[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 57.737040] sshd (6135) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 57.904667] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.245863] random: sshd: uninitialized urandom read (32 bytes read) [ 61.637057] random: sshd: uninitialized urandom read (32 bytes read) [ 63.233256] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. [ 68.999091] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/05 23:42:47 fuzzer started [ 73.454719] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/05 23:42:51 dialing manager at 10.128.0.26:36867 2018/10/05 23:42:51 syscalls: 1 2018/10/05 23:42:51 code coverage: enabled 2018/10/05 23:42:51 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/05 23:42:51 setuid sandbox: enabled 2018/10/05 23:42:51 namespace sandbox: enabled 2018/10/05 23:42:51 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/05 23:42:51 fault injection: enabled 2018/10/05 23:42:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/05 23:42:51 net packed injection: enabled 2018/10/05 23:42:51 net device setup: enabled [ 79.305891] random: crng init done 23:44:55 executing program 0: write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000580)=""/75, 0x4b, 0xfe42, 0x7, 0x0, 0x0, 0x8}, 0x11c) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000240), &(0x7f0000000280)=0x8) perf_event_open(&(0x7f0000000000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480)}, 0x100000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr(0xffffffffffffffff, &(0x7f0000000100)=@known='security.capability\x00', &(0x7f0000000040)='^#-*\x00', 0x0, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000740)=ANY=[@ANYBLOB="2664840dd03fd27901c8ccc5230b59168220a62808bd9f18d6e54d5812114683"], &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) [ 200.220617] IPVS: ftp: loaded support on port[0] = 21 [ 202.539202] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.545814] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.554455] device bridge_slave_0 entered promiscuous mode [ 202.694427] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.700905] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.709395] device bridge_slave_1 entered promiscuous mode [ 202.845018] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 202.982736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.401522] bond0: Enslaving bond_slave_0 as an active interface with an up link 23:44:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f00000000c0)=0x8, 0x4) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20}, 0x1c) sendto$inet6(r1, &(0x7f0000000040), 0x0, 0x20040005, &(0x7f0000f62fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 203.607285] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 204.070096] IPVS: ftp: loaded support on port[0] = 21 [ 204.184477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 204.191520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.923729] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 204.932023] team0: Port device team_slave_0 added [ 205.115025] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 205.123182] team0: Port device team_slave_1 added [ 205.294464] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 205.301524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.310700] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.512574] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 205.519720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.528670] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.697982] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 205.705944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.715168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.858410] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 205.866055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.875133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.916776] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.923410] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.931945] device bridge_slave_0 entered promiscuous mode [ 208.164131] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.170657] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.179281] device bridge_slave_1 entered promiscuous mode [ 208.393219] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.399711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.406759] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.413278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.422268] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 208.434710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 208.683855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 23:45:04 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34000}, 0x16e, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, 0x32, 0x829, 0x0, 0x0, {0x3}, [@nested={0x18, 0x0, [@typed={0x14, 0x1, @ipv6=@loopback={0x8000000000}}]}]}, 0x2c}}, 0x0) [ 208.972586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.580378] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.638041] IPVS: ftp: loaded support on port[0] = 21 [ 209.824155] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.067809] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.074989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.327084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.334242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.284565] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.292998] team0: Port device team_slave_0 added [ 211.550025] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.558177] team0: Port device team_slave_1 added [ 211.784277] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.791335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.800374] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.089387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.096583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.105679] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.397916] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.405605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.414753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.692287] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.699858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.708956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.467887] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.474694] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.483169] device bridge_slave_0 entered promiscuous mode [ 214.746735] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.753390] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.762216] device bridge_slave_1 entered promiscuous mode [ 215.044769] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 215.296480] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 215.830760] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.837360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.844356] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.850803] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.859888] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 216.074134] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.145912] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 216.292959] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.607370] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 216.614650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 23:45:12 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) unshare(0x4000028020000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup(r0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ioctl$EVIOCSABS0(r4, 0x401845c0, &(0x7f0000000080)={0x1, 0x1001, 0x4, 0x94cd, 0x1, 0x7}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={r3, 0x28, &(0x7f0000000400)={0x0, 0x0}}, 0x10) prctl$getreaper(0x0, &(0x7f0000000340)) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000005c0)={r5, 0x200056, 0x110}, 0xebc6604d02dbcd0b) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x0, 0x4, 0x2, &(0x7f0000000140)={0xffffffffffffffff}) mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000006) ioctl$BLKIOMIN(r4, 0x1278, &(0x7f0000000100)) accept4$inet(r2, &(0x7f00000003c0)={0x2, 0x0, @dev}, &(0x7f00000004c0)=0x10, 0x800) ioctl$RTC_ALM_READ(r4, 0x80247008, &(0x7f0000000040)) io_cancel(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x6, r1, &(0x7f0000000240)="f83229ff64109ef5a85be4a97daa7542e445c7b3c618ec7683d060808b5cbc9d6ddc86aa92bd61f1a23b4bcfeff264b394f18c07ea32cd1ecd546c3ca3ef66ce0af7c62d90c4c7005ace7fa6dd7afe6b34464ba15a449f4ade2657fde8881f81dc9a4958ace7f03d52aa8df7538a24d60d8c5def3939c87befdaa1318d42bbd744bd8329f1fddf0c17ac7879c76e773aa501e31b62e47ccb20e862155cf599750a1173ffc9834891cd959b481cea05af93716cd3f6d87256213716d46f13054a2f3678cf4b4fa050f84bb0c4", 0xcc, 0xfffffffffffffffa, 0x0, 0x2, r4}, &(0x7f00000001c0)) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000380)='/dev/loop-control\x00', 0x600000, 0x0) clone(0x70024100, &(0x7f0000000500), &(0x7f0000000200), &(0x7f0000000000), &(0x7f0000000140)) ioctl$PERF_EVENT_IOC_QUERY_BPF(r3, 0xc008240a, &(0x7f00000005c0)=ANY=[]) socketpair$unix(0x1, 0x4000000000005, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fchdir(r6) r9 = fcntl$dupfd(r7, 0x0, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x6) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffd000/0x2000)=nil, 0x2000}, &(0x7f0000000080)=0x10) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) ioctl$BLKGETSIZE64(r9, 0x80081272, &(0x7f0000000480)) sendto$inet(r0, &(0x7f0000000280), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10) r10 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp\x00') sendfile(r0, r10, &(0x7f0000000280), 0x80000003) [ 216.899862] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 216.907172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.001818] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.009114] IPVS: ftp: loaded support on port[0] = 21 [ 218.009860] team0: Port device team_slave_0 added [ 218.401548] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.409735] team0: Port device team_slave_1 added [ 218.713440] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.720503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.729400] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.032614] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.039654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.048587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.373342] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.380886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.389983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.719126] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.726983] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.736006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.827587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.141878] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 223.493488] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 223.499852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.507947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.833376] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.839857] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.848395] device bridge_slave_0 entered promiscuous mode [ 223.890180] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.896706] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.903702] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.910149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.918808] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 224.142156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.244320] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.251000] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.259837] device bridge_slave_1 entered promiscuous mode [ 224.589326] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 224.859475] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.914687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 225.993740] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 226.357959] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 226.659169] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 226.666331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 23:45:22 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000a40)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000400)={&(0x7f0000000040), 0xc, &(0x7f00000003c0)={&(0x7f0000000000)={0x14, r1, 0x325}, 0xfe4d}}, 0x0) [ 227.043594] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 227.050648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 228.186089] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 228.194236] team0: Port device team_slave_0 added [ 228.369245] IPVS: ftp: loaded support on port[0] = 21 [ 228.560950] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 228.569285] team0: Port device team_slave_1 added [ 228.966448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 228.973680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 228.982694] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.384045] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 229.391090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.400025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.746140] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 229.755682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.764673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.254709] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 230.262360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.271381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.258270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.893898] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 23:45:30 executing program 0: write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000580)=""/75, 0x4b, 0xfe42, 0x7, 0x0, 0x0, 0x8}, 0x11c) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000240), &(0x7f0000000280)=0x8) perf_event_open(&(0x7f0000000000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480)}, 0x100000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr(0xffffffffffffffff, &(0x7f0000000100)=@known='security.capability\x00', &(0x7f0000000040)='^#-*\x00', 0x0, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f0000000740)=ANY=[@ANYBLOB="2664840dd03fd27901c8ccc5230b59168220a62808bd9f18d6e54d5812114683"], &(0x7f00000000c0)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) [ 234.550008] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 234.556536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 234.564548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 23:45:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4}) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000002c0)={0x4}) [ 234.913707] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.920215] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.927247] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.933769] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.942171] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 235.073421] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 235.392490] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.398986] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.407546] device bridge_slave_0 entered promiscuous mode 23:45:31 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") process_vm_writev(0x0, &(0x7f0000002800), 0x0, &(0x7f0000000780)=[{&(0x7f00000028c0)=""/224, 0xe0}], 0x1, 0x0) r1 = socket(0x10, 0x803, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000f80)=[{{&(0x7f0000000940)=@xdp, 0x3e, &(0x7f0000002140)=[{&(0x7f0000000d00)=""/140, 0x8c}, {&(0x7f0000000dc0)=""/209, 0x7e}, {&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f00000009c0)=""/111, 0x6f}, {&(0x7f0000002380)=""/43, 0x2b}, {&(0x7f0000000ec0)=""/117, 0xffffffffffffff56}, {&(0x7f0000002040)=""/240, 0xf0}, {&(0x7f0000000f40)=""/53, 0x35}], 0x8, &(0x7f00000021c0)=""/151, 0x97}}], 0x1, 0x0, &(0x7f0000002280)={0x0, 0x989680}) sendto(r1, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000140)=@hci, 0x80, &(0x7f0000002700), 0x0, &(0x7f00000024c0)=""/129, 0x81}, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f00000000c0)=""/85, 0xb}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x6c}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x636d341b0dfccc0b}, {&(0x7f0000000540)=""/154, 0x7ee}, {&(0x7f0000000340)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) [ 235.541794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 235.860047] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.866694] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.875209] device bridge_slave_1 entered promiscuous mode 23:45:32 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030117cdb96ade3d32fcf7f18853030303030703034303030302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_OPEN(r0, &(0x7f0000000280)={0x50, 0x0, 0x5}, 0x20) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) [ 236.254335] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 236.353116] 8021q: adding VLAN 0 to HW filter on device team0 23:45:32 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005740)=[{{&(0x7f0000000100)=@sco, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000001300)=""/4096, 0x1000}}], 0x1, 0x0, &(0x7f0000005900)) [ 236.692075] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 23:45:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000000180)=ANY=[@ANYBLOB="b700000005ed0050bfa3a35e5b3ee7000028fefff4614d5ef5eee4df47e5ff7a0af0fff8ffffff71a4f0ff000000009c060000000000012d400500000000005504000001e300001d040000000000006f460000000000006b0e00fe000000008500000007000000b7000000000000009500000000000000d82e5a36fedbc7197495d9000000"], &(0x7f0000000100)='EPL\x00'}, 0x48) r0 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x5, 0x0) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f00000015c0)=""/61) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000140)=0x12c8, 0x2) socket$l2tp(0x18, 0x1, 0x1) setsockopt$inet6_dccp_int(r0, 0x21, 0x10, &(0x7f0000000240)=0x5, 0x4) ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000280)=""/163) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f00000000c0)=0x20, 0x8) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000001580)="e634d3a437763a28f3a792f3984656af", 0x10) syncfs(r0) preadv(r0, &(0x7f0000001540)=[{&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/177, 0xb1}, {&(0x7f0000001400)=""/24, 0x18}, {&(0x7f0000001440)=""/253, 0xfd}], 0x4, 0x5b) 23:45:33 executing program 0: r0 = socket$kcm(0xa, 0x7, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x19, &(0x7f0000000380), 0x65e) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000000)=@in={0xa, 0x4e23, @remote}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000840)="c634dc39156b80b82dafe85dfcdab58f5a223f8ae12732952f806d7736afc4ed4d5a61b7b368588315ae294b2afd364b6522fced1c3d353aec4e1888e0745a9a10029bfae9c19d56b725ba16f7707b74cfdd5be58b340497b695018e9a7bbad883a7658706ab5540a05950f9727d41f433bc656d8fd09352c33378fb67d546d21917e58411a3df6072711b191e36c02fa5b136f8e1d63a5da6cefd85f9956a036e4a720c35bffd261b1478c0732995fece63e95b8f8182853be75960ba7b6937565757e25cd872d75984534616503394927e5a1e768cea176d9b1ec68a05f2ba17f12c7a75bfbdfff5ad0323b0c9d233000000000000000000000048b00000000000000000000000000000", 0x10b}, {&(0x7f0000000240)="306d0a46ea0182121004c0ee87c482d920d8c210e16dba9243d38e65bdc12f92c1e897040b833238c2cdd332417b0271e21b98a9ecf3acb7db8f2b0c6be997a0e46222e5ea579df2b5107cfc94c45dcc312baa35a7df867949040ea4ee27d3b83811192983d35c47f560abd766016084c6f6a3df2639ce368440a8a3e855eab088193fe793b703babed457daece0cf94069c68883efbe37ebf4c30a19b8e5ee8cfb45b47d9c5c5f716882c28fa3178bf8e84fc24f57a2d2f6eb3d978d4a7ead572d602bcfe9c842bac563ec1650c62f11ef147b11757434cbafdf36eb774a10818f2ac9e8538b95dfdd577c66506499fbbee27a782e2f96bdf0530b4b43a", 0xfe}, {&(0x7f0000000180)="642a6b4f23c15378c8c3e604d6805d04c736bda9", 0x14}, {&(0x7f0000000400)="84def379f83cd6367b9e937e05291f8c705b8f7462aed63573e8352fe8c06c5f87a662f3377905e086a902cc7d912a23f10383d39f5e81def793c7f4fed71fc1ff0f5d017a7d0106473bd17cac215d1b6de5e8d018ff3b50f4245dee43c6dcf7537af4ea1d9d628c8241d26bb0bec2c947bb6c9c7f62b8a78dade2051b6ff019253f8c848ad53ecb6fbc2cc2ab7e86c5a6", 0x91}, {&(0x7f0000000600)="210806959894a1a9a2ae647b9fc1669b3328309f5aef3cb08c4dfd42dd97ff03760af350f86fc3a0dea1199e807f9872768149972b0a405f3af8cc9de7cb008f68a1353e5fcf1866b47da934d2cdb3d2abf13b4e37718429361c5db44462ad", 0x5f}, {&(0x7f0000000680)="e6d534b4bd7b64c2a00348ab84285494a613afc8faafb810621af345bd38c0ca56ee1b00b0365e659c91a78a7ac5349154886c6cca0c6a45663b5d2aa0f75e3ae7505393dfc2caa3ac3f9cb277acdae45db14c01dab1f681e930c6bffee4c5fd5621df0a4bb3ea67b4a1eefb4ba5924791fc388c29687275ff9ec527ad36661f0e45a71bebbf5e5d769d5973c8d78517039c0aaf92cd5db962a629a23b2148e8a16ff719f2d4a131f7cfc9b596d086f5c13ea7b2bd257cfef659db", 0xbb}], 0x6, &(0x7f0000000140)}, 0x0) recvmsg(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000080)=""/219, 0xdb}, 0x2020) [ 237.880474] bond0: Enslaving bond_slave_0 as an active interface with an up link 23:45:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_crypto(0x10, 0x3, 0x15) r1 = memfd_create(&(0x7f00000001c0)='Yvmnet0wlan1\x00', 0x1) ioctl$DRM_IOCTL_GET_CAP(r1, 0xc010640c, &(0x7f0000000200)={0x1000, 0x4}) sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x10, 0x34000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x14, 0x10, 0x53f, 0x0, 0x0, {0x9}}, 0x14}, 0x1, 0x0, 0x0, 0xffffffffbfffffff}, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, 0xffffffffffffff9c}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x1, 0x40}) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000180)={0x2, r3, 0x1, 0x4}) [ 238.360344] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 238.776816] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 238.784088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.136324] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 239.143709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.184620] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 240.194425] team0: Port device team_slave_0 added [ 240.383438] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.427718] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 240.435943] team0: Port device team_slave_1 added [ 240.710901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 240.718316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.727208] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.991809] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 240.998885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 241.007672] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 241.188544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 241.196226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.205231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.408656] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 241.416550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.425465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 241.642488] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.766569] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 242.773093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.780877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.877237] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 244.009266] 8021q: adding VLAN 0 to HW filter on device team0 23:45:40 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$fuseblk(&(0x7f00000016c0)='/dev/loop0\x00', &(0x7f0000001700)='./file0\x00', &(0x7f0000001740)='fuseblk\x00', 0x0, &(0x7f0000001980)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) [ 244.750195] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.756818] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.763840] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.770283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.778998] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 244.785840] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 247.237974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.931361] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 248.664891] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 248.671456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 248.679420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 249.382359] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.633813] netlink: zone id is out of range [ 249.638438] netlink: get zone limit has 4 unknown bytes 23:45:45 executing program 0: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000340)=ANY=[], &(0x7f0000000a80)='./file0\x00', &(0x7f0000000a40)='ramfs\x00', 0x0, &(0x7f0000000b80)) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x70, &(0x7f0000000140)=[@in6={0xa, 0x4e23, 0x100, @mcast1}, @in6={0xa, 0x4e20, 0x0, @mcast1, 0x8}, @in6={0xa, 0x4e22, 0x1, @loopback, 0x40}, @in6={0xa, 0x4e24, 0x4, @empty, 0x2}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000240)={r1, 0x8}, &(0x7f0000000280)=0x8) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000080)={0x5, &(0x7f0000000300)=[{}, {}, {}, {}, {}]}) chdir(&(0x7f0000000040)='./file0\x00') r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) write$apparmor_current(r2, &(0x7f0000000600)=@profile={'permprofile ', ',:GPL:\x00'}, 0x13) ftruncate(r2, 0x81fd) r3 = open(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x12, r3, 0x0) readv(r3, &(0x7f00000007c0)=[{&(0x7f0000002300)=""/4096, 0x1000}], 0x3b6) mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, &(0x7f00000001c0), 0x1f, 0x3) [ 249.816335] kauditd_printk_skb: 3 callbacks suppressed [ 249.816370] audit: type=1804 audit(1538783145.863:31): pid=7412 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/newroot/9/file0/bus" dev="ramfs" ino=20149 res=1 [ 249.864708] audit: type=1804 audit(1538783145.903:32): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor0" name="/newroot/9/file0/bus" dev="ramfs" ino=20149 res=1 [ 249.884935] audit: type=1804 audit(1538783145.913:33): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor0" name="/newroot/9/file0/file0/bus" dev="ramfs" ino=20150 res=1 [ 252.300812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 252.789802] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 23:45:49 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x2) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x200000000003e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$UI_SET_SWBIT(r0, 0x80085504, 0x70e000) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x5, 0x401, 0xc00000000000, 0x5}) [ 253.262983] usb usb9: usbfs: process 7518 (syz-executor3) did not claim interface 0 before use [ 253.276072] usb usb9: usbfs: process 7520 (syz-executor3) did not claim interface 0 before use [ 253.319491] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 253.326076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 253.334018] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 253.677232] 8021q: adding VLAN 0 to HW filter on device team0 23:45:51 executing program 4: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x1000000000000002, 0x0) getpid() r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) socketpair(0x0, 0x3, 0x2, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000640)={0xfffffffffffffffc, 0x5}) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)="2f67726f3c23fb57e6c60f1f4b45b74d999a9a8c2ce15b26e518a4cb3a9cd12dcea440d899c22c652b3a471b4a7db7f3fef6e02e2be389de133945a385bd81e9bdeeee03000000000000005b540745df4b1dee483b157624c5bc719a099e6a3509000000398c34", 0x2761, 0x0) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f00000002c0)) write$cgroup_pid(r3, &(0x7f0000000080), 0xfffffe38) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000100)='cpuset\x00'}, 0x30) close(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000040)='cpuset\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000700)='cpuset\x00') openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.stat\x00', 0x0, 0x0) socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x1) r4 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VT_RELDISP(r1, 0x5605) ioctl$PERF_EVENT_IOC_QUERY_BPF(r4, 0xc008240a, &(0x7f0000000300)=ANY=[]) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x660c, 0x0) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000680)={0x0, @multicast2, @multicast2}, &(0x7f00000006c0)=0xc) getsockopt$IP6T_SO_GET_REVISION_MATCH(r3, 0x29, 0x44, &(0x7f0000000000)={'IDLETIMER\x00'}, &(0x7f00000005c0)=0x1e) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x3) recvmsg$kcm(r0, &(0x7f0000000540)={&(0x7f0000000280)=@nfc_llcp, 0x80, &(0x7f00000004c0)=[{&(0x7f00000003c0)=""/242, 0xf2}], 0x1, &(0x7f0000000500)=""/30, 0x1e}, 0x0) recvmsg(r0, &(0x7f0000001a00)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000000300)=""/154, 0x9a}, {&(0x7f0000001980)=""/97, 0x61}, {&(0x7f00000000c0)=""/49, 0x31}, {&(0x7f0000000240)=""/51, 0x33}, {&(0x7f0000001ac0)=""/90, 0x5a}, {&(0x7f0000002b40)=""/246, 0xf6}], 0x6, &(0x7f0000001580)=""/3, 0x3, 0x5}, 0x2021) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000580)=0x80, 0x4) recvmsg(r0, &(0x7f0000000200)={&(0x7f0000000040)=@generic, 0x80, &(0x7f0000001a40)=[{&(0x7f0000001600)=""/214, 0xd6}, {&(0x7f0000001700)=""/152, 0x98}, {&(0x7f00000017c0)=""/243, 0xf3}, {&(0x7f00000018c0)=""/178, 0xb2}, {&(0x7f0000000140)=""/40, 0x28}], 0x5}, 0x40) 23:45:51 executing program 5: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)=0x20) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000040)) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000080)=0x1) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000000c0)=0x5) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000100)={0x80000001, 0xc747, 0x1000, 0xffffffffffffffff, 0x0, 0x4, 0x5, 0x1, 0x8000, 0x8, 0x6, 0x9}) ioctl$VT_RELDISP(r0, 0x5605) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffd000/0x2000)=nil, 0x2000}, &(0x7f0000000180)=0x10) ioctl$TIOCPKT(r0, 0x5420, &(0x7f00000001c0)=0x7fc000000) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000200)) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f00000002c0)={0x18, 0x0, {0x1, @random="15b925984b7f", 'dummy0\x00'}}) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000300), &(0x7f0000000340)=0x4) connect$bt_rfcomm(r0, &(0x7f0000000380)={0x1f, {0x8, 0x4, 0xfffffffffffffffa, 0x5696, 0xffffffffffffffae, 0x5}, 0x8}, 0xa) r1 = socket$inet(0x2, 0x80000, 0x6) ioctl$ASHMEM_GET_PROT_MASK(r0, 0x7706, &(0x7f00000003c0)) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)={&(0x7f0000000400)='./file0\x00', 0x0, 0x10}, 0x10) write$P9_RLERROR(r0, &(0x7f0000000480)={0x10, 0x7, 0x2, {0x7, 'dummy0\x00'}}, 0x10) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f00000004c0)={0x0, 0x3, 0x96, 0x3, 0x3}) ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f0000000500)=""/4096) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000001500)={'IDLETIMER\x00'}, &(0x7f0000001540)=0x1e) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000001580)={0x7e, @loopback, 0x4e20, 0x2, 'sh\x00', 0x20, 0x3ff, 0x8}, 0x2c) write$P9_RLCREATE(r0, &(0x7f00000015c0)={0x18, 0xf, 0x2, {{0x90, 0x0, 0x6}, 0xffffffff}}, 0x18) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) bind(r1, &(0x7f0000001600)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x16}}, 0x3, 0x1, 0x3, 0x2}}, 0x80) preadv(r2, &(0x7f0000002c00)=[{&(0x7f0000001680)=""/217, 0xd9}, {&(0x7f0000001780)=""/219, 0xdb}, {&(0x7f0000001880)=""/227, 0xe3}, {&(0x7f0000001980)=""/134, 0x86}, {&(0x7f0000001a40)=""/191, 0xbf}, {&(0x7f0000001b00)=""/199, 0xc7}, {&(0x7f0000001c00)=""/4096, 0x1000}], 0x7, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000002c80)={0x0, 0x17, "941a0dc1a5170fe4ea6d9bb7da380c4d288715735ad3d8"}, &(0x7f0000002cc0)=0x1f) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000002d00)={r3, 0x57}, 0x8) ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f0000002d40)=""/162) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000002e00)={0x228, @tick=0x7ff, 0x7, {0x1f, 0x6c95}, 0x5, 0x1}) linkat(r0, &(0x7f0000002e80)='./file1\x00', r0, &(0x7f0000002ec0)='./file0\x00', 0x400) 23:45:51 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x2, 0x28001) write$evdev(r0, &(0x7f0000000140)=[{}], 0x10) 23:45:51 executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000500)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000020c0), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000b40)=ANY=[], 0x0, 0x0) read$FUSE(r0, &(0x7f00000030c0), 0x33) listxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240), 0x0) 23:45:51 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x34000}, 0x16e, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, 0x32, 0x829, 0x0, 0x0, {0x3, 0xa0010000}, [@nested={0x18, 0x0, [@typed={0x14, 0x1, @ipv6=@loopback={0x8000000000}}]}]}, 0x2c}}, 0x0) 23:45:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x2000, @thr={&(0x7f00000002c0), &(0x7f0000000440)}}, &(0x7f0000000080)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000004f000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000100)="26410f300f01c90f06643e400f01c9420f758e000000002ef3400fb8e566baf80cb8ac8abd80ef66bafc0cedd2fe0f01ca66ba4000ec", 0x36}], 0x1, 0x0, &(0x7f00000001c0), 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000240)="ba4300b00bee0f017edaf02114650f1ea7f07f0f20e06635040000000f22e03e0fc72dbaf80c66b80fb2578d66efbafc0cb001ee0fc75ba2f40f3805800060", 0x3f}], 0x1, 0x0, &(0x7f00000002c0), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 255.659275] netlink: zone id is out of range [ 255.664163] netlink: get zone limit has 4 unknown bytes [ 255.713387] netlink: zone id is out of range [ 255.718163] netlink: get zone limit has 4 unknown bytes [ 255.723816] ================================================================== [ 255.731229] BUG: KMSAN: uninit-value in vmx_vcpu_load+0x10d5/0x1cf0 [ 255.737665] CPU: 0 PID: 7595 Comm: syz-executor2 Not tainted 4.19.0-rc4+ #63 [ 255.744866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.754254] Call Trace: [ 255.756871] dump_stack+0x306/0x460 [ 255.760544] ? _raw_spin_lock_irqsave+0x227/0x340 [ 255.765413] ? vmx_vcpu_load+0x10d5/0x1cf0 [ 255.769745] kmsan_report+0x1a3/0x2d0 [ 255.773601] __msan_warning+0x7c/0xe0 [ 255.777440] vmx_vcpu_load+0x10d5/0x1cf0 [ 255.781597] vmx_create_vcpu+0x1e91/0x7920 [ 255.785896] ? kmsan_set_origin_inline+0x6b/0x120 [ 255.790792] ? __msan_poison_alloca+0x17a/0x210 [ 255.795508] ? vmx_vm_init+0x340/0x340 [ 255.799442] kvm_arch_vcpu_create+0x25d/0x2f0 [ 255.803992] kvm_vm_ioctl+0x13fd/0x33d0 [ 255.808016] ? __msan_poison_alloca+0x17a/0x210 [ 255.812729] ? do_vfs_ioctl+0x18a/0x2810 [ 255.816839] ? __se_sys_ioctl+0x1da/0x270 [ 255.821023] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 255.825899] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 255.830797] do_vfs_ioctl+0xcf3/0x2810 [ 255.834733] ? security_file_ioctl+0x92/0x200 [ 255.839293] __se_sys_ioctl+0x1da/0x270 [ 255.843347] __x64_sys_ioctl+0x4a/0x70 [ 255.847269] do_syscall_64+0xbe/0x100 [ 255.851107] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 255.856320] RIP: 0033:0x457579 [ 255.859549] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 255.878483] RSP: 002b:00007f593aa78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 255.886247] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 255.893541] RDX: 0000000000000001 RSI: 000000000000ae41 RDI: 0000000000000004 [ 255.900830] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 255.908117] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f593aa796d4 [ 255.915409] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 255.922717] [ 255.924356] Local variable description: ----error.i@vmx_vcpu_load [ 255.930595] Variable was created at: [ 255.934341] vmx_vcpu_load+0x1a0/0x1cf0 [ 255.938340] vmx_create_vcpu+0x1e91/0x7920 [ 255.942586] ================================================================== [ 255.949970] Disabling lock debugging due to kernel taint [ 255.955444] Kernel panic - not syncing: panic_on_warn set ... [ 255.955444] [ 255.962849] CPU: 0 PID: 7595 Comm: syz-executor2 Tainted: G B 4.19.0-rc4+ #63 [ 255.971442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.980815] Call Trace: [ 255.983447] dump_stack+0x306/0x460 [ 255.987136] panic+0x54c/0xafa [ 255.990410] kmsan_report+0x2cd/0x2d0 [ 255.994253] __msan_warning+0x7c/0xe0 [ 255.998103] vmx_vcpu_load+0x10d5/0x1cf0 [ 256.002234] vmx_create_vcpu+0x1e91/0x7920 [ 256.006539] ? kmsan_set_origin_inline+0x6b/0x120 [ 256.011424] ? __msan_poison_alloca+0x17a/0x210 [ 256.016148] ? vmx_vm_init+0x340/0x340 [ 256.020152] kvm_arch_vcpu_create+0x25d/0x2f0 [ 256.024702] kvm_vm_ioctl+0x13fd/0x33d0 [ 256.028722] ? __msan_poison_alloca+0x17a/0x210 [ 256.033431] ? do_vfs_ioctl+0x18a/0x2810 [ 256.037528] ? __se_sys_ioctl+0x1da/0x270 [ 256.041732] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 256.046610] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 256.051494] do_vfs_ioctl+0xcf3/0x2810 [ 256.055440] ? security_file_ioctl+0x92/0x200 [ 256.059990] __se_sys_ioctl+0x1da/0x270 [ 256.064024] __x64_sys_ioctl+0x4a/0x70 [ 256.067963] do_syscall_64+0xbe/0x100 [ 256.071817] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 256.077029] RIP: 0033:0x457579 [ 256.080246] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 256.099174] RSP: 002b:00007f593aa78c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.106947] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 256.114230] RDX: 0000000000000001 RSI: 000000000000ae41 RDI: 0000000000000004 [ 256.121516] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 256.128803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f593aa796d4 [ 256.136091] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 256.144536] Kernel Offset: disabled [ 256.148178] Rebooting in 86400 seconds..