[   57.325321] audit: type=1800 audit(1538967072.361:27): pid=6050 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   58.921061] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   59.796995] random: sshd: uninitialized urandom read (32 bytes read)
[   60.133981] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   61.702819] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts.
[   67.428312] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/08 02:51:24 fuzzer started
[   72.013864] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/08 02:51:29 dialing manager at 10.128.0.26:36867
2018/10/08 02:51:29 syscalls: 1
2018/10/08 02:51:29 code coverage: enabled
2018/10/08 02:51:29 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/08 02:51:29 setuid sandbox: enabled
2018/10/08 02:51:29 namespace sandbox: enabled
2018/10/08 02:51:29 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/08 02:51:29 fault injection: enabled
2018/10/08 02:51:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/08 02:51:29 net packed injection: enabled
2018/10/08 02:51:29 net device setup: enabled
[   78.371906] random: crng init done
02:53:28 executing program 0:

[  194.644466] IPVS: ftp: loaded support on port[0] = 21
[  197.060333] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.067153] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.075810] device bridge_slave_0 entered promiscuous mode
[  197.223173] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.229832] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.238313] device bridge_slave_1 entered promiscuous mode
[  197.373567] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  197.505497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  197.916058] bond0: Enslaving bond_slave_0 as an active interface with an up link
02:53:33 executing program 1:

[  198.057810] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  198.455193] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  198.462394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  198.781306] IPVS: ftp: loaded support on port[0] = 21
[  199.179195] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  199.187465] team0: Port device team_slave_0 added
[  199.377573] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  199.385667] team0: Port device team_slave_1 added
[  199.675311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  199.682428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  199.691162] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  199.863403] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  199.870440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  199.879549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  200.146117] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  200.154120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  200.163407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  200.372774] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  200.380408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  200.389895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  202.029202] ip (6331) used greatest stack depth: 53056 bytes left
[  202.161086] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.167633] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.176012] device bridge_slave_0 entered promiscuous mode
[  202.456318] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.462906] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.471305] device bridge_slave_1 entered promiscuous mode
[  202.775200] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  202.882915] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.889411] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.896480] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.903005] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.912059] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  203.035312] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  203.432530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
02:53:38 executing program 2:

[  203.780485] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  204.015480] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  204.308036] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  204.316816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  204.645928] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  204.653302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  204.754441] IPVS: ftp: loaded support on port[0] = 21
[  205.534208] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  205.542499] team0: Port device team_slave_0 added
[  205.840349] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  205.848471] team0: Port device team_slave_1 added
[  206.229452] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  206.236811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  206.245689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  206.581084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  206.590295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  206.599649] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  206.937342] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  206.945017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  206.954582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  207.265540] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  207.273459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.282409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  209.787471] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.794112] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.802719] device bridge_slave_0 entered promiscuous mode
[  210.097271] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.103912] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.112507] device bridge_slave_1 entered promiscuous mode
[  210.337635] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  210.422523] ip (6497) used greatest stack depth: 53040 bytes left
[  210.466682] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.473225] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.480153] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.486774] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.495571] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  210.512801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  210.579816] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  211.343838] bond0: Enslaving bond_slave_0 as an active interface with an up link
02:53:46 executing program 3:

[  211.667640] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  212.004714] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  212.012059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  212.395479] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  212.402687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  212.948378] IPVS: ftp: loaded support on port[0] = 21
[  213.423298] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  213.431419] team0: Port device team_slave_0 added
[  213.790759] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  213.799140] team0: Port device team_slave_1 added
[  214.214941] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  214.222260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  214.230952] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  214.532110] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  214.539157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  214.548106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  214.921454] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  214.929229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  214.938484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  215.257711] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  215.265497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  215.274751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  215.802707] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.160721] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  218.543653] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  218.552204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  218.560285] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  219.054297] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.060956] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.069771] device bridge_slave_0 entered promiscuous mode
[  219.275640] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.282240] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.289171] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.295863] bridge0: port 1(bridge_slave_0) entered forwarding state
[  219.304758] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  219.490808] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.497638] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.506155] device bridge_slave_1 entered promiscuous mode
[  219.861538] 8021q: adding VLAN 0 to HW filter on device team0
[  219.885224] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  220.181971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  220.285356] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  221.349966] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  221.702937] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  222.099558] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  222.106728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
02:53:57 executing program 4:

[  222.545779] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  222.553051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  223.705296] IPVS: ftp: loaded support on port[0] = 21
[  223.836176] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  223.844410] team0: Port device team_slave_0 added
[  224.292151] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  224.300312] team0: Port device team_slave_1 added
[  224.720178] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  224.727565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  224.736693] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  225.194859] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  225.202102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  225.210991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  225.607471] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  225.615438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  225.624802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  225.741385] 8021q: adding VLAN 0 to HW filter on device bond0
[  226.105043] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  226.113020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  226.122393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  227.407415] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  229.031806] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  229.038710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  229.046945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
02:54:04 executing program 0:

02:54:04 executing program 0:
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000780), 0xfffffffffffffceb, &(0x7f0000000880)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x1}, 0x1, 0x0, 0x0, 0x1}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000700), 0x1000000000000110)

02:54:05 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x80000000004)
write(r0, &(0x7f0000000040)="1700000014000db7ff000000040803000101ffce01c0016ed3cea856bc9c3eb3fb01ffa4f80c3df00f", 0x29)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x80, 0x0)
timerfd_settime(r1, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {0x77359400}}, &(0x7f0000000100))
ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f0000000140))

[  230.542118] QAT: Invalid ioctl
[  230.586751] QAT: Invalid ioctl
02:54:05 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x80000000004)
write(r0, &(0x7f0000000040)="1700000014000db7ff000000040803000101ffce01c0016ed3cea856bc9c3eb3fb01ffa4f80c3df00f", 0x29)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x80, 0x0)
timerfd_settime(r1, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {0x77359400}}, &(0x7f0000000100))
ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f0000000140))

[  230.837443] 8021q: adding VLAN 0 to HW filter on device team0
[  230.984410] QAT: Invalid ioctl
[  231.019746] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.026451] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.035042] device bridge_slave_0 entered promiscuous mode
02:54:06 executing program 0:
r0 = socket$inet6(0xa, 0xf, 0x8010000000000087)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x6)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}, @in={0x2, 0x4e23, @local, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf00]}], 0x2c)

[  231.276084] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.282801] bridge0: port 2(bridge_slave_1) entered forwarding state
[  231.289752] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.296367] bridge0: port 1(bridge_slave_0) entered forwarding state
[  231.305015] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  231.481255] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.487995] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.496692] device bridge_slave_1 entered promiscuous mode
[  231.624336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
02:54:06 executing program 0:
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000040)='./file0\x00', 0xc)
unlink(&(0x7f0000000380)='./file0\x00')

[  231.937433] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
02:54:07 executing program 0:
set_mempolicy(0xc001, &(0x7f0000000000), 0x0)
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'gretap0\x00', {0x2, 0x4e24, @broadcast}})

[  232.386129] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  232.602529] QAT: Invalid ioctl
[  232.625116] QAT: Invalid ioctl
02:54:08 executing program 0:
r0 = socket$inet(0x10, 0x3, 0xc)
dup3(r0, r0, 0x80000)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000000c0)={0x1, [0x0]}, &(0x7f0000000240)=0x8)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2000, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="14b31bc0c98a5202999e6d87c7a9b09f425e00002065370cad4113071977008000000000411a0d34369de9a130081554052e361d07e67515593d9fba6c5c8996deaff8716528f9b7", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=<r2=>0x0, @ANYRES32=0x0], &(0x7f0000000100)=0x28)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={r2, 0x80000001}, 0x8)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="240000000b061f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000080)=0x299fee27, 0x4)

[  233.118157] netlink: 'syz-executor0': attribute type 1 has an invalid length.
[  233.126205] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'.
[  233.166869] netlink: 'syz-executor0': attribute type 1 has an invalid length.
[  233.174506] netlink: 4 bytes leftover after parsing attributes in process `syz-executor0'.
[  233.655090] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  234.061401] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  234.429074] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  234.436288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  234.717996] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  234.725181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  235.881164] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  235.889480] team0: Port device team_slave_0 added
[  236.228495] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  236.236659] team0: Port device team_slave_1 added
[  236.325741] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.515571] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  236.522719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  236.531284] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  236.859767] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  236.867007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  236.875865] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  237.106291] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  237.114032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  237.123176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  237.421340] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  237.429457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  237.438507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  237.449725] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  238.666844] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  238.673388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  238.681101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
02:54:14 executing program 1:
r0 = semget(0x3, 0x2, 0x348)
semctl$IPC_RMID(r0, 0x0, 0x0)

[  239.901334] 8021q: adding VLAN 0 to HW filter on device team0
[  240.142294] bridge0: port 2(bridge_slave_1) entered blocking state
[  240.148795] bridge0: port 2(bridge_slave_1) entered forwarding state
[  240.155855] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.162396] bridge0: port 1(bridge_slave_0) entered forwarding state
[  240.171220] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  240.177898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  243.344693] 8021q: adding VLAN 0 to HW filter on device bond0
[  244.185182] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
02:54:19 executing program 2:
syz_emit_ethernet(0x140, &(0x7f0000000100)={@local, @link_local={0x12, 0x80, 0xc2, 0x0, 0xe000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x74, 0x2b, 0x0, @local, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f00000002c0))

[  245.005255] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  245.011888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  245.019658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  245.613413] 8021q: adding VLAN 0 to HW filter on device team0
[  247.739793] 8021q: adding VLAN 0 to HW filter on device bond0
[  248.258703] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  248.766745] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  248.773184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  248.781450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
02:54:24 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0)
read(r0, &(0x7f0000000640)=""/28, 0x1c)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, 'port0\x00', 0xa9824f69d1376637, 0x10800a})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000200)={0x2000000021, @time})
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0x402c5342, &(0x7f0000000180))
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0)

[  249.212357] 8021q: adding VLAN 0 to HW filter on device team0
02:54:26 executing program 4:
pipe2(&(0x7f0000000040), 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000f61000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@time={0x77359400}}], 0x30)
dup2(r1, r0)
dup2(r0, r2)

02:54:26 executing program 0:
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r0=>0x0]}, &(0x7f000095dffc)=0x8)
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000040)=0x40, 0x4)
r1 = socket(0x1, 0x7, 0x64)
ioctl$SIOCGIFMTU(r1, 0x8921, &(0x7f0000000400))
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80000001f00100026bd7000ffdbdf257f000001000000000000000000000000000004d30a003c000000000000000000000000000000000001000000063500006000120061656769733132382d6165736e690000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000980000000000000062b3a1087f166dfac459ba759eec2635bbb841000c001c00", @ANYRES32=0x0, @ANYBLOB="030000002c001300fe800000000000000000dd00000000bb00000000000000000000ffffe0000002000000000a000000"], 0xd8}, 0x1, 0x0, 0x0, 0x80}, 0x1)
fstat(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
getresuid(&(0x7f0000000140), &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0))
r4 = syz_open_dev$adsp(&(0x7f0000000440)='/dev/adsp#\x00', 0x80000001, 0x420840)
ioctl$KVM_DIRTY_TLB(r4, 0x4010aeaa, &(0x7f0000000480)={0x5, 0x2})
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
r6 = fcntl$dupfd(r5, 0x0, r5)
fcntl$lock(r6, 0x7, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xfffffffffffffffb})
ioctl$TCSETA(r6, 0x5406, &(0x7f00000003c0)={0x0, 0xaba, 0x100000001, 0x0, 0x9, 0x7fff, 0x8, 0x5, 0x1, 0x10000})
splice(r6, &(0x7f00000004c0), r5, &(0x7f0000000500), 0x4, 0x8)
setreuid(r2, r3)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={r0}, &(0x7f0000000080)=0x10)

02:54:26 executing program 5:
r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x3a0a, 0x100)
ioctl$KVM_GET_FPU(r0, 0x81a0ae8c, &(0x7f0000000040))
ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f0000000200)=0xa0b)
readlinkat(r0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)=""/30, 0x1e)
write$P9_RFSYNC(r0, &(0x7f00000002c0)={0x7, 0x33, 0x2}, 0x7)
poll(&(0x7f0000000300)=[{r0, 0x200}], 0x1, 0x3f)
fadvise64(r0, 0x38, 0x80000000, 0x1)
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000340)=0x7)
preadv(r0, &(0x7f00000004c0)=[{&(0x7f0000000380)=""/39, 0x27}, {&(0x7f00000003c0)=""/229, 0xe5}], 0x2, 0x0)
ioctl$KVM_GET_TSC_KHZ(r0, 0xaea3)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000540)={0x5, &(0x7f0000000500)=[{<r1=>0x0}, {}, {}, {}, {}]})
ioctl$DRM_IOCTL_UNLOCK(r0, 0x4008642b, &(0x7f0000000580)={r1, 0x4})
execveat(r0, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000740)=[&(0x7f0000000600)='/dev/dmmidi#\x00', &(0x7f0000000640)="7365637572697479a970726f637b00", &(0x7f0000000680)='/dev/dmmidi#\x00', &(0x7f00000006c0)='/dev/dmmidi#\x00', &(0x7f0000000700)='#\x00'], &(0x7f0000000840)=[&(0x7f0000000780)='\\eth1\x00', &(0x7f00000007c0)='/wlan1\\em1\x00', &(0x7f0000000800)='/dev/dmmidi#\x00'], 0x1000)
r2 = open(&(0x7f0000000880)='./file0\x00', 0x202000, 0x1)
write$binfmt_elf64(r0, &(0x7f00000008c0)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x8, 0x5, 0x6, 0x5, 0x3, 0x3e, 0x100000000, 0xfa, 0x40, 0xfa, 0x6, 0x8, 0x38, 0x1, 0x7, 0x6, 0x4}, [{0x7, 0x0, 0x10000, 0x8, 0x0, 0x8, 0x634432, 0x3ff}], "c241d5588dccb05c5392f0bb8a151e2f85c047f4ce73a362690985d7bf6953de51b23e872906e44b4d898db89d9d656f1049d2a25063399944a962bf76652fb1abe88de314e6e443e6963e1377b84a72844b43bfba77197dfddac33d420c9f108c47c5e0772096c3bc5e7f78516bbdcd50b81a24a8a3ae44bf446e0349ed1e8946d78409025be28f2953ea096e73e5315296eaf8ef310b7964e24bd0c863c235c55f7b59367631538b314487bbbe484920629a9c2b2ab6f2fe08233cca5484d4153482fb882295fc3e7cd840988a050609df8b0f715cd0c5da6d58b0da89d36acc493f8f6eab2def11660d78673598a90ae1e0e8bb313d49f68ee2a956d88cfd0bb5719cdd92d4e4fdd2bcfca9f3410768ea414283bed381cb80fcd9ca766b113da48cb428bb042f5a642e841c5cf057370842402652dce51627063f746b473135e165d559b1f85dfc81f446216d6612ac9b10463ce787ce4df678c6ce4db828949f599248e27c5363f96312d1c0e422ea00eab62c6394a30a74b4e9024247a42fe67b57dd5ea0e83be1a1495655b7f9c3d56040444b851c650ffc355a75e0167cb2e2084c7afadbde090fea7bba514bfcc2e132df23017fcdc2d66155ce924be5014fba8134b38ba4c2439cb6a2737bd9ca881b0588a85e222fd88294003df3c13a54072e96882f03b06eb5d6fdf3eda0a30f262ab47e69dd231358184fd2aa4c0c1c5dd53555dca8af2fb6ada007913dd08cd7ba75eca2f7262e778bc7ecc7aa0f2fb4bbbd4731fdac9d1a0712be2d67f821b43d2107e04bb27b0df2c0e26ed9cba093e5fefb5444e0c8250da184906a9452b37d74bdfbd41e3973dc14d3295481f49e12ec43db613eb103dbed7c3de8db932806eb44e65de9d1227c259f36d5288714bd10afe12d982c518667b158ed0189cbba16f8e5919da118af860762e251b97526288f6bb3a32273eea4e76462c0729d8066f7f7b5a14651f71bcbdd93c2a3585376e7bdde4c3b28cc129be303ff25f85d2f7872d012c58d8ad42bb9525ed38b77e817d1b10d3846f57932908aac3344393910ed114f8137199833b84d1bfd459d5c070a9b21abce176099f20ce7a948878c2854e5cbecfa0a31741dc5bfcb14fa4f712a1ed066c70190cef5a7351fa0118c83229f565d78a3da7d8b76a687905f6a101946582ae2428b69ed50b9b35bc42348f1e2278a1ffe9a9e9045db312f465258bbcd911ae3671d1b3b1395c4785de56e0f5b5d177b7a46ffbae27490bce40a1b9e4a8c6ded7f6c7cd63e1869ae6699f6c50833d7a1bdcd98e73a52d7e37cb274f46786e4c3851699b3fef397f55caef7dd622c6af1c0a6cc7b04bb52bb7ffcb95bf019b41812dc3eb5dd7d79cfbce71af13292353d6a14b6cbc97e560257fe17b454715c1ce241ceef8fb39e17d7fc047ce1ad4293bcd590ae436cb57fbe3315eef62039fcf16ae42f7b2e4edd699edcd4cd7182009da9ab7ef35ca22a7c3b18cc162968a29c7dad4ee74edbd19ca2ad9459f752fbc83f839030fc3d4d369abb87d20d0b337597c81d2e85cdb244ded4ed3c59b143321435b6f96c1789911a00f0a112dd37bf062bdb60d1b3eba532f450e1fc08a6ab53e4c64b434a7f35a5176bbcf8781e8e387466b20428cdddebeb6750c59960ad62db56a1deab4eac61ed3aa6d159e542415d027c8c0655583aad4813a1fac1d75840ed35f292a9e29f89581b142f45df3de3b55797e458a7c4e31745c13c313eb11213de649136df6bc9488a5fe4bba41b6ca3cc534911194fe4a951f5890ba3e9a4b0404928c5406768b82003203038a33af26eb50935e5b62bca903d723118bd4777f21e87a154505cba2109994f12388caf7d1855ff59f5ade8dfdbb6f277c73700adbbd952bab4745ea1923d4775facf0d3c634077874787cdd6534424cca95015382bcb6b0e4be96f0fe728c9a3cb06429ea3b49e16b96ee5bc8d0ce7693423f19b2ce6ad3b165d132047c30a3679488bfb6ae35b0bb9c7b6c119701cf90bc3ea0d3a948838ed0531c07ba8dbeb174f2b10553a6f72f453d06230f0587fe1d1a2deadbc4da7b1f57bd92d8461def2945483fa6aef8f51afe4b63290a98cdef8c62ae853c863c2622da3b2afbc9dba88512c4813f8cfd530d27b6201a1893d03a7f5a437c6c48d444b3036b80e223c9da3a4d73f84733844cae48af5e0d7051f3eaec17088329f121be44556840d567325f56bed43896e428f4d57460364c803562ed41bacfe71a9025a3bf8993445b6c7b34bd2b14fbe30550ce426f91c05a8127af2e2ffab9c357eed1050368fb0d8cb4487083409eb20b6e192e8c5724f4afa9f40cd31da2e86840e2430a86516830b4077fe834fe8abb60a73438b49ba09788839b71af5c7419ac4cc4ce6b3c129f270dbedd9670cdb418b72bedaf021ce499827dfcb8a72e5f5e23f68af5eabbc3274919961809c01d777e2d32fb5c3b9df97cd79a094a7bc6bdd2f511ee20045aaca53b531b44e2ab3f33d125d1f7811292fd797bf5abd10d6a3d54744e2e73f7f33fbf98f0172d657ed2af790676229d39536812224fc9060de14d0d41dbaba77d59219174c15b657dd20769436206a518a86a1cdae53b6ccef3113eb1fd16bd0aa78e635fbe21afbf7e3479b83d8f6f710dc101318b87750592c155e9d57f817c78327c7b6d667c5bb604169f3d728cbe9cb285c8466a641bf7ae1fafeffffc813f440262688166560c417a7709c1630c619cab837c3474d4948bab88519c846dcc8b03f617d9417ee08f1188f04d7611d3b46fc25507cea29b43b62a6f6636cec4dc6f585f857a182ee27d2e4829d585f5a3ed478ddb0221f3aed0aa9fe4fb4497b29855a5c5e7d844e4b4b2aa5eb52e55fdbed1eb980eb2f9b18fe756ea4217f6a4709b4ae8d7207942dc725b48a1e2def49a140f7edb085718cd682fbb6accd00261073d4e147926ebd5cb21581e45f295a7cdaaf435a0a8ddd144ebe71969a9d7f71a3df25322ef0d39c2923786174e13faac3402e4b31b0f26ad7207b9bce4f61844b5d825bda4e0dec63bd95a6d8380c5a66c8f24b0a11e44fbf66fc1d36d70fb2cbc6f6f399067e46c202562d9c2fa03e97d08a71a1585e4bed2764ca7c99cb1977671953316f42d7be2e2c4238bec85bdb96fb82283f3e80c868cf1be9267050e745075d7c117aaeb2f0f102adb97ea0230b7d66c6b2968ce8678dddcf5dde8dbd2393ba9562c637c4b377d7ee01951e4d9bf7224ad134ff0c53985c2ed23843fafafb0b5dee75081f43b83c495e35d17b99a36fb270448b72e2e6feafc750c93e41ce649259a141993bda4e7a47a1bab82f3fbe76e48d9f5df7c04b37145a0fcb046336981debfc8c5fe8a16e315dd92eb3b6c9077635b58368a2ab5d6e71401c99971b76294059cc01f411d14f728680dcbd616fab232aa71e346a39f14f59701d20d06c81a61b6f2ab886a4d7a5bd058293e525acf29e172ed200a682649c21b2cb8255e8f4e124e41e74a78cace3d1eeb8727f47cee02eb645f4c660857e32435cb6e269a83257f133b9e71183f4b78d87c6d75e0c78aeb1b804f7ede0a5293a71dd2add590629ff9753f6991615510470dd03501a4c508cfa539f9f40f79be1b3e52b3ce9c403e4b5b69875ce5d9476e424c099511cff82b0a58a0f54bbcad33a255ed943280d0f3a4559ee9bc8a6ee64ed9e80634b3fe8f023c9a3cdfb1716adc40dc22fb745484aa6ab130279c84bf093d1b01b606b3181670bb63b1187bc26be5d343d5a690d87d09ba60fb137094a1d8d02ffc35583aec112f760e55a622450d02d07d64029029394946e2909b4782a5d4a95f5d9e0c153242348489c2bb5c2d6f8481bc28f8f47e2e52d27dc50fdfd334752cb02a07fecc40911f840544a93c18c33329dc35d1e2cd3bbec46248e67c8c7b96899540e6990f6c44ebbad8020cd56a4ce7b04de5533972c7875b3ab12368929472e8eca13edc2b38d7d6a57a24d4527d87a7ccf331167fb1c8e9664db256abdb22dd2009edc08c5b5a39bd361363a48030df1855d5f08b077c7473900d8f4662b8f9aec0aa3377c59ec3aa9f94f65b728feb6bfdf255fc21a970e39f89542c13c0bdea57878e356fd73c3574e8247b93aa4236ecac64188b6ab2b2cd92ea2c0b03d500c3697ec6f4df3066ddc762f4498ff2fd22809b3b219149a219b345ecd65ce01743aa8eea3392e6dea104748462255c1812f8481fc77fc52f5bc380baecc84643bedb5532549c1736c732673a11fcdf6b2513c368f92d5feb6ba3ee4b7db50d12e96107b2d2b0a67f4fbe86fe2289352dbb24135b3cad14f92a6ccbff5bcfd4e0584d898334e2a413601fb2a6a4e2b4c0271a09aa5857c35ddd7e91b26568fc070959397e62d5fea4d4645ce9c15a3618be7b05ffd7d432a62abc042b3f7b4c6f57d4b3faed9b2382564de32fb902b27eee3a4b94dcd5d5c17ac496ab108b4f9095f7e65565dfb4af465347f06c420c0943ded4741eb7458e817e7d364b9bd54c8f8da1afc528ae6508ab271cacebf7895652533b4163c57f30c5dda7a8481f0539bccd6afca2fc25e2e5d641613ae18a7204dab686b841e00bcc162a9b153d6288ce6bf938434221052f1766618d90b35d693c5045d520b90fa762637f6a37bb8c4489d1beaf4f94e87e746bbf8045365c32a7ea536e0839151457d64bc0854a5ffd5897e50f58611699e15dab74b8c96e76a06bf0f9e283e69484ef66ceeab39c77ab192e6d9c6c99e641d4ec31aecdf9d694f842c51ee51160efe363669b2cb1cde75aeb82ac44b2f0265112efb931c291477b7238d5e4b5bed0779291ef63adca55747cb38b5ff65f271432c84842c1bc77981e4f4602619cff2323496205f7046b3fde48647b91e5130d671aa43b227018a92c49ac4e7297f199d5a69ac82389da18ca150e55043711402793b41cf78fb8ef046d869baf4701ea021f153912003a4a9db2fdb6c83047b9d4dd5c1a0efce6e763faf61fc3ff5b226a368e642cdc20313f863c0e80729bbbf362675a3c178fbb63084169483e5b5ab89fa798d0eb2ceb8d3a4ca94d99a8ca0b97d8a842a81d1017aa3ea434a754de15e1c87794c3a8f4f81830a9c65ddea6ec363a1fc75fe0a4368e5908107831cf99e954983ef18967a8f9345ea3a86f127ca8844640c52923f8007bd6a18eef8210e7d0118f4c148c5e265c35f46865855a5752168db764bddc401158de88118c7d2edf519c0b2ada6e1cf42a66be76c07d69522080fd04330400fe9f37a6105278b37a0c0fd67af6444fcbf29c55b7aaac981579026f2eb6feafe68929aae231cb77345a04ede51ecec91ccceef7377e2c1e285907f67458f1d3317f3545668355aa29eba7b09cac0012500ebafb1bf80e61bfd4c670077194f5057cd45e1a43f402779116f9827c5e6f3e344f1e7fbc959a2a199dbba1a393cf2a587563b443df38fa6166ae91556359db33d35c0db65bb6a515d0d113feda28d1405128b14e1113e1b6645121af438613417684e3e15fdf1fb0cad6dbecc5b1225972fb8eaad2f1e2e443996d1e235061927092ec9af6d9a13e882fb8158630aa32ca8947cc54450aee9e38c0932b78acab4f106cfdce2bfcc92830f37daf8d02159b56a1ea27088613fe6847ffc5b045b18f6df7233231e53c9d4741fd3f1a3471b17cdd4a4c9bfbb34367e39b6a79ffdcd840bf14fa13b9f6068c76036e04db7e69ee1a6ac79e241f6d633642a1665ed3544842cdae09d54c6bb", [[], [], [], [], [], [], [], [], [], []]}, 0x1a78)
openat$cgroup_subtree(r0, &(0x7f0000002340)='cgroup.subtree_control\x00', 0x2, 0x0)
setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000002380)=0x8, 0x4)
connect$bt_rfcomm(r2, &(0x7f00000023c0)={0x1f, {0x1, 0x10000, 0x101, 0x80, 0x9, 0xfc}, 0x3ff}, 0xa)
ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f0000002400)={0x1, 0x1, [@broadcast]})
ioctl$DRM_IOCTL_ADD_BUFS(r2, 0xc0206416, &(0x7f0000002440)={0x100, 0x3, 0x3cdc1cd7000000, 0x5, 0x10, 0x8})
ioctl$FIONREAD(r0, 0x541b, &(0x7f0000002480))
r3 = syz_open_dev$sndpcmc(&(0x7f00000024c0)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffff9, 0x802)
ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, &(0x7f0000002500))
ioctl$KDGKBMETA(r3, 0x4b62, &(0x7f0000002540))
ioctl$TIOCSWINSZ(r2, 0x5414, &(0x7f0000002580)={0x3, 0x400, 0x100000000, 0x3150d253})
ioctl$sock_SIOCGIFCONF(r3, 0x8910, &(0x7f00000025c0)=@req)
syz_extract_tcp_res(&(0x7f0000002600), 0x0, 0x354)
ioctl$GIO_FONT(r3, 0x4b60, &(0x7f0000002640)=""/39)
pwritev(r3, &(0x7f0000002680), 0x0, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000026c0)={0x4, {{0x2, 0x4e20, @loopback}}}, 0x88)

02:54:26 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000023000)={&(0x7f0000024000), 0xc, &(0x7f0000023ff0)={&(0x7f0000010ec4)={0x14, 0x27, 0xaff, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)

02:54:26 executing program 1:
perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x9, 0x7, 0x20000000008, 0x3}, 0x2c8)

02:54:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x2, 0x0, [0x40000081]})

[  251.251233] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  251.385761] ==================================================================
[  251.393198] BUG: KMSAN: uninit-value in vmx_create_vcpu+0x10df/0x7920
[  251.399862] CPU: 0 PID: 7555 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #63
[  251.407068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  251.416438] Call Trace:
[  251.419055]  dump_stack+0x306/0x460
[  251.422708]  ? _raw_spin_lock_irqsave+0x227/0x340
[  251.427596]  ? vmx_create_vcpu+0x10df/0x7920
[  251.432068]  kmsan_report+0x1a3/0x2d0
02:54:26 executing program 0:

[  251.435908]  __msan_warning+0x7c/0xe0
[  251.439741]  vmx_create_vcpu+0x10df/0x7920
[  251.444015]  ? kmsan_set_origin_inline+0x6b/0x120
[  251.448893]  ? __msan_poison_alloca+0x17a/0x210
[  251.453608]  ? vmx_vm_init+0x340/0x340
[  251.457527]  kvm_arch_vcpu_create+0x25d/0x2f0
[  251.462061]  kvm_vm_ioctl+0x13fd/0x33d0
[  251.466083]  ? __msan_poison_alloca+0x17a/0x210
[  251.470800]  ? do_vfs_ioctl+0x18a/0x2810
[  251.474913]  ? __se_sys_ioctl+0x1da/0x270
[  251.479094]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  251.483981]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  251.488896]  do_vfs_ioctl+0xcf3/0x2810
[  251.492866]  ? security_file_ioctl+0x92/0x200
[  251.497424]  __se_sys_ioctl+0x1da/0x270
[  251.501446]  __x64_sys_ioctl+0x4a/0x70
[  251.505364]  do_syscall_64+0xbe/0x100
[  251.509199]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  251.514418] RIP: 0033:0x457579
[  251.517630] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
02:54:26 executing program 2:

[  251.536554] RSP: 002b:00007fc4dea89c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  251.544300] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  251.551600] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  251.558903] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  251.566197] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4dea8a6d4
[  251.573487] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  251.580834] 
[  251.582505] Local variable description: ----c.i.i.i.i.i.i@vmx_create_vcpu
[  251.589438] Variable was created at:
[  251.593182]  vmx_create_vcpu+0xd5/0x7920
[  251.597264]  kvm_arch_vcpu_create+0x25d/0x2f0
[  251.601761] ==================================================================
[  251.609147] Disabling lock debugging due to kernel taint
[  251.614619] Kernel panic - not syncing: panic_on_warn set ...
[  251.614619] 
[  251.622020] CPU: 0 PID: 7555 Comm: syz-executor3 Tainted: G    B             4.19.0-rc4+ #63
[  251.630608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  251.639990] Call Trace:
[  251.642629]  dump_stack+0x306/0x460
[  251.646303]  panic+0x54c/0xafa
[  251.649569]  kmsan_report+0x2cd/0x2d0
[  251.653419]  __msan_warning+0x7c/0xe0
[  251.657258]  vmx_create_vcpu+0x10df/0x7920
[  251.661522]  ? kmsan_set_origin_inline+0x6b/0x120
[  251.666400]  ? __msan_poison_alloca+0x17a/0x210
[  251.671120]  ? vmx_vm_init+0x340/0x340
[  251.675040]  kvm_arch_vcpu_create+0x25d/0x2f0
[  251.679571]  kvm_vm_ioctl+0x13fd/0x33d0
[  251.683643]  ? __msan_poison_alloca+0x17a/0x210
[  251.688365]  ? do_vfs_ioctl+0x18a/0x2810
[  251.692453]  ? __se_sys_ioctl+0x1da/0x270
[  251.696637]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  251.701504]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  251.706408]  do_vfs_ioctl+0xcf3/0x2810
[  251.710409]  ? security_file_ioctl+0x92/0x200
[  251.714982]  __se_sys_ioctl+0x1da/0x270
[  251.719002]  __x64_sys_ioctl+0x4a/0x70
[  251.722926]  do_syscall_64+0xbe/0x100
[  251.726765]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  251.732002] RIP: 0033:0x457579
02:54:26 executing program 0:

[  251.735228] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  251.754153] RSP: 002b:00007fc4dea89c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  251.761893] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  251.769189] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  251.776478] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[  251.783782] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4dea8a6d4
[  251.791103] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  251.799394] Kernel Offset: disabled
[  251.803035] Rebooting in 86400 seconds..