[ 53.414187] audit: type=1800 audit(1538781170.463:27): pid=5914 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 54.900813] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 56.588417] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 57.092813] random: sshd: uninitialized urandom read (32 bytes read) [ 59.469819] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. [ 65.313217] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/05 23:13:04 fuzzer started [ 69.793173] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/05 23:13:09 dialing manager at 10.128.0.26:36867 2018/10/05 23:13:09 syscalls: 1 2018/10/05 23:13:09 code coverage: enabled 2018/10/05 23:13:09 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/05 23:13:09 setuid sandbox: enabled 2018/10/05 23:13:09 namespace sandbox: enabled 2018/10/05 23:13:09 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/05 23:13:09 fault injection: enabled 2018/10/05 23:13:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/05 23:13:09 net packed injection: enabled 2018/10/05 23:13:09 net device setup: enabled [ 74.426227] random: crng init done 23:15:12 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000580)='/dev/snapshot\x00', 0x0, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000000380)) clone(0x210007fa, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000200)=ANY=[@ANYRES16, @ANYRES32]) syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f0000000000)) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000000600)) [ 195.761243] IPVS: ftp: loaded support on port[0] = 21 [ 198.098586] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.105204] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.113797] device bridge_slave_0 entered promiscuous mode [ 198.272658] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.279141] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.287688] device bridge_slave_1 entered promiscuous mode [ 198.425144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 198.564372] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 23:15:16 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000900)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000080)=0x1ffffff, 0x40000000000081) [ 199.002708] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 199.179814] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 199.484181] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 199.491241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.848144] IPVS: ftp: loaded support on port[0] = 21 [ 200.282463] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 200.290666] team0: Port device team_slave_0 added [ 200.526360] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 200.534615] team0: Port device team_slave_1 added [ 200.830050] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 200.837455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.846534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.075345] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 201.082621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.091886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.308070] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 201.315868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.325164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.519344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 201.527455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.536632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.360111] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.366804] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.375475] device bridge_slave_0 entered promiscuous mode [ 203.667125] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.673829] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.682533] device bridge_slave_1 entered promiscuous mode [ 203.768457] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.775113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.782265] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.789486] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.798910] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 203.917121] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.084762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.632628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 23:15:21 executing program 2: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x22}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000911000)={{&(0x7f00003e3000/0x1000)=nil, 0x1000}, 0x1}) r1 = userfaultfd(0x0) close(r1) clone(0x0, &(0x7f0000000280), &(0x7f0000001ffc), &(0x7f0000000140), &(0x7f0000000180)) read(r0, &(0x7f0000000400)=""/100, 0x64) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000000), &(0x7f00000000c0)=0x4) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000040)={{&(0x7f00003e4000/0x3000)=nil, 0x3000}}) [ 204.762465] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 205.038852] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 205.355206] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 205.362471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.652762] IPVS: ftp: loaded support on port[0] = 21 [ 205.657421] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.665208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 206.610625] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 206.618870] team0: Port device team_slave_0 added [ 206.905746] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 206.913874] team0: Port device team_slave_1 added [ 207.190725] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 207.197951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.207004] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.437963] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 207.445181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.454904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.769636] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 207.777395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.786477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.061040] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 208.068873] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.077974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.327811] ip (6327) used greatest stack depth: 53056 bytes left [ 209.877667] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.884313] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.892749] device bridge_slave_0 entered promiscuous mode [ 210.215324] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.221957] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.230298] device bridge_slave_1 entered promiscuous mode [ 210.481857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 210.730245] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 211.410523] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.417097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.424403] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.430862] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.439628] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.502994] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.759862] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.840380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.984150] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.991208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.218509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.225788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 23:15:30 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x0, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x4000000000003, 0x1, 0xfffffffffffffffd}, 0x14}}, 0x0) [ 213.180826] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.188935] team0: Port device team_slave_0 added [ 213.485879] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 213.493998] team0: Port device team_slave_1 added [ 213.796406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 213.804596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.813425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.081559] IPVS: ftp: loaded support on port[0] = 21 [ 214.199408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.206533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.215615] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.591492] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 214.599381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.608567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.952927] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 214.961189] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.970140] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.068362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.327610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 218.625344] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 218.643638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 218.651784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.007031] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.013586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.020529] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.027124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.036185] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 219.262323] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.891136] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.897711] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.906169] device bridge_slave_0 entered promiscuous mode [ 219.985583] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.269202] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.275837] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.284205] device bridge_slave_1 entered promiscuous mode [ 220.645303] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 221.017168] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 222.037457] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 222.370460] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 222.768591] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 222.775795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 223.111171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 223.118356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 23:15:40 executing program 4: socketpair$unix(0x1, 0x10000000000002, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigsuspend(&(0x7f0000000040), 0x3e6) sendmmsg$unix(r0, &(0x7f0000000180), 0x4924924924925a6, 0x0) syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom$unix(r0, &(0x7f0000000000)=""/14, 0xe, 0x0, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e) connect$unix(r1, &(0x7f00002ffff6)=@file={0x0, './file0\x00'}, 0xa) [ 224.359007] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 224.367118] team0: Port device team_slave_0 added [ 224.697974] IPVS: ftp: loaded support on port[0] = 21 [ 224.786866] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 224.795138] team0: Port device team_slave_1 added [ 225.269553] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 225.276906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.285899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.804251] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 225.811416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.820514] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 226.122008] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 226.131330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 226.140573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 226.163787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.527193] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 226.535269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 226.544454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.747476] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 23:15:46 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)) [ 229.434877] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 229.441311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.449360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.645656] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 23:15:47 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)) 23:15:47 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)) 23:15:47 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)) [ 231.127415] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.133974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.140894] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.147511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.155927] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 231.188420] 8021q: adding VLAN 0 to HW filter on device team0 23:15:48 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)) [ 231.462261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 23:15:48 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)) [ 232.131527] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.138158] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.146628] device bridge_slave_0 entered promiscuous mode 23:15:49 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)) [ 232.518293] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.524967] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.533343] device bridge_slave_1 entered promiscuous mode 23:15:49 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)) [ 232.996740] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 233.424953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.538166] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.676557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.882906] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.264012] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 235.271052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 235.585477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 235.592710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 235.963019] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 236.540657] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 236.548878] team0: Port device team_slave_0 added [ 236.816342] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.824603] team0: Port device team_slave_1 added [ 237.049765] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 237.056259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.064220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.182231] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.189301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.198544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.409133] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 237.416499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.425230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.604420] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.612132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.620856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.893170] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 237.900744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.909714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.302208] 8021q: adding VLAN 0 to HW filter on device team0 23:15:56 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f2, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="2000000000000056b44c7380a61c90fdb5cb6f5503925c639be3c3509cc7c29512"]}) [ 240.645985] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.652622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.659587] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.666229] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.674724] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.681352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.933080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.727101] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 23:16:01 executing program 2: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x22}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000911000)={{&(0x7f00003e3000/0x1000)=nil, 0x1000}, 0x1}) r1 = userfaultfd(0x0) close(r1) clone(0x0, &(0x7f0000000280), &(0x7f0000001ffc), &(0x7f0000000140), &(0x7f0000000180)) read(r0, &(0x7f0000000400)=""/100, 0x64) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000000), &(0x7f00000000c0)=0x4) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000040)={{&(0x7f00003e4000/0x3000)=nil, 0x3000}}) [ 244.602547] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.608951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.616962] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.208314] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.801206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 248.343687] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 23:16:05 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x0, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) sendmsg$nl_netfilter(r0, &(0x7f0000d65000)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x4000000000003, 0x1, 0xfffffffffffffffd}, 0x14}}, 0x0) [ 248.889598] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 248.896120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 248.904346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 249.332140] 8021q: adding VLAN 0 to HW filter on device team0 23:16:09 executing program 4: socketpair$unix(0x1, 0x10000000000002, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigsuspend(&(0x7f0000000040), 0x3e6) sendmmsg$unix(r0, &(0x7f0000000180), 0x4924924924925a6, 0x0) syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom$unix(r0, &(0x7f0000000000)=""/14, 0xe, 0x0, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e) connect$unix(r1, &(0x7f00002ffff6)=@file={0x0, './file0\x00'}, 0xa) 23:16:09 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f00000001c0)) 23:16:09 executing program 5: r0 = accept4(0xffffffffffffff9c, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x80, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000000c0), 0x4) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000100)={'syzkaller0\x00', 0xfffffffffffffff9}) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000140)=[@in6={0xa, 0x4e24, 0xbf9, @empty, 0xda0}, @in={0x2, 0x4e21, @loopback}, @in6={0xa, 0x4e21, 0x5d02d3cc, @dev={0xfe, 0x80, [], 0x1d}, 0x9}, @in6={0xa, 0x4e20, 0x8, @mcast1, 0x24}, @in={0x2, 0x4e20, @local}, @in={0x2, 0x4e21, @multicast2}, @in6={0xa, 0x4e24, 0xd87, @ipv4={[], [], @rand_addr=0x101}, 0x2}, @in6={0xa, 0x4e21, 0xcb0c, @ipv4={[], [], @local}, 0x9a}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e20, 0x45, @mcast1, 0x2}], 0xe8) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000240)=""/101, &(0x7f00000002c0)=0x65) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x1c, &(0x7f0000000300)=[@in6={0xa, 0x4e22, 0x2, @empty, 0x2}]}, &(0x7f0000000380)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000440)={r1, 0x74, &(0x7f00000003c0)=[@in6={0xa, 0x4e20, 0x9, @local, 0x9f}, @in={0x2, 0x4e24, @multicast1}, @in6={0xa, 0x4e24, 0x9, @local, 0xa24}, @in6={0xa, 0x4e23, 0x8, @local, 0x8}, @in={0x2, 0x4e20, @loopback}]}, &(0x7f0000000480)=0x10) fcntl$notify(r0, 0x402, 0x20) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000004c0)={r2, 0x2, 0xa, [0x9, 0x1, 0x2, 0x6, 0x1, 0x800, 0x2, 0x2, 0x3, 0x43]}, 0x1c) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000500)={r1, 0xf4, "557ae8a2eb3fcc48fbc22428061abd2ed96f16621824a88301d1d50f4cd32094c209e2b2d1e5df85810705534c5236d35c784122f503a164e2fe711752b020117c27a726fb160273a7479d76b32971887d2eaed9ecd3fe40cfc1672320cddc78c06cb8b2126d5935f2e4cf4079e7457631ee49bd736588709afa477fe0258fbd3d052950a7477c8d23ea92201906a8320c282b70d41028b75aa47705050ef665e582f2b3d269c0a970dd044f43a31c123915ed46037b4e61a0d6c78ca375ab86aa702077ba17bf7f6c93c9e48825383ebc44943500763b3eb979d14930fff18ce011de5812e1df459a11d7ff4d9484f68c38242a"}, &(0x7f0000000600)=0xfc) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ppp\x00', 0x200000, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000680)=[@in6={0xa, 0x4e21, 0x6, @local, 0x1f}, @in={0x2, 0x4e21}], 0x2c) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff}) symlinkat(&(0x7f0000000700)='./file0\x00', r3, &(0x7f0000000740)='./file0\x00') getsockopt$IP_VS_SO_GET_VERSION(r5, 0x0, 0x480, &(0x7f0000000780), &(0x7f00000007c0)=0x40) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000800)='/proc/thread-self/attr/keycreate\x00', 0x2, 0x0) write$UHID_CREATE(r3, &(0x7f0000000940)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000840)=""/234, 0xea, 0x3, 0x20, 0x5, 0x2, 0x100000001}, 0x120) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000a80)=@req3={0x1, 0x4, 0x5, 0x6000, 0x80000000, 0x600000000000, 0x1}, 0x1c) ioctl$NBD_SET_SIZE_BLOCKS(r3, 0xab07, 0xfffffffffffffffe) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000ac0)='/dev/vga_arbiter\x00', 0xa0200, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000b00)=0x4) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000b80)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r3, &(0x7f0000000c40)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x100002}, 0xc, &(0x7f0000000c00)={&(0x7f0000000bc0)={0x34, r7, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) ioctl$KVM_TPR_ACCESS_REPORTING(r6, 0xc028ae92, &(0x7f0000000c80)={0x100000001, 0x80000001}) bind(r4, &(0x7f0000000cc0)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x80) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r6, 0xc058534b, &(0x7f0000000d40)={0x10001, 0x4, 0x3, 0x7, 0x400, 0x3}) syz_open_dev$ndb(&(0x7f0000000dc0)='/dev/nbd#\x00', 0x0, 0x480) r8 = geteuid() getgroups(0x1, &(0x7f0000000e00)=[0xffffffffffffffff]) getresuid(&(0x7f0000000e40), &(0x7f0000000e80)=0x0, &(0x7f0000000ec0)) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000f00)={0x0, 0x0, 0x0}, &(0x7f0000000f40)=0xc) getresuid(&(0x7f0000000f80), &(0x7f0000000fc0)=0x0, &(0x7f0000001000)) r13 = getgid() getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000001040)={0x0, 0x0}, &(0x7f0000001080)=0xc) getresgid(&(0x7f00000010c0), &(0x7f0000001100)=0x0, &(0x7f0000001140)) write$FUSE_DIRENTPLUS(r6, &(0x7f0000001180)={0x2b0, 0xfffffffffffffffe, 0x2, [{{0x4, 0x2, 0x2, 0xffffffff, 0x9, 0x7f, {0x5, 0x1, 0x10001, 0x7, 0x3, 0x2, 0x8, 0x0, 0x5, 0x1, 0x4, r8, r9, 0x2b, 0x1000}}, {0x3, 0x2, 0xb, 0x7f, 'syzkaller0\x00'}}, {{0x4, 0x1, 0x6, 0x5a, 0x3f, 0x0, {0x0, 0x0, 0x8000, 0x10000000, 0x0, 0x1f, 0xfffffffffffffffe, 0x2, 0x5, 0x8, 0x101, r10, r11, 0x9, 0xe26}}, {0x0, 0x7b63bb0e, 0x9, 0x3, 'bdevself('}}, {{0x4, 0x1, 0x8000, 0x3ff, 0x61bc, 0x6, {0x0, 0x3ff, 0x0, 0x100, 0x5, 0x8001, 0x1f, 0x7, 0xca4, 0x2, 0x80000000, r12, r13, 0xff, 0x1}}, {0x1, 0x8000, 0x5, 0x20, 'syz1\x00'}}, {{0x4, 0x1, 0x10001, 0x0, 0x7, 0x80000000, {0x4, 0x80000001, 0x2, 0x5, 0x1, 0x2e3c, 0x66, 0x8, 0xbe2f, 0x18000000000, 0x7ff, r14, r15, 0xeb}}, {0x3, 0xffff, 0x12, 0x80, '$ppp1(eth0userppp1'}}]}, 0x2b0) 23:16:09 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000200)='./file0\x00', &(0x7f0000000000)='xfs\x00', 0x0, &(0x7f0000000240)='\x00') 23:16:09 executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000140)=""/246) r1 = memfd_create(&(0x7f0000000900)="73970ddb08df8c656c667b7070703070707031236d643573756d00", 0x0) pwritev(r1, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r0, r1, &(0x7f00000ddff8), 0x102002700) 23:16:09 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x8d4}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x8, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0xa, 0xff00}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 23:16:09 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f00000001c0)) 23:16:09 executing program 3: socketpair$unix(0x1, 0x10000000000002, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigsuspend(&(0x7f0000000040), 0x3e6) sendmmsg$unix(r0, &(0x7f0000000180), 0x4924924924925a6, 0x0) syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom$unix(r0, &(0x7f0000000000)=""/14, 0xe, 0x0, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e) connect$unix(r1, &(0x7f00002ffff6)=@file={0x0, './file0\x00'}, 0xa) 23:16:09 executing program 2: socketpair$unix(0x1, 0x10000000000002, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigsuspend(&(0x7f0000000040), 0x3e6) sendmmsg$unix(r0, &(0x7f0000000180), 0x4924924924925a6, 0x0) syz_open_dev$ndb(&(0x7f00000002c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom$unix(r0, &(0x7f0000000000)=""/14, 0xe, 0x0, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e) connect$unix(r1, &(0x7f00002ffff6)=@file={0x0, './file0\x00'}, 0xa) 23:16:09 executing program 1: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x6) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) close(r0) 23:16:09 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f00000001c0)) 23:16:09 executing program 1: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000014c0)) syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x16, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) r2 = dup2(r1, r0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000003c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'team_slave_0\x00', 0x0}) bind$packet(r2, &(0x7f0000000100)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) sendmmsg$inet_sctp(r2, &(0x7f0000007080)=[{&(0x7f0000000140)=@in6={0xa, 0x0, 0x4, @remote}, 0x1c, &(0x7f0000000540)}], 0x342, 0x0) 23:16:10 executing program 4: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/hwrng\x00', 0x200, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000001240)={0x4, 0x948, &(0x7f0000000240)="1d9f5d852f02caf34a5890d272d98a6b8ca6057a40aa1282585adaeab9a58ead75f39ca3bd792e85e7ec3a5c95dbe0293219d72dd25cd1ba33ffdb36982a1b3ed632682c2dcb890eaa2fe116e7a343e311922de9b35a41d5e25686784a58d1d8a045b364434814c13e844583b4798f4c8a3475b79c544a71f1bccdcd98d6111bfd95f34e049f35e7b7296747bc7bd3e249933b1c8837296ee4a26c2b3e4853a40dd513433ada2f9b6c1e2f3601b5465657bfaa2040b8abbb6281af3dcb54c34a916e8b86721e6245bac1bfa1155c2a045140dd44992ecee28f803deaf01b53faf7282beb2a0b6a327dcfcb162d1fa0bf084a18a14c117b8884d0be2322508def038efcec0802c0e886d1c1578e95de1bd785b4520403f9770474f528e7974b72017aea5cef929dfea04b89e3a7755d26cdd179d1570b7ce4372e977dac72627feacf8f2b946a91e4610f4e4eef3eb988ad5fc0855c56215ca496312b6f0dfe2faa9a33662f3e90998c1aeb14d75b10ad53e7dfbdbf4ff58f8d8827fdf65b4ea49c931e526a818035a66227dd49c202815fbdf52b3f8d27463dcd7ab4ce6f0117c5c2a83de4cdb86037ea12d26a672f549f5871ff0eeac315f4e754c9e6bdcdfd51380ae7faa8544ad660599033a10c83f4a3da7ef4a567c90e7ff4cc4f859fcef4b7cb1cdb62b9933ddcd8bfdb0590500486a4f59125da65351df14f96ebd4509022231e3e7a0d598e04da56ffa5e38e856f123977c956484e3e8183e37c69ec7911e180ee2886517b79d396b7be49d5eeb7072bfe3907e4e04cd0e97f8e3eedae87e9140b9cfa34e759c560bec0d55c18b92dc3061399b8187e524512ff20d6280ae5ef8827496bb43469a305f9788bd5b015741141c0e8f46604a5ba650986a1f08a9c36eed5dd7cc8e4bdd8d78580be74c0f0af3c3bb3358199c0076501d8b3c8ea23f6c99bd1761ee46158125313aaf2ab5c9826a39ab6bd635d2b3b3fcf9952bcb54823ab029a396a0943760a5832c7efa63c45194507a32ef16744bd0a18e8f2df1e2a8c1ef375c7b0482267e8612fd3535405d09e35aa0816082fa99e2617c9decfc1c147846553f305dc412c103a4263d6e9366fdb3e42a6aac3ef74fc11f58457da0f110a0edf96e00d81ba2c57567aaebd0a16d2b964c4b20bb840fe1aa33236696c84b3ab62fd08204d4638c729362587247e04a67ce7b04bafd9ea14a535c5c6fc1f89dad6e1daf01bf85cdd5de9f3819e4ddfaa5d503b506b7a05c00c0406ae3f61337d4aab1a178cd6571bc1e2a7b3d20c0b134591303b5670504d9f555b41219cc383d089fec1edae38744e477917254067a84a536e5741feadde59da9a28c02fb4a2d23bb83ce993b7790f7c053eb3398bc1366165911ba6eb51195a27bc7bbfa82e8077b469c51cc70e13316d4571c9ec6d2a961f4a3a2dab096db7210c650889487d727d378349f79716d8c993d6b52fd82f3ab1d3da92651a213d0b2a330ccf34cf7547b646e317d78fea2abea31d90feda2f1c7fdb7571f77331dd685048f3aa783fc9435bbdc7a30f345811cfa1a2a5fbf8e8dd71dd685ce567b133e1b383dffc7c8c93da3548fd4e1dfe1c0f4a5d0a5db95e44dd95093d5d4b1179d31ac7b241140f84265a320deb0b3e0d9220ad0367ca3958053b5e412fcd7fa1e7ba65d173035205976e297d11a668f4f9391b15c8e2881f9716b91d63d66ec282d974d14b4f4de7e217aec3536b1b5b11b496b9488ca0c2c28b844115466bda1b3001707e0f38eb12d91aac41c9976370b04141ef88dcb54279e5b1310afa0916e8e8d0cf83a8725de520566606dec4a71cc6eca6a8aebd061d9bb44c5ffc759671ee9ae272b0bb2b0c5a55c05d8325703baffd2636ba04c05fcc0ab7ad14b7dc969358ae225284683ca5444bc836ad0686f3fbc0806e73e182d49082dff619585307f59800d5290a8117abc0bc50e8a2bdf2c685a73f7c08d6473e82a5f70e2d19583da13dc6dffe09ec60b80b081c90a5d32b77f31fc8c52575d53f2274aa9246cc100170ea879f3e0288785555a420eb60e2b9244f02de8183cfb2d66c65138214f2f7a3d3a417f3f3170756570d106284d12287a0b861e7d7bbc7591a5bbd4532e06462a42d991aa64524bdf93ee627434702af4a8f5b6327ba029d0ab8ff333411caed49ca647aed33f8aa221f497e9033243edaea700bc47a31002f9ef45bbe98275fe49850be96ab31529dafaf213325fb4704cc62175d74afe81afee4186a3075db9f7f21886de03b24f38580c904beeece6c8db1134612fc6cd49bb58fce706e3db7f2bcd919eb694c72ccce872c36304ad4afbc6f9b39e9cce784f471f2c13ccd5e855f20aed729ac649a2bbe18326dbdbda25570015f9195745964834f4b6a41367b858cc8850a9733444c34ebc708e94d5b65089ae8ef29883657a4cb5d5e46b82938277fd2ecb1f37cb0718d71ab55e7b0392131506219d02b27d815c5e5310bc61393f5c2c60667ad7b6a499aaa9ebba968f75cd613a35ee0f84cf9b74a54b4e1fe84e038616b9103f21b48fcf3530de1e01e98500a676da4f9bd50dc837125bd011fce17e54c5c40538a150725c821a723d500abf19c2cb8dfb192b234343216a57dc49f3d464c8aae255a59b85290e1f9073a9eea362d0a6e6999d4419741ca73d16aac19db307cb87b7c74181cfbbe0f588d664a65c2093ebd210ea8e105ffbb16c45c976cf157bfa46f18f7f6d21fe52c2a65853e634131bf16c755bf4125defab54c28c8427adf587f0fccd9b418fd591d4a6400b18c97532a84c8dd1358dd7db45aa540112bf3496a50049dc2c0007f650278e3bf209608af2faf7235e6ba2581e95c6b3560d0fb038cb805f9d1eb886935e43bb0faf3487a4a0a95265ae76b80d42b68477fcc592eb2dc9a5692638253930fcdd0a586060d40a0c7f824d4d4359fa762747d077d8f7263232a87a5d8da9671ffa81986866b7a69c9f6bac2c91a2468eada13e023f894617fc38e7acd38c63c47ff4cbde3362547011df55ce73a33490c557689fe9dbd131c81b2d6374b9bad487a25d87614a4d4fdb44c7ca603beb8e715712b71e31d56acad6817198a7445b16ad57029d5e4f49776f3a7520c658a78c4e40a367d0496c24cf339240db2b9fd64f80aaec8ed4d83cb71f117448697d7cd8013c4895ace9c8dcfc778b69d268cc5069ce50ba71e632322e1af568eaedc7eebdeae3b1cec6c148a57bc85137ed0c59ae420476ecdee807f5db40e73cd187ffd2edf0f833457f18b62825470feb49e9e2497b78cf895c48eb9e3543f44024a80161478b99588773145052498b8778d9c551c"}) r1 = socket$pppoe(0x18, 0x1, 0x0) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(0xffffffffffffffff, 0x111, 0x3, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet6_buf(r2, 0x29, 0x7f, &(0x7f0000001280)=""/4096, &(0x7f0000000d40)=0x1000) uselib(&(0x7f0000000d80)='./file0\x00') setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000200)={0x0, 0x86, 0x0, 0x0, 0x9}, 0x14) write(r2, &(0x7f00000000c0)="29e600fa4b9beccbb0e9e5587b3699b0bc17b6fbe04a3dda679c9f1afed7e1f5d5b8bfaa126cf26e334866c8c5320cae6f42a3f0658a3f96c88bc45b4d57", 0x3e) connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x5, @remote, 'ip6gre0\x00'}}, 0x1e) sendmmsg(r1, &(0x7f000000d180), 0x255, 0x0) 23:16:10 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000001c0)) [ 253.410688] IPVS: ftp: loaded support on port[0] = 21 [ 254.886925] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.893400] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.900866] device bridge_slave_0 entered promiscuous mode [ 254.977224] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.983738] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.991193] device bridge_slave_1 entered promiscuous mode [ 255.066911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 255.144802] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 255.377258] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 255.458030] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 255.608110] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 255.615203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 255.845825] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 255.853437] team0: Port device team_slave_0 added [ 255.929128] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 255.936811] team0: Port device team_slave_1 added [ 256.012989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 256.092863] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 256.171822] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 256.179095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 256.188232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 256.259209] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 256.266552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 256.275689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 257.129564] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.136030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.142972] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.149369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 257.157839] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 257.551935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 260.236748] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.526292] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 260.806530] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 260.812945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 260.820609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 261.105335] 8021q: adding VLAN 0 to HW filter on device team0 23:16:20 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000200)={0x0, 0x0, 0x0, 'queue0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={&(0x7f00000001c0), 0xc, &(0x7f0000000540)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0xc09, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ipip={{0xc, 0x1, 'ipip\x00'}, {0xc, 0x2, [@tunl_policy=[@IFLA_IPTUN_ENCAP_TYPE={0x8, 0xf, 0x7}]]}}}]}, 0x3c}}, 0x0) 23:16:20 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000001c0)) 23:16:20 executing program 3: r0 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xc0109207, 0x20000000) 23:16:20 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x8) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz0\x00'}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) dup3(r1, r0, 0x0) 23:16:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="ceca"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f0000000000)="0f01c8f20f35ba2000b000ee0f2336360fc76df20f2054440f20c0663504000000440f22c064f3e10a660f3a63a63c6700baf80c66b8bd08428766efbafc0cb066ee", 0x42}], 0x1, 0x0, &(0x7f0000000400), 0x100000000000000c) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23:16:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getrandom(&(0x7f0000000340)=""/3, 0xffffffe7, 0x0) [ 263.064469] input: syz1 as /devices/virtual/input/input5 [ 263.086324] netlink: 'syz-executor5': attribute type 15 has an invalid length. [ 263.118258] ================================================================== [ 263.125694] BUG: KMSAN: uninit-value in __vmx_flush_tlb+0x755/0x790 [ 263.132133] CPU: 0 PID: 7761 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #63 [ 263.139335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.148716] Call Trace: [ 263.151342] dump_stack+0x306/0x460 [ 263.155005] ? __vmx_flush_tlb+0x755/0x790 [ 263.159285] kmsan_report+0x1a3/0x2d0 [ 263.163122] __msan_warning+0x7c/0xe0 [ 263.166961] __vmx_flush_tlb+0x755/0x790 [ 263.171065] vmx_flush_tlb+0x94/0xb0 [ 263.174805] ? vmx_set_rflags+0x740/0x740 [ 263.178989] kvm_mmu_load+0x1656/0x3460 [ 263.183007] ? vmx_set_cr0+0x3510/0x3510 [ 263.187113] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 263.192308] ? task_kmsan_context_state+0x6b/0x120 [ 263.197278] ? __msan_get_context_state+0x9/0x30 [ 263.202067] ? INIT_INT+0xc/0x30 [ 263.205468] ? task_kmsan_context_state+0x6b/0x120 [ 263.210451] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 263.215939] ? kmsan_set_origin_inline+0x6b/0x120 [ 263.220816] ? __msan_poison_alloca+0x17a/0x210 [ 263.225531] ? put_pid+0x71/0x410 [ 263.229049] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 263.233424] ? put_pid+0x1a9/0x410 [ 263.236999] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 263.242408] ? get_task_pid+0x17b/0x270 [ 263.246438] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 263.250638] ? do_vfs_ioctl+0x18a/0x2810 [ 263.254736] ? __se_sys_ioctl+0x1da/0x270 [ 263.258913] ? kvm_vm_release+0x90/0x90 [ 263.262913] do_vfs_ioctl+0xcf3/0x2810 [ 263.266844] ? security_file_ioctl+0x92/0x200 [ 263.271382] __se_sys_ioctl+0x1da/0x270 [ 263.275420] __x64_sys_ioctl+0x4a/0x70 [ 263.279340] do_syscall_64+0xbe/0x100 [ 263.283174] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.288387] RIP: 0033:0x457579 [ 263.291619] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 263.310561] RSP: 002b:00007ff08b23ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 23:16:20 executing program 5: mkdir(&(0x7f0000508ff6)='./control\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f00007a7000)='./control\x00', 0xa4000960) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r2, &(0x7f0000000000)=[{&(0x7f00000001c0)=""/246, 0xf6}], 0x1, 0x0) [ 263.318299] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 263.325585] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 263.332872] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 263.340247] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff08b23b6d4 [ 263.347542] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 263.354851] [ 263.356495] Local variable description: ----error.i.i.i@__vmx_flush_tlb [ 263.363257] Variable was created at: [ 263.367030] __vmx_flush_tlb+0x103/0x790 [ 263.371118] vmx_flush_tlb+0x94/0xb0 [ 263.374848] ================================================================== [ 263.382227] Disabling lock debugging due to kernel taint [ 263.387704] Kernel panic - not syncing: panic_on_warn set ... [ 263.387704] [ 263.395105] CPU: 0 PID: 7761 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #63 [ 263.403707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.413078] Call Trace: [ 263.415716] dump_stack+0x306/0x460 [ 263.419413] panic+0x54c/0xafa [ 263.422695] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 263.428187] kmsan_report+0x2cd/0x2d0 [ 263.432040] __msan_warning+0x7c/0xe0 [ 263.435893] __vmx_flush_tlb+0x755/0x790 [ 263.440013] vmx_flush_tlb+0x94/0xb0 [ 263.443769] ? vmx_set_rflags+0x740/0x740 [ 263.447946] kvm_mmu_load+0x1656/0x3460 [ 263.451968] ? vmx_set_cr0+0x3510/0x3510 [ 263.456076] kvm_arch_vcpu_ioctl_run+0x879e/0x10a20 [ 263.461611] ? task_kmsan_context_state+0x6b/0x120 23:16:20 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000001c0)) [ 263.466584] ? __msan_get_context_state+0x9/0x30 [ 263.471367] ? INIT_INT+0xc/0x30 [ 263.474770] ? task_kmsan_context_state+0x6b/0x120 [ 263.479737] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 263.485226] ? kmsan_set_origin_inline+0x6b/0x120 [ 263.490101] ? __msan_poison_alloca+0x17a/0x210 [ 263.494818] ? put_pid+0x71/0x410 [ 263.498301] ? kvm_vcpu_ioctl+0x20a4/0x20b0 [ 263.502660] ? put_pid+0x1a9/0x410 [ 263.506239] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 263.511632] ? get_task_pid+0x17b/0x270 [ 263.515653] kvm_vcpu_ioctl+0x11a7/0x20b0 [ 263.519855] ? do_vfs_ioctl+0x18a/0x2810 [ 263.523948] ? __se_sys_ioctl+0x1da/0x270 [ 263.528130] ? kvm_vm_release+0x90/0x90 [ 263.532134] do_vfs_ioctl+0xcf3/0x2810 [ 263.536069] ? security_file_ioctl+0x92/0x200 [ 263.540611] __se_sys_ioctl+0x1da/0x270 [ 263.544627] __x64_sys_ioctl+0x4a/0x70 [ 263.548549] do_syscall_64+0xbe/0x100 [ 263.552385] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 263.557608] RIP: 0033:0x457579 [ 263.560824] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 263.579751] RSP: 002b:00007ff08b23ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.587494] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 263.594789] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 263.602078] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 263.609371] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff08b23b6d4 [ 263.616677] R13: 00000000004c003b R14: 00000000004d0108 R15: 00000000ffffffff [ 263.624995] Kernel Offset: disabled [ 263.628638] Rebooting in 86400 seconds..