[ 58.057385] audit: type=1800 audit(1539132704.093:27): pid=6130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 59.613458] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 61.366204] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.763312] random: sshd: uninitialized urandom read (32 bytes read) [ 64.351832] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. [ 70.167161] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 00:51:58 fuzzer started [ 74.967568] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 00:52:03 dialing manager at 10.128.0.26:44001 2018/10/10 00:52:03 syscalls: 1 2018/10/10 00:52:03 code coverage: enabled 2018/10/10 00:52:03 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 00:52:03 setuid sandbox: enabled 2018/10/10 00:52:03 namespace sandbox: enabled 2018/10/10 00:52:03 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 00:52:03 fault injection: enabled 2018/10/10 00:52:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 00:52:03 net packed injection: enabled 2018/10/10 00:52:03 net device setup: enabled [ 79.943199] random: crng init done 00:54:04 executing program 0: [ 199.424494] IPVS: ftp: loaded support on port[0] = 21 [ 201.533736] ip (6324) used greatest stack depth: 53056 bytes left [ 201.832965] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.839446] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.848277] device bridge_slave_0 entered promiscuous mode [ 201.992027] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.998492] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.006965] device bridge_slave_1 entered promiscuous mode [ 202.148153] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 202.287938] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 202.718149] bond0: Enslaving bond_slave_0 as an active interface with an up link 00:54:08 executing program 1: [ 202.947155] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 203.177124] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.184350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 203.463855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 203.470891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 203.537637] IPVS: ftp: loaded support on port[0] = 21 [ 204.072563] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.080771] team0: Port device team_slave_0 added [ 204.258190] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 204.266627] team0: Port device team_slave_1 added [ 204.424461] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.431739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.440560] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.644010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.651125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.660212] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.927376] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 204.935184] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.944515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.210875] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 205.218598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.227855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.255597] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.262165] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.270629] device bridge_slave_0 entered promiscuous mode [ 207.459883] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.466687] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.475371] device bridge_slave_1 entered promiscuous mode [ 207.704362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 207.819321] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.825894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.832933] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.839397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.848389] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 207.946702] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 208.261820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 00:54:14 executing program 2: [ 208.827441] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.140357] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.452678] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 209.459739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.656524] IPVS: ftp: loaded support on port[0] = 21 [ 209.780212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 209.787562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.640048] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.648282] team0: Port device team_slave_0 added [ 210.905720] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.913998] team0: Port device team_slave_1 added [ 211.189623] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.198530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.207393] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.514761] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.521902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.530853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.846782] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.854517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.863695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.181935] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.189498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.198319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.852199] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.858687] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.867427] device bridge_slave_0 entered promiscuous mode [ 215.167044] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.173771] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.182354] device bridge_slave_1 entered promiscuous mode [ 215.470556] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.477117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.484145] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.490637] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.499580] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 215.507354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.795960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.262054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.415920] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.744967] bond0: Enslaving bond_slave_1 as an active interface with an up link 00:54:22 executing program 3: [ 217.084416] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 217.091907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.408949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 217.416197] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.090844] IPVS: ftp: loaded support on port[0] = 21 [ 218.432061] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.440121] team0: Port device team_slave_0 added [ 218.844839] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.853092] team0: Port device team_slave_1 added [ 219.327017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 219.334169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.343279] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.694354] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.701418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.710582] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.046573] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.054298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.063461] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.257531] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.436729] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 220.444416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.453419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.587424] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 223.171279] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 223.177764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.186119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 224.008965] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.015583] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.024353] device bridge_slave_0 entered promiscuous mode [ 224.430951] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.437599] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.446171] device bridge_slave_1 entered promiscuous mode [ 224.479466] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.486033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.493037] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.499529] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.508575] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 224.676961] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.756160] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 225.037668] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 225.223959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 226.124862] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 226.480455] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 226.832422] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 226.839489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 227.146246] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 227.153541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 00:54:33 executing program 4: [ 228.283999] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 228.292136] team0: Port device team_slave_0 added [ 228.773008] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 228.781096] team0: Port device team_slave_1 added [ 229.163224] IPVS: ftp: loaded support on port[0] = 21 [ 229.286888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 229.299255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.308419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.718109] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 229.725440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.734395] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.160621] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 230.168305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.177631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.583596] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 230.631869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.641036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.210219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.887697] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 00:54:40 executing program 0: sched_setaffinity(0x0, 0x375, &(0x7f0000000140)) recvmmsg(0xffffffffffffffff, &(0x7f0000001f40)=[{{&(0x7f0000001700)=@alg, 0x80, &(0x7f0000001c40)}}], 0x1, 0x0, &(0x7f0000001e80)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="e180db4e3b23cdde86a3b7ae4fdb961983a44c4bca5351a6904cf9b053d46ee6", 0x20) r1 = accept4(r0, 0x0, &(0x7f0000000000), 0x0) recvmmsg(r1, &(0x7f0000001bc0), 0xfe, 0x0, &(0x7f0000001d00)={0x77359400}) [ 234.817796] hrtimer: interrupt took 74531 ns [ 234.887484] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.893990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.902295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:54:41 executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x0, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000040)=0x100, 0x4) read$FUSE(r0, &(0x7f0000000680), 0x1000) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x4) [ 235.458184] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.464771] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.471850] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.478369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.487319] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 00:54:41 executing program 0: mkdir(&(0x7f00000006c0)='./file0\x00', 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000080)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f0000000200)="dcd8bdb7ef62f3f700") mount(&(0x7f0000d04000), &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0)) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000100)='y\x00', 0x2, 0x2) mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0)) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00') [ 236.344971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 00:54:42 executing program 0: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x8000, 0x0) socket$pptp(0x18, 0x1, 0x2) write$P9_RREADLINK(r1, &(0x7f00000000c0)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, r0, 0x0) [ 236.702654] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.709136] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.717665] device bridge_slave_0 entered promiscuous mode [ 236.760092] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.179757] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.186483] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.195070] device bridge_slave_1 entered promiscuous mode 00:54:43 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x11f}, 0x2c) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x1, 0x5, &(0x7f0000346fc8)=@framed={{0x18, 0x58}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x0, 0x1}]}, &(0x7f0000f6bffb)='GPL\x00', 0x20, 0xfb, &(0x7f0000000080)=""/251}, 0x48) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000180)=""/4096) [ 237.540454] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 00:54:43 executing program 0: bpf$MAP_CREATE(0x0, 0xfffffffffffffffd, 0x85b8ebdd2b3c8112) r0 = socket(0x11, 0xa, 0x1) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e22, 0xfffffffffffffffd, @empty, 0x1}}, [0x4eb, 0x7, 0x100, 0x1, 0x9, 0x6, 0x100000000, 0x7, 0x1000, 0x6, 0x9, 0x3, 0x7fff, 0x1, 0x2]}, &(0x7f0000000100)=0x100) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={r1, 0x4}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000340)=0xffffffff, 0x4) pause() getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000001c0), &(0x7f0000000200)=0x4) socketpair(0xb, 0x800, 0x8, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f00000002c0)={&(0x7f0000000280)=[0x5], 0x1, 0x6, 0x4, 0x100000000, 0x1, 0x3, {0xdd, 0xf17, 0x6, 0x200, 0xe261, 0xff, 0xff, 0x2, 0x2, 0xbe, 0x0, 0x1000, 0x8, 0x3f, "c23cb7c5d3ee3fc5c7c7ae6af95b60841b1bcecbf56d55c2adcfdfe9e164e1ce"}}) [ 238.017015] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:54:45 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) unshare(0x24020400) ioctl(r0, 0x8912, &(0x7f00000001c0)="153f6234488dd25d766070") perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000000c0), &(0x7f0000000100)=0x4) [ 239.171146] bond0: Enslaving bond_slave_0 as an active interface with an up link 00:54:45 executing program 0: r0 = accept$alg(0xffffffffffffff9c, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x28041, 0x0) splice(r0, &(0x7f0000000000)=0x2d, r1, &(0x7f0000000080), 0x4, 0x7) r2 = add_key(&(0x7f0000000240)='encrypted\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="27fe87938b26f932b0ca2c1932024a9f6b72252b540e560e5d630f3d5a6840167ea1948413c19416fec4f553a5a0860ffc0c57e5b85f78e41a9db44aa877668a235f5b5d6cf6eec84a097a2b7ab3d296d732ab2afda3c3b781b2217fc11f84da54f7edd1ca9937c9ade13869f0acb7c18b677fedbcd9bda34401d70f7ca79a66a8b7999d", 0x84, 0x0) keyctl$describe(0x6, r2, &(0x7f0000000380)=""/234, 0xea) r3 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)="1c363ec6e28749f73994862319161e14fe69a14457b43421735ffea164be60c5fcf3478dc697f383bd6ae29fd9721c78e559765b5bb876f1cb985b4566265f27cfedb4aafaf25257028ad81b2c04adcd0d", 0x51, 0x0) keyctl$update(0x2, r3, &(0x7f0000000200)="91bfc9442533e771c0606e8ecf6969c3b02ea94fe88d67c900b478864e05a140aa1f", 0x22) unshare(0x20400) r4 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) r5 = dup(r4) ioctl$TIOCSBRK(r5, 0x40044591) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, 0xffffffffffffffff) [ 239.666256] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 239.927131] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 239.934324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 240.264717] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 240.271981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 241.159404] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 241.167723] team0: Port device team_slave_0 added [ 241.345639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.451883] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 241.459987] team0: Port device team_slave_1 added [ 241.735784] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 241.743103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 241.751891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.078002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 242.085187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.094000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.351146] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.407154] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 242.414866] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 242.424052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 242.720148] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 242.728024] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 242.737290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 243.409652] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.416099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.423915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.621783] 8021q: adding VLAN 0 to HW filter on device team0 00:54:50 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0xfffffffffffffffa) [ 245.883202] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.889679] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.896733] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.903265] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.911954] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 245.918522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 248.091255] 8021q: adding VLAN 0 to HW filter on device bond0 [ 249.058007] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 249.866815] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 249.873372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 249.881233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:54:56 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x84000000000000b) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0xffffffffffffff7f) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write(r2, &(0x7f00000000c0)='D', 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000900)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000240)={'syz1'}, 0x34000) write$binfmt_misc(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0xffcf) sendmmsg$alg(r2, &(0x7f0000005d40)=[{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="ca", 0x1}], 0x1}], 0x1, 0x0) r3 = accept4(r1, 0x0, &(0x7f0000000080), 0x0) shutdown(r3, 0x1) [ 250.542064] sctp: failed to load transform for md5: -2 [ 250.718532] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.894855] 8021q: adding VLAN 0 to HW filter on device bond0 00:55:00 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getpriority(0x3, 0x0) [ 254.440682] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 254.777399] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 254.783731] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 254.791470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 255.088102] 8021q: adding VLAN 0 to HW filter on device team0 00:55:03 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) set_mempolicy(0x0, &(0x7f0000000280), 0x0) 00:55:03 executing program 5: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x100000001, 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x80, &(0x7f0000000040)=""/92, &(0x7f00000000c0)=0x5c) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, 0x4) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000100)={0x2, 0x0, 0x10001}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000140)={{{@in, @in6=@ipv4={[], [], @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, &(0x7f0000000240)=0xe8) ioprio_get$uid(0x0, r1) sendmsg$nl_netfilter(r0, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)={0x108, 0x5, 0xa, 0x20, 0x70bd25, 0x25dfdbff, {0xc, 0x0, 0x6}, [@nested={0xf4, 0x88, [@generic="0ea37e30264ca600ccea6f379afefb0e660ad94e498f9f1a46e427cd1474a1ea6cfd76ffbab41953fdeb28dfba8db8d064e14816ab64f41a5f5e48abbea5dee86298fe3ec0fed28cabe088930a4dac330c512bdbffcd8090f2292f90705e77ca06a6509aea4440af44de63d7ff4947b3ccf6b3d9da7726b115d892d0e016fb7cdc6fa623e45099bc1b5bfd7af5b8dee7307b63457d0d8a7e6c77f0a393c38aa93af36da80e294fd55df4ea8bca096f6c66087bf05938fd88f3648fa8338658ce9367fc0d0760403e7af6d68437e684d39c3521f1f806b5356ca5fc894371d24e4a60af5cefa3cb26", @typed={0x8, 0x95, @u32=0x4}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000006c0)={0x3, 0x1, &(0x7f0000000480)=""/57, &(0x7f00000004c0)=""/234, &(0x7f00000005c0)=""/230, 0x1000}) sync_file_range(r0, 0x800, 0x1, 0x2) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000700)={0x101, 0x9, 0x22}) r2 = getegid() write$FUSE_CREATE_OPEN(r0, &(0x7f0000000740)={0xa0, 0x0, 0x1, {{0x0, 0xffff, 0x9, 0x7, 0x32, 0x1, {0x1, 0x5, 0x8, 0x0, 0x7f, 0x100000000, 0x5, 0x6, 0x9, 0x4, 0x346, r1, r2, 0x5, 0x3}}, {0x0, 0x1}}}, 0xa0) inotify_add_watch(r0, &(0x7f0000000800)='./file0\x00', 0x20) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000840)={0x2, 0x4000}) ioctl$TIOCCBRK(r0, 0x5428) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000880)={0xa0, 0x0, 0x4, {{0x0, 0x3, 0x80000001, 0x17, 0x8001, 0x8, {0x5, 0xff, 0x180000000, 0x2, 0x5, 0x9, 0x80000001, 0xf2, 0x8, 0xea5, 0x4, r1, r2, 0x3}}, {0x0, 0x6}}}, 0xa0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000940)="72f2df584ed4c5c8b7e34347effb0251", 0x10) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000980)) utime(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)={0x4, 0x4}) write$P9_RWSTAT(r0, &(0x7f0000000a40)={0x7, 0x7f, 0x1}, 0x7) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/sequencer2\x00', 0x0, 0x0) r4 = accept4$unix(r0, 0x0, &(0x7f0000000ac0), 0x80000) fcntl$notify(r3, 0x402, 0x80000000) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000b40)={0x0, r0, 0x0, 0xb, &(0x7f0000000b00)='/dev/adsp#\x00', 0xffffffffffffffff}, 0x30) sched_rr_get_interval(r5, &(0x7f0000000b80)) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000bc0)=0x20, 0x4) getsockopt$inet6_tcp_buf(r3, 0x6, 0x1f, &(0x7f0000000c00)=""/203, &(0x7f0000000d00)=0xcb) fcntl$F_GET_FILE_RW_HINT(r4, 0x40d, &(0x7f0000000d40)) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000d80)={0x8, 0x1, 0x0, 0x90, 0x8001, 0x7, 0x3f, 0x101, 0x5, 0x4, 0x5}, 0xb) recvmsg(r0, &(0x7f0000001f00)={&(0x7f0000000dc0)=@nl=@unspec, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000e40)=""/96, 0x60}], 0x1, &(0x7f0000000f00)=""/4096, 0x1000, 0x3}, 0x1) 00:55:03 executing program 0: mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000008) 00:55:03 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f0000000340), &(0x7f0000000380)=0x4) ioctl(0xffffffffffffffff, 0x0, &(0x7f00000005c0)) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000001840)) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000040)={0x20000010}) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000080)={0x0, {0x2, 0x4e24, @rand_addr}, {0x2, 0x0, @local}, {0x2, 0x4e24, @broadcast}, 0x0, 0x7ff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x4000000000014, &(0x7f0000000180)=0x80000000002, 0x93) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000200)={0x0, 0x0, 0x5}, 0x14) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x80, 0x4) sendto$inet(r1, &(0x7f0000000100), 0x4e8, 0x0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000001700)=0x6000, 0x4) 00:55:03 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) migrate_pages(0x0, 0x0, &(0x7f0000000280), &(0x7f00000002c0)) 00:55:03 executing program 3: r0 = epoll_create1(0x0) fcntl$lock(r0, 0x24, &(0x7f0000000140)) 00:55:03 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) dup2(r0, r1) 00:55:03 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getpriority(0x0, 0x0) 00:55:03 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) symlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00') open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) 00:55:03 executing program 4: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000022ff0)={0x2, 0x4e20, @loopback}, 0x10) sendmsg(r0, &(0x7f0000000080)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f000000a000)='\f', 0x1}], 0x1}, 0x0) 00:55:03 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)="2f70726f632f7379732f0000000e000000000000072f6578706972655f6e6f646573745f636f6e6e00", 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) chdir(&(0x7f0000000000)='./file0\x00') 00:55:03 executing program 3: 00:55:04 executing program 0: [ 258.452759] IPVS: ftp: loaded support on port[0] = 21 [ 259.962483] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.969300] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.977480] device bridge_slave_0 entered promiscuous mode [ 260.056193] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.062796] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.070330] device bridge_slave_1 entered promiscuous mode [ 260.148255] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 260.226373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 260.462449] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 260.544707] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 260.696906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 260.704451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 260.944552] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 260.952857] team0: Port device team_slave_0 added [ 261.035909] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 261.043714] team0: Port device team_slave_1 added [ 261.122001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 261.202387] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 261.282740] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 261.290184] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 261.299431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 261.372421] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 261.379837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 261.389117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 262.267268] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.273919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.280670] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.287219] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.295239] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 262.641941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 265.493925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.791736] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 266.087565] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 266.094092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 266.102555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 266.393573] 8021q: adding VLAN 0 to HW filter on device team0 00:55:14 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x84000000000000b) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0xffffffffffffff7f) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write(0xffffffffffffffff, &(0x7f00000000c0), 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000900)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000240)={'syz1'}, 0x34000) write$binfmt_misc(r2, &(0x7f0000000040)=ANY=[@ANYRES64], 0xfdd5) sendmmsg$alg(r2, &(0x7f0000005d40)=[{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="ca", 0x1}], 0x1}], 0x1, 0x0) shutdown(0xffffffffffffffff, 0x0) 00:55:14 executing program 2: 00:55:14 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)="2f70726f632f7379732f0000000e000000000000072f6578706972655f6e6f646573745f636f6e6e00", 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) chdir(&(0x7f0000000000)='./file0\x00') 00:55:14 executing program 0: 00:55:14 executing program 3: 00:55:14 executing program 4: 00:55:14 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0xa) 00:55:14 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)="2f70726f632f7379732f0000000e000000000000072f6578706972655f6e6f646573745f636f6e6e00", 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) chdir(&(0x7f0000000000)='./file0\x00') [ 268.592612] sctp: failed to load transform for md5: -2 00:55:14 executing program 0: r0 = creat(&(0x7f0000000200)='./file1\x00', 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sync_file_range(r0, 0x0, 0x0, 0x4) 00:55:14 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_create(0x6, &(0x7f0000001100), &(0x7f0000000240)) 00:55:14 executing program 2: perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) restart_syscall() 00:55:15 executing program 5: perf_event_open(&(0x7f0000c86f88)={0x0, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getpeername(r0, &(0x7f0000000140)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}}, &(0x7f0000000000)=0x80) 00:55:15 executing program 2: 00:55:15 executing program 0: 00:55:15 executing program 3: 00:55:15 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="700000002100010600000000000000000a00000000000000000000000500000014000200fe8000000000000000000000000000bb1400110065727370616e3000000000000000200014f803006772657461703000000000000000000014000100ff01000000000000000000000000699eedb1ea085650f5970162ce731ae77a1a22596e59d08eec80b800d10b096d35e5df6b5b1c95f10af4a463cca2a6ee01234f8c1717168b16c7d2d03f4c12cb6e8ea133a8a3873fdadac043c1f06f0c5f087aab319d135b64fb3cd165cd3efbc0ec62055eaf5ff02d3730f28e835547c1d38e45c157eee31730bc19462f6b08918a9dbdf68ab9c5280d92096f19cb58cfbf3dae9ccdbb169552b171dfb26859caa514a57d823f33fc5b7e0936c26727ccce5ad784ce33f30d18206bd9d139b42c2efe6d46fa909a455f5a7bff6ed8794f680be4eba22208c15f71f37c89c3f8e2e8a6928eab013cb41f2e59688c0093671c913bd43f12606fc708d1b3c724859af956d98c82e401dd26e996dc7df3eacc5a13c6c5df4956c1b314289e51dbf035d0422cde2aef0accc33cdab010c12a77e51329f87206135b"], 0x1}}, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000000)={'gretap0\x00', {0x2, 0x4e20, @local}}) 00:55:15 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)="2f70726f632f7379732f0000000e000000000000072f6578706972655f6e6f646573745f636f6e6e00", 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) chdir(&(0x7f0000000000)='./file0\x00') 00:55:15 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000300000000000019078ac1414bbac1414000504907807000000450000000000000000010000ac1414aaac141400"], &(0x7f0000000140)) 00:55:15 executing program 2: syz_emit_ethernet(0x3e, &(0x7f00000003c0)={@empty=[0x2b], @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, '\v+]', 0x8, 0x0, 0x0, @empty, @mcast1, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000040)={0x1}) 00:55:15 executing program 3: 00:55:15 executing program 0: 00:55:16 executing program 4: 00:55:16 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)="2f70726f632f7379732f0000000e000000000000072f6578706972655f6e6f646573745f636f6e6e00", 0x2, 0x0) chdir(&(0x7f0000000000)='./file0\x00') 00:55:16 executing program 2: 00:55:16 executing program 3: 00:55:16 executing program 0: 00:55:16 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x100000000000088) open(&(0x7f0000000040)='./file0\x00', 0x800, 0x0) sendto$inet6(r0, &(0x7f0000000100), 0x0, 0x4048081, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @local}, 0x1c) sendto$inet6(r0, &(0x7f0000000100), 0xffdc, 0x0, &(0x7f0000000000), 0x1c) 00:55:16 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={"6c6f0040000000000000e500", 0x101}) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000080)={@multicast2, @remote}, 0xc) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000240)={@multicast2, @remote, @remote}, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'lo\x00\x00\x00\x00\x00\x00\x00Jk\x00'}) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000140)={@multicast2, @loopback}, 0x10) 00:55:16 executing program 3: 00:55:16 executing program 2: [ 270.634426] device lo entered promiscuous mode [ 270.644634] device lo left promiscuous mode 00:55:16 executing program 1: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) chdir(&(0x7f0000000000)='./file0\x00') 00:55:16 executing program 0: 00:55:16 executing program 5: 00:55:16 executing program 3: 00:55:17 executing program 2: 00:55:17 executing program 0: 00:55:17 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)="2f70726f632f7379732f0000000e000000000000072f6578706972655f6e6f646573745f636f6e6e00", 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) chdir(&(0x7f0000000000)='./file0\x00') 00:55:17 executing program 3: 00:55:17 executing program 2: [ 271.791996] device lo entered promiscuous mode [ 271.803405] device lo left promiscuous mode 00:55:17 executing program 4: 00:55:17 executing program 5: 00:55:17 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000040)=[{}], 0x1) 00:55:17 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) renameat(0xffffffffffffffff, &(0x7f00000006c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000740)='./file0\x00') 00:55:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f00000001c0)) ioctl$KDGETMODE(0xffffffffffffffff, 0x4b3b, &(0x7f00000003c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000180)="8be3000000010000", 0x8) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendto(r4, &(0x7f0000000100), 0xfffffffffffffe86, 0x0, &(0x7f0000000280)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x200000, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f00000002c0)=0x8000000000000000, 0x4) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={@empty, @empty, @rand_addr}, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000200)=@broute={"62726f75746500000000000000000000000000000400", 0x20, 0x2, 0x970, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20001100], 0x0, &(0x7f0000000000), &(0x7f0000001100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000001100000000000000000076657468315f746f5f626f6e6400000069705f76746930000000000000000000726f736530000000000000000000000076657468315f746f5f7465616d000000aaaaaaaaaabb0000000000000000000000000000000000000000080900000809000040090000616d6f6e6700000000000000000000000000000000000000000000000000000038080000000000000c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001522000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba34b8cc73dec0fa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000ac1414000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffed0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000ac1414bb000000006d616300000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000006d61726b00000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000"]}, 0x9e8) ioctl$KVM_RUN(r2, 0xae80, 0x0) r6 = syz_open_dev$audion(&(0x7f0000000300)='/dev/audio#\x00', 0x0, 0x400) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @loopback}}, 0x400000, 0x5, 0x10000, 0xe7, 0x5}, &(0x7f0000000380)=0x98) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f00000004c0)={r7, 0x9, 0x30}, &(0x7f0000000500)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@multicast1, @in=@local}}, {{@in6=@remote}, 0x0, @in6=@ipv4}}, &(0x7f00000002c0)=0xe8) 00:55:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x0, 0x0) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) r3 = dup2(r0, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000100)=[{0x0, 0x8}, {0xb, 0x401}, {0x0, 0x9}, {0x7}, {}], 0x5) accept4$packet(r1, &(0x7f0000000300), &(0x7f0000000340)=0x14, 0x0) [ 272.029873] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 00:55:18 executing program 4: [ 272.155269] ================================================================== [ 272.162710] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 272.170360] CPU: 0 PID: 8063 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #65 [ 272.177565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 272.186935] Call Trace: [ 272.189569] dump_stack+0x306/0x460 [ 272.193237] ? vmx_set_constant_host_state+0x1778/0x1830 [ 272.198745] kmsan_report+0x1a2/0x2e0 [ 272.202603] __msan_warning+0x7c/0xe0 [ 272.206457] vmx_set_constant_host_state+0x1778/0x1830 [ 272.211788] vmx_create_vcpu+0x3e6f/0x7870 [ 272.216059] ? kmsan_set_origin_inline+0x6b/0x120 [ 272.220940] ? __msan_poison_alloca+0x17a/0x210 [ 272.225657] ? vmx_vm_init+0x340/0x340 [ 272.229583] kvm_arch_vcpu_create+0x25d/0x2f0 [ 272.234116] kvm_vm_ioctl+0x13fd/0x33d0 [ 272.238138] ? __msan_poison_alloca+0x17a/0x210 [ 272.242860] ? do_vfs_ioctl+0x18a/0x2810 [ 272.246958] ? __se_sys_ioctl+0x1da/0x270 00:55:18 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x84000000000000b) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0xffffffffffffff7f) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000900)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000240)={'syz1'}, 0x34000) sendmmsg$alg(r2, &(0x7f0000005d40)=[{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="ca", 0x1}], 0x1}], 0x1, 0x0) [ 272.251141] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 272.256015] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 272.260893] do_vfs_ioctl+0xcf3/0x2810 [ 272.264851] ? security_file_ioctl+0x92/0x200 [ 272.269397] __se_sys_ioctl+0x1da/0x270 [ 272.273418] __x64_sys_ioctl+0x4a/0x70 [ 272.277347] do_syscall_64+0xbe/0x100 [ 272.281192] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 272.286414] RIP: 0033:0x457579 [ 272.289638] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 272.308565] RSP: 002b:00007fceaa087c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.316310] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 272.323616] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 272.330907] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 272.338197] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fceaa0886d4 [ 272.345487] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 272.352806] [ 272.354462] Local variable description: ----dt@vmx_set_constant_host_state [ 272.361491] Variable was created at: [ 272.365240] vmx_set_constant_host_state+0x2b0/0x1830 [ 272.370460] vmx_create_vcpu+0x3e6f/0x7870 [ 272.374719] ================================================================== [ 272.382133] Disabling lock debugging due to kernel taint [ 272.387625] Kernel panic - not syncing: panic_on_warn set ... [ 272.387625] [ 272.395033] CPU: 0 PID: 8063 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #65 [ 272.403625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 272.413001] Call Trace: [ 272.415632] dump_stack+0x306/0x460 [ 272.419313] panic+0x54c/0xafa [ 272.422589] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 272.428075] kmsan_report+0x2d3/0x2e0 [ 272.431920] __msan_warning+0x7c/0xe0 [ 272.435765] vmx_set_constant_host_state+0x1778/0x1830 [ 272.441095] vmx_create_vcpu+0x3e6f/0x7870 [ 272.445389] ? kmsan_set_origin_inline+0x6b/0x120 [ 272.450266] ? __msan_poison_alloca+0x17a/0x210 [ 272.454990] ? vmx_vm_init+0x340/0x340 [ 272.458922] kvm_arch_vcpu_create+0x25d/0x2f0 [ 272.463467] kvm_vm_ioctl+0x13fd/0x33d0 [ 272.465879] sctp: failed to load transform for md5: -2 [ 272.467491] ? __msan_poison_alloca+0x17a/0x210 [ 272.467531] ? do_vfs_ioctl+0x18a/0x2810 [ 272.467557] ? __se_sys_ioctl+0x1da/0x270 [ 272.467587] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 272.467631] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 272.496140] do_vfs_ioctl+0xcf3/0x2810 [ 272.500077] ? security_file_ioctl+0x92/0x200 [ 272.504615] __se_sys_ioctl+0x1da/0x270 [ 272.508634] __x64_sys_ioctl+0x4a/0x70 [ 272.512550] do_syscall_64+0xbe/0x100 [ 272.516391] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 272.521604] RIP: 0033:0x457579 [ 272.524827] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 272.543759] RSP: 002b:00007fceaa087c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.551510] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 272.558806] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 272.566101] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 272.573390] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fceaa0886d4 [ 272.580685] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 272.589001] Kernel Offset: disabled [ 272.592644] Rebooting in 86400 seconds..