239.863769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.871738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 13:04:51 executing program 1: creat(&(0x7f0000000040)='./file0\x00', 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) [ 240.842538] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.169960] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.176552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.183687] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.190162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.198877] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 242.205718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 244.420631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.418464] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 13:04:57 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) [ 246.166304] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 246.173753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.181763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.913693] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.563585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 250.115149] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 13:05:01 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000040), 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000240)={0x7fff, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x1}, 0x90) close(r0) pipe2(&(0x7f0000000100), 0x800) [ 250.637439] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 250.643794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 250.651223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 251.066136] 8021q: adding VLAN 0 to HW filter on device team0 13:05:04 executing program 4: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000040), 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000240)={0x7fff, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x1}, 0x90) close(r0) pipe2(&(0x7f0000000100), 0x800) 13:05:04 executing program 5: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) sendto$inet6(r0, &(0x7f0000000040)="31704c91c5b3b773e8a5a5d0fb0e2e4035cee4d75f6d6a52d94ecf0aad34e31b15b2d60e422f5068cb2cbf8779bf5520019a09625c48c016485902c0794f57174f35e02ac1e7e19290d438225f37729fcd5a586c812209146502a211887247c644d6c71370d830db40f61ac5debc504f65224770a326282a481a9c65cff012da8e750e0703d03bfe8812b8ed271849b8b100126339b1934ebb62c9951be8b7b595adf7fa9e164284e3b100691ac072bbadaa8389ec69a1e1db7dd518d2713055434c54e61554d6fbf73100e4eec3", 0xce, 0x4040004, &(0x7f0000000140)={0xa, 0x4e22, 0x100000001, @mcast1, 0x1}, 0x1c) mount(&(0x7f0000000180)=@sg0='/dev/sg0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='anon_inodefs\x00', 0x4080, &(0x7f0000000240)="6c6f286c6f76626f786e657431401f00") r2 = socket$nl_route(0x10, 0x3, 0x0) sendfile(r1, r2, &(0x7f0000000280), 0x7) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGSKNS(r1, 0x894c, &(0x7f00000002c0)=0x100000001) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000300)=@req={0x3, 0x8, 0x1000000000000000, 0x9}, 0x10) r4 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000380)={{0xa, 0x2, 0x80000001, 0x9, 'syz1\x00'}, 0x5, 0x3, 0x0, r4, 0x3, 0x10001, 'syz1\x00', &(0x7f0000000340)=['eth0\x00', '/dev/sg0\x00', 'user\x00'], 0x13, [], [0x0, 0x8, 0x3, 0x7]}) modify_ldt$read_default(0x2, &(0x7f00000004c0)=""/58, 0x3a) ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f00000006c0)={0x1, &(0x7f0000000500)=""/223, &(0x7f0000000680)=[{0x7, 0x79, 0x101, &(0x7f0000000600)=""/121}]}) r5 = syz_open_dev$evdev(&(0x7f0000000700)='/dev/input/event#\x00', 0x2, 0x280) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000740)=0x8, 0x4) stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getegid() r8 = getgid() fstat(r5, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r10 = getegid() setgroups(0x5, &(0x7f00000008c0)=[r6, r7, r8, r9, r10]) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000940)={r1, 0x2, 0x1, 0x80000000, &(0x7f0000000900)=[0x0], 0x1}, 0x20) perf_event_open(&(0x7f0000000980)={0x7, 0x70, 0x8, 0x7ff, 0xffffffff80000000, 0x7, 0x0, 0x800, 0x2800, 0x2, 0x5, 0x3f, 0x7e4d, 0x5, 0x7fffffff, 0x384, 0x1, 0x5, 0x7ff, 0xfffffffffffffffd, 0x12db0130, 0x1, 0x8001, 0x6, 0x4, 0xffffffff, 0x8, 0x6, 0x5, 0x1f, 0xfff, 0x100, 0x556, 0x100, 0x6, 0x7, 0x8, 0x8, 0x0, 0x9, 0x1, @perf_config_ext={0x3}, 0x10, 0x10000, 0x3, 0x3, 0x800, 0x8, 0x3ff}, r4, 0xe, r1, 0xb) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000a00)={0x9, [0x3f, 0x2, 0x9, 0x4, 0x5, 0x7, 0x6, 0x9, 0x7ff]}, 0x16) ioctl$sock_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000a40)) connect$inet6(r0, &(0x7f0000000a80)={0xa, 0x4e20, 0x3, @local, 0x8}, 0x1c) mount(&(0x7f0000000ac0)=@md0='/dev/md0\x00', &(0x7f0000000b00)='./file0\x00', &(0x7f0000000b40)='cgroup\x00', 0x10001, &(0x7f0000000b80)="292696997b73797374656d00") ioctl$FS_IOC_FSGETXATTR(r3, 0x801c581f, &(0x7f0000000bc0)={0x6, 0x777, 0x1, 0x0, 0x8d8}) r11 = request_key(&(0x7f0000000c00)='rxrpc_s\x00', &(0x7f0000000c40)={'syz', 0x0}, &(0x7f0000000c80)='syz1\x00', 0xfffffffffffffffc) keyctl$read(0xb, r11, &(0x7f0000000cc0)=""/239, 0xef) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000dc0)=0x1c, 0x4) 13:05:04 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) 13:05:04 executing program 0: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x8912, &(0x7f0000000280)="153f4634418dd25d766070") r1 = socket$pptp(0x18, 0x1, 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000100)='syz0\x00') r2 = fcntl$dupfd(r1, 0x0, r1) getsockname$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast2}, &(0x7f0000000080)=0x10) 13:05:04 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) 13:05:04 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000040), 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000240)={0x7fff, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x1}, 0x90) close(r0) pipe2(&(0x7f0000000100), 0x800) 13:05:04 executing program 1: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000040), 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000240)={0x7fff, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x1}, 0x90) close(r0) pipe2(&(0x7f0000000100), 0x800) 13:05:04 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) 13:05:04 executing program 0: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r2, &(0x7f0000000100), 0xfffffffffffffffa, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) write$9p(r1, &(0x7f0000000040)="89", 0x1) splice(r0, 0x0, r2, 0x0, 0xab11, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x412d) write$P9_RRENAMEAT(r1, &(0x7f0000000000)={0x7}, 0x7) [ 253.658041] hrtimer: interrupt took 219047 ns 13:05:05 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) 13:05:05 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) 13:05:05 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) [ 254.564925] IPVS: ftp: loaded support on port[0] = 21 13:05:06 executing program 4: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000040), 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000240)={0x7fff, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x1}, 0x90) close(r0) pipe2(&(0x7f0000000100), 0x800) [ 255.904220] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.910637] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.918795] device bridge_slave_0 entered promiscuous mode [ 255.998704] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.005231] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.013667] device bridge_slave_1 entered promiscuous mode [ 256.092859] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 256.170161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 256.403100] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 256.487838] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 256.639591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 256.646672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 256.881010] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 256.888742] team0: Port device team_slave_0 added [ 256.965076] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 256.972932] team0: Port device team_slave_1 added [ 257.050540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 257.130237] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 257.210061] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 257.217531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 257.226657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 257.299845] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 257.307434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 257.316500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 258.174812] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.181243] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.189099] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.195648] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.204256] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 258.582948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 261.396276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 261.701892] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 262.004497] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 262.010813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 262.019288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 262.313859] 8021q: adding VLAN 0 to HW filter on device team0 13:05:15 executing program 5: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0xc0505405, &(0x7f0000000100)) 13:05:15 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) r1 = dup(r0) bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) 13:05:15 executing program 0: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r2, &(0x7f0000000100), 0xfffffffffffffffa, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) write$9p(r1, &(0x7f0000000040)="89", 0x1) splice(r0, 0x0, r2, 0x0, 0xab11, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x412d) write$P9_RRENAMEAT(r1, &(0x7f0000000000)={0x7}, 0x7) 13:05:15 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000100)) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xa, 0x31, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000180)=0x1, 0x4) sendto$inet(r0, &(0x7f0000000380), 0xffffffffffffff33, 0x0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) 13:05:15 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000040), 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000240)={0x7fff, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x1}, 0x90) close(r0) pipe2(&(0x7f0000000100), 0x800) 13:05:15 executing program 4: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000040), 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000240)={0x7fff, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x1}, 0x90) close(r0) pipe2(&(0x7f0000000100), 0x800) 13:05:15 executing program 5: r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000500)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) 13:05:16 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000200)='/dev/dsp#\x00', 0x0, 0x143) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0xffffffff, 0x100000000}, 0x8) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) shmat(0x0, &(0x7f0000492000/0x4000)=nil, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000100)={0x6}) ioctl$void(0xffffffffffffffff, 0xc0045878) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000140)="360f303e0f01df6766c7442400090000006766c7442402020000006766c744240600000000670f011c240f20c06635200000000f22c0263356470f0764f30f2a342e260f0f970a008e0f08660f5808", 0x4f}], 0x1, 0x0, &(0x7f0000000200), 0x0) 13:05:16 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) bind$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) 13:05:16 executing program 5: mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) shmat(0x0, &(0x7f0000492000/0x4000)=nil, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000100)={0x6}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000140)="360f303e0f01df6766c7442400090000006766c7442402020000006766c744240600000000670f011c240f20c06635200000000f22c0263356470f0764f30f2a342e260f0f970a008e0f08660f5808", 0x4f}], 0x1, 0x0, &(0x7f0000000200), 0x0) 13:05:16 executing program 2: r0 = dup(0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) [ 265.558922] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 13:05:16 executing program 0: r0 = socket$inet6(0xa, 0x80801, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256\x00'}, 0x58) close(r1) 13:05:16 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000040), 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000240)={0x7fff, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x1}, 0x90) close(r0) pipe2(&(0x7f0000000100), 0x800) [ 265.905128] ================================================================== [ 265.912584] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 265.920240] CPU: 1 PID: 7758 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #66 [ 265.927448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.936816] Call Trace: [ 265.939439] dump_stack+0x306/0x460 [ 265.943108] ? vmx_set_constant_host_state+0x1778/0x1830 [ 265.948612] kmsan_report+0x1a2/0x2e0 [ 265.952458] __msan_warning+0x7c/0xe0 [ 265.956300] vmx_set_constant_host_state+0x1778/0x1830 [ 265.961621] vmx_create_vcpu+0x3e6f/0x7870 [ 265.965892] ? kmsan_set_origin_inline+0x6b/0x120 [ 265.970787] ? __msan_poison_alloca+0x17a/0x210 [ 265.975502] ? vmx_vm_init+0x340/0x340 [ 265.979418] kvm_arch_vcpu_create+0x25d/0x2f0 [ 265.983952] kvm_vm_ioctl+0x13fd/0x33d0 [ 265.987975] ? __msan_poison_alloca+0x17a/0x210 [ 265.992686] ? do_vfs_ioctl+0x18a/0x2810 [ 265.996769] ? __se_sys_ioctl+0x1da/0x270 [ 266.000945] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 266.005848] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 266.010723] do_vfs_ioctl+0xcf3/0x2810 [ 266.014663] ? security_file_ioctl+0x92/0x200 [ 266.019200] __se_sys_ioctl+0x1da/0x270 [ 266.023216] __x64_sys_ioctl+0x4a/0x70 [ 266.027132] do_syscall_64+0xbe/0x100 [ 266.030966] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 266.036243] RIP: 0033:0x457579 13:05:17 executing program 2: r0 = socket$inet(0x2, 0x0, 0x0) r1 = dup(r0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10) bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000780)={0x2, 0x4e23}, 0x10) [ 266.039467] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 266.058391] RSP: 002b:00007feb33cefc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 266.066128] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 266.073424] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000008 [ 266.080716] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 266.088008] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb33cf06d4 [ 266.095295] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 266.102607] 13:05:17 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x800000000002) ioctl(r0, 0x8912, &(0x7f0000000000)="153f6234488dd25d766070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r1, &(0x7f0000000140), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000400)='tls\x00', 0x2f3) getsockopt$inet6_tcp_buf(r1, 0x6, 0x1f, &(0x7f00000001c0)=""/184, &(0x7f0000000280)=0xb8) [ 266.104255] Local variable description: ----dt@vmx_set_constant_host_state [ 266.111280] Variable was created at: [ 266.115035] vmx_set_constant_host_state+0x2b0/0x1830 [ 266.120262] vmx_create_vcpu+0x3e6f/0x7870 [ 266.124508] ================================================================== [ 266.131879] Disabling lock debugging due to kernel taint [ 266.137351] Kernel panic - not syncing: panic_on_warn set ... [ 266.137351] [ 266.144748] CPU: 1 PID: 7758 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #66 13:05:17 executing program 4: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/userio\x00', 0x22001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x1}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0xfffffffffffffffa}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000040), 0x2) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000240)={0x7fff, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x1}, 0x90) close(r0) [ 266.153339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.162713] Call Trace: [ 266.165347] dump_stack+0x306/0x460 [ 266.169023] panic+0x54c/0xafa [ 266.172295] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 266.177777] kmsan_report+0x2d3/0x2e0 [ 266.181627] __msan_warning+0x7c/0xe0 [ 266.185478] vmx_set_constant_host_state+0x1778/0x1830 [ 266.190807] vmx_create_vcpu+0x3e6f/0x7870 [ 266.195085] ? kmsan_set_origin_inline+0x6b/0x120 [ 266.199965] ? __msan_poison_alloca+0x17a/0x210 [ 266.204681] ? vmx_vm_init+0x340/0x340 [ 266.209131] kvm_arch_vcpu_create+0x25d/0x2f0 [ 266.213670] kvm_vm_ioctl+0x13fd/0x33d0 [ 266.217695] ? __msan_poison_alloca+0x17a/0x210 [ 266.222407] ? do_vfs_ioctl+0x18a/0x2810 [ 266.226498] ? __se_sys_ioctl+0x1da/0x270 [ 266.230684] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 266.235563] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 266.240449] do_vfs_ioctl+0xcf3/0x2810 [ 266.244423] ? security_file_ioctl+0x92/0x200 [ 266.248966] __se_sys_ioctl+0x1da/0x270 [ 266.252991] __x64_sys_ioctl+0x4a/0x70 [ 266.256926] do_syscall_64+0xbe/0x100 [ 266.260761] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 266.265979] RIP: 0033:0x457579 [ 266.269208] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 266.288139] RSP: 002b:00007feb33cefc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 266.295880] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 266.303171] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000008 [ 266.310459] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 266.317749] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb33cf06d4 [ 266.325033] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 266.333366] Kernel Offset: disabled [ 266.337007] Rebooting in 86400 seconds..