Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. 2019/06/09 06:52:59 fuzzer started 2019/06/09 06:53:02 dialing manager at 10.128.0.26:46803 2019/06/09 06:53:02 syscalls: 2465 2019/06/09 06:53:02 code coverage: enabled 2019/06/09 06:53:02 comparison tracing: enabled 2019/06/09 06:53:02 extra coverage: extra coverage is not supported by the kernel 2019/06/09 06:53:02 setuid sandbox: enabled 2019/06/09 06:53:02 namespace sandbox: enabled 2019/06/09 06:53:02 Android sandbox: /sys/fs/selinux/policy does not exist 2019/06/09 06:53:02 fault injection: enabled 2019/06/09 06:53:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/06/09 06:53:02 net packet injection: enabled 2019/06/09 06:53:02 net device setup: enabled 06:55:14 executing program 0: syzkaller login: [ 207.489006][ T8391] IPVS: ftp: loaded support on port[0] = 21 06:55:14 executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = open$dir(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, 0x0) [ 207.592963][ T8391] chnl_net:caif_netlink_parms(): no params data found [ 207.656826][ T8391] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.666307][ T8391] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.674951][ T8391] device bridge_slave_0 entered promiscuous mode [ 207.684133][ T8391] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.691269][ T8391] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.701367][ T8391] device bridge_slave_1 entered promiscuous mode [ 207.726103][ T8391] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 207.743806][ T8391] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 207.777597][ T8394] IPVS: ftp: loaded support on port[0] = 21 [ 207.790622][ T8391] team0: Port device team_slave_0 added [ 207.805024][ T8391] team0: Port device team_slave_1 added 06:55:15 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, 0x0) [ 207.894369][ T8391] device hsr_slave_0 entered promiscuous mode [ 207.941864][ T8391] device hsr_slave_1 entered promiscuous mode [ 208.013184][ T8391] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.020414][ T8391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.028275][ T8391] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.035553][ T8391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.045127][ T8396] IPVS: ftp: loaded support on port[0] = 21 06:55:15 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = epoll_create1(0x0) setsockopt$sock_int(r0, 0x1, 0x0, 0x0, 0x0) [ 208.208647][ T8391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.255282][ T8394] chnl_net:caif_netlink_parms(): no params data found [ 208.273943][ T8391] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.274604][ T8400] IPVS: ftp: loaded support on port[0] = 21 [ 208.299905][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.314309][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.333145][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.342596][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready 06:55:15 executing program 4: pipe2(&(0x7f00000000c0), 0x80000) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = accept(0xffffffffffffff9c, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, 0x0) [ 208.376359][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.385588][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.392701][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.428231][ T8396] chnl_net:caif_netlink_parms(): no params data found [ 208.446743][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.462813][ T8401] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.469896][ T8401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.512935][ T8394] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.520052][ T8394] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.529547][ T8394] device bridge_slave_0 entered promiscuous mode [ 208.575605][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.584963][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.596602][ T8394] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.607022][ T8394] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.615383][ T8394] device bridge_slave_1 entered promiscuous mode [ 208.639852][ T8391] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 208.652161][ T8391] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 208.672654][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.680625][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 06:55:15 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$sock_inet6_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) [ 208.690675][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.699878][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.708901][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.719324][ T8394] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.733030][ T8396] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.740443][ T8396] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.749284][ T8396] device bridge_slave_0 entered promiscuous mode [ 208.764199][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.765935][ T8404] IPVS: ftp: loaded support on port[0] = 21 [ 208.778841][ T8394] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.796182][ T8396] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.810833][ T8396] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.820288][ T8396] device bridge_slave_1 entered promiscuous mode [ 208.869500][ T8406] IPVS: ftp: loaded support on port[0] = 21 [ 208.893218][ T8394] team0: Port device team_slave_0 added [ 208.927984][ T8391] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.936642][ T8394] team0: Port device team_slave_1 added [ 208.947751][ T8396] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 208.963110][ T8400] chnl_net:caif_netlink_parms(): no params data found [ 208.985637][ T8396] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.025998][ T8396] team0: Port device team_slave_0 added [ 209.064904][ T8394] device hsr_slave_0 entered promiscuous mode [ 209.102030][ T8394] device hsr_slave_1 entered promiscuous mode [ 209.178990][ T8396] team0: Port device team_slave_1 added 06:55:16 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = timerfd_create(0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, 0x0) [ 209.240812][ T8400] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.252643][ T8400] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.260997][ T8400] device bridge_slave_0 entered promiscuous mode 06:55:16 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8947, &(0x7f0000000040)={'gre0\x00', @empty=[0x0, 0x0, 0x43]}) [ 209.344326][ T8396] device hsr_slave_0 entered promiscuous mode [ 209.371842][ T8396] device hsr_slave_1 entered promiscuous mode [ 209.421380][ T8396] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.428514][ T8396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.485485][ T8400] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.492642][ T8400] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.500370][ T8400] device bridge_slave_1 entered promiscuous mode [ 209.519622][ T8400] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.531265][ T8400] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.570276][ T8404] chnl_net:caif_netlink_parms(): no params data found [ 209.618221][ T8400] team0: Port device team_slave_0 added [ 209.628062][ T8400] team0: Port device team_slave_1 added [ 209.651028][ T8406] chnl_net:caif_netlink_parms(): no params data found [ 209.661024][ T17] bridge0: port 2(bridge_slave_1) entered disabled state 06:55:16 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8947, &(0x7f0000000040)={'gre0\x00', @empty=[0x0, 0x0, 0x43]}) [ 209.744078][ T8400] device hsr_slave_0 entered promiscuous mode [ 209.781890][ T8400] device hsr_slave_1 entered promiscuous mode 06:55:17 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000140)={@local, @empty, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @initdev, {[@ssrr={0x89, 0x3}]}}, @tipc=@payload_direct={{{{0x20, 0x0, 0x0, 0x0, 0x0, 0x8}}}}}}}}, 0x0) [ 209.848332][ T8406] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.856621][ T8406] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.864945][ T8406] device bridge_slave_0 entered promiscuous mode [ 209.874584][ T8404] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.883816][ T8404] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.892096][ T8404] device bridge_slave_0 entered promiscuous mode [ 209.907184][ T8406] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.916578][ T8406] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.925531][ T8406] device bridge_slave_1 entered promiscuous mode 06:55:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x545ab53f) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0xc72f, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f00000000c0)={0x0, @raw_data="4877092dac1ece2fe15202845e8203ad3ecb9e561007f5e326010f882b627a4437269f004a155fe039da7853344481e3fd43f3dd91cbdbf2136186856e15212827c4b5a6ef9a2227f1d79c23c1c0d5514925310e0deec4f550d16209162e6bc70333d05b444084c084c1cfe17fcc931600ed5542513c11741df618174bca73fd465b5536de11e3d6e65e2d6d9e03526848238ac2dbb970603e3a0fb0a21513430fe5d97586e9ec893759322d9fc6255b3a878d3126ab9a96d16a0dddd3b2c21ece173eb09a08d605"}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x200000000001f, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "77100b6a1cc076a15ad9f0552d5b12bfc338e5269b12ac2a4ee4202c64122b0a"}}) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) removexattr(0x0, 0x0) [ 209.952284][ T8396] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.975488][ T8404] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.985884][ T8404] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.003809][ T8404] device bridge_slave_1 entered promiscuous mode [ 210.023216][ T8394] 8021q: adding VLAN 0 to HW filter on device bond0 06:55:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x545ab53f) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0xc72f, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f00000000c0)={0x0, @raw_data="4877092dac1ece2fe15202845e8203ad3ecb9e561007f5e326010f882b627a4437269f004a155fe039da7853344481e3fd43f3dd91cbdbf2136186856e15212827c4b5a6ef9a2227f1d79c23c1c0d5514925310e0deec4f550d16209162e6bc70333d05b444084c084c1cfe17fcc931600ed5542513c11741df618174bca73fd465b5536de11e3d6e65e2d6d9e03526848238ac2dbb970603e3a0fb0a21513430fe5d97586e9ec893759322d9fc6255b3a878d3126ab9a96d16a0dddd3b2c21ece173eb09a08d605"}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x200000000001f, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "77100b6a1cc076a15ad9f0552d5b12bfc338e5269b12ac2a4ee4202c64122b0a"}}) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) removexattr(0x0, 0x0) [ 210.058253][ T8396] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.067582][ T8406] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.085724][ T8394] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.100032][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.109845][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.122196][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.130082][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 06:55:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x0, &(0x7f0000000040), 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f00000001c0)={0x0, 0x1f, 0xd70229af4108bb40, 0x2, 0x5}, &(0x7f0000000200)=0x18) write$P9_RSYMLINK(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000280)={0x0, 0x7}, 0x8) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x0) set_thread_area(&(0x7f0000000140)={0x0, 0x20000000, 0xffffffffffffffff, 0x0, 0x8, 0x0, 0x8, 0x8, 0x0, 0x5}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$rose(0xffffffffffffffff, 0x104, 0x7, &(0x7f0000000240), 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f00000000c0), 0x0) syz_emit_ethernet(0x46, &(0x7f0000000600)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "645cde", 0x10, 0x11, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x8848]}, @ipv4, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "ffcba1", 0x0, "713af2"}}}}}}}, 0x0) syz_open_dev$rtc(&(0x7f0000000480)='/dev/rtc#\x00', 0x2, 0x100) [ 210.161862][ T8406] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.184509][ T8404] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.210029][ T8440] FAT-fs (loop0): bogus number of reserved sectors [ 210.218695][ T8440] FAT-fs (loop0): Can't find a valid FAT filesystem [ 210.226498][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.236789][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.254284][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.261412][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.270124][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.291821][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.300242][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.307358][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.321337][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.330794][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.340361][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.349202][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.356299][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.364472][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.374028][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.382446][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.389470][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.397037][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.405872][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.414569][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.423033][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.431213][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.439900][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.448617][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.457186][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.465839][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.475236][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.483360][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.491333][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.504914][ T8404] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.523596][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.532103][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.540183][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.549072][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.557718][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.566054][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.575119][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.583618][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.597790][ T8400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.610705][ T8406] team0: Port device team_slave_0 added [ 210.621560][ T8406] team0: Port device team_slave_1 added [ 210.629037][ T8396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.649073][ T8404] team0: Port device team_slave_0 added [ 210.657266][ T8404] team0: Port device team_slave_1 added [ 210.686010][ T8412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.694898][ T8412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.703805][ T8412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.711387][ T8412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.720897][ T8394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.733627][ T8400] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.803564][ T8406] device hsr_slave_0 entered promiscuous mode [ 210.852046][ T8406] device hsr_slave_1 entered promiscuous mode [ 210.918767][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.927546][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.937447][ T2900] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.944680][ T2900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.952920][ T8412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.980668][ T8396] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.999480][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.008282][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.017487][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.024671][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.034166][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.043018][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.064728][ T8394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.113529][ T8404] device hsr_slave_0 entered promiscuous mode [ 211.151920][ T8404] device hsr_slave_1 entered promiscuous mode [ 211.215017][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.228819][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.237748][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.247225][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.255759][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.263990][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.272519][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.291411][ T8400] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 211.303465][ T8400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.315876][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.324964][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.364036][ T8406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.405626][ T8400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.440068][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.464384][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.534274][ T8406] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.564633][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.585751][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.624747][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.631875][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state 06:55:18 executing program 1: 06:55:18 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$vsock_dgram(0x28, 0x2, 0x0) shutdown(r1, 0x1) ppoll(&(0x7f00000000c0)=[{r1}], 0x1, &(0x7f0000000100)={0x0, 0x989680}, 0x0, 0x0) [ 211.680141][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.724617][ T8404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.742401][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.750881][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.761926][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.769002][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.795657][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.831099][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.869479][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.889858][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.916455][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.947552][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.957378][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.971446][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.981456][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 06:55:19 executing program 3: [ 212.001372][ T8404] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.036506][ T8412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.077111][ T8412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.095028][ T8406] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.115334][ T8406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.141632][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.150375][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.164070][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.173856][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.182333][ T8401] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.189370][ T8401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.197013][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.205513][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.213953][ T8401] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.220991][ T8401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.228711][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.237374][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.246632][ T8401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.264388][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.274331][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.283575][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.292478][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.300721][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.309271][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.317940][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.329074][ T8404] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.340612][ T8404] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.360795][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.372217][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.392833][ T8406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.417653][ T8404] 8021q: adding VLAN 0 to HW filter on device batadv0 06:55:19 executing program 4: 06:55:20 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6(0xa, 0x2, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1}, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2000000002}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r1, &(0x7f0000000240), 0x5c3, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="c0dca5055e0bcfec7be070") 06:55:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070") r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r1, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) write$evdev(r1, &(0x7f0000000140)=[{{}, 0xfffffffffffffffc, 0x1, 0xffe}], 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 06:55:20 executing program 1: 06:55:20 executing program 0: 06:55:20 executing program 3: 06:55:20 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0xee67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback}) openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x80800, 0x0) getuid() accept4$bt_l2cap(0xffffffffffffffff, 0x0, &(0x7f0000000380), 0x0) statx(0xffffffffffffffff, 0x0, 0x800, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000000200)='selinuxvboxnet1\x00', 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, 0x0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) getsockname$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, &(0x7f0000000280)=0x6e) ftruncate(r1, 0x8003f1) r2 = open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000000c0)) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000500)={0x0, 0xffffffff}) 06:55:20 executing program 3: r0 = memfd_create(&(0x7f0000000140)='lotrusted\x1a\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) 06:55:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:20 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x5, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x0, 0x32314742, 0x140}) [ 212.894994][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 212.895007][ T26] audit: type=1804 audit(1560063320.148:31): pid=8505 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir737326732/syzkaller.7NoNOz/2/bus" dev="sda1" ino=16540 res=1 06:55:20 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) select(0x40, &(0x7f0000000200)={0x10000000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000280)={0x1, 0x8, 0x101, 0x0, 0x0, 0x9c, 0x8}, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x800e008a1) 06:55:20 executing program 0: clone(0x201ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) futex(&(0x7f0000000000), 0x5, 0x0, 0x0, &(0x7f0000000080), 0x8bffffffe) 06:55:20 executing program 2: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) r1 = openat$null(0xffffffffffffff9c, 0x0, 0x82001, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'nr0\x00', @local}) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$DRM_IOCTL_ADD_BUFS(0xffffffffffffffff, 0xc0206416, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, 0x0, 0x0) read$eventfd(0xffffffffffffffff, 0x0, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000240)='./bus\x00', 0x0, &(0x7f00000003c0)={'U+', 0x1}, 0x28, 0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0xcf) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000008c0)={{{@in=@dev, @in6=@mcast2}}, {{@in6=@dev}, 0x0, @in=@initdev}}, &(0x7f0000000a40)=0x37) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x1) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000180)=@add_del={0x2, 0x0}) sendmmsg(r2, &(0x7f0000007e00), 0x400000000000058, 0x0) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000400)={0x0, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e24, @empty}, {0x2, 0x4e24, @local}, 0x200, 0x0, 0x0, 0x0, 0x7f, &(0x7f0000000380)='syzkaller0\x00', 0x100000001, 0x6, 0x6}) ioctl$PIO_FONTX(r1, 0x4b6c, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000640)=0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000600)=r3) write$eventfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) setxattr$trusted_overlay_nlink(0x0, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'L+', 0x7}, 0x28, 0x0) syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000006}, 0xc, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB="000227bd70dbdf250900000046000500080001007564700008000100657468000c0002000800010001000000046295bb1b4b49cf2400020008000200040000000800030003000000080002000700000008000300080000003000060004000200080001313300ff07000004ff00000008000100010d000004000200040002000400020024000500080001007564700008000100f56470000800010069620800010069620000f80005003ca8f2a83fe8dcb745f4bd07be9fb89e6a814ca88f682a34399eaa56f4e6f40940cc7f42efaa5145"], 0x1}}, 0x4000) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000680)) modify_ldt$read_default(0x2, 0x0, 0x0) [ 213.184524][ T8537] futex_wake_op: syz-executor.0 tries to shift op by -1; fix this program [ 213.239090][ C0] hrtimer: interrupt took 45185 ns 06:55:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:20 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) bind$netlink(r0, &(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000}, 0xc) getsockname$packet(r0, 0x0, &(0x7f00000002c0)) 06:55:20 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f00000000c0)='./bus\x00', 0x141046, 0x0) 06:55:20 executing program 0: r0 = memfd_create(&(0x7f0000000380)='y\xb6;\xb2(\x98\x9a\xbd\xbc\'\x94<\x93.\xbc$\x1f[\xeea\xbaY\xc4\xc4#\xf6%R\xf4\x83\xd9N\xc5$]\x13\f\x85\x87 \xf2mi\xeaK>\x03M\xd2\x004yZ\xca5k-\xc6\xcd\x01\xb5O;_\xe8\a\xf7`W8n\x1d\xaf\xf63\xa8_\x7f\xed\xb6*)^6\xed\x06\xfbF|\x98\xeaa\xb6\xaf\xf3\xa3!Y\xa72cN4\xd2\x15m\x1a\xd4\xa0\xb17\xabQ\x12\xd7\xb5\x0f\xaf\x14\xac\xac;\xb8\xaa,\x01WCD\xbd\xbf\x06;\xe4\x9d\xea\xe7PV\x81\xb8=\xb7\t\xe4\x06\t\x00\x00\x00\x00\x00\x00\x00y\x8eF\x90\xa3g*\xcd\x04\xb4\x85\xdaN\x00'/182, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x5, 0x4d011, r0, 0x0) 06:55:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) [ 213.753127][ T26] audit: type=1804 audit(1560063320.998:32): pid=8505 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir737326732/syzkaller.7NoNOz/2/bus" dev="sda1" ino=16540 res=1 06:55:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x545ab53f) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0xc72f, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f00000000c0)={0x0, @raw_data="4877092dac1ece2fe15202845e8203ad3ecb9e561007f5e326010f882b627a4437269f004a155fe039da7853344481e3fd43f3dd91cbdbf2136186856e15212827c4b5a6ef9a2227f1d79c23c1c0d5514925310e0deec4f550d16209162e6bc70333d05b444084c084c1cfe17fcc931600ed5542513c11741df618174bca73fd465b5536de11e3d6e65e2d6d9e03526848238ac2dbb970603e3a0fb0a21513430fe5d97586e9ec893759322d9fc6255b3a878d3126ab9a96d16a0dddd3b2c21ece173eb09a08d605"}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x200000000001f, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "77100b6a1cc076a15ad9f0552d5b12bfc338e5269b12ac2a4ee4202c64122b0a"}}) read(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) removexattr(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='coredump_filter\x00') 06:55:21 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = epoll_create(0x0) ioctl$TCSETX(r0, 0x5433, 0x0) 06:55:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:21 executing program 5: ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000180)="cb07f3e6540a8adaf32de34eb3db80ca", 0x10) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x8000000000006, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x519) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) 06:55:21 executing program 4: socket$inet6_udp(0xa, 0x2, 0x0) fsync(0xffffffffffffffff) eventfd2(0x0, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x20141042, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000100) lseek(r0, 0x0, 0x3) ioctl$KDENABIO(r0, 0x4b36) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000540)={0x100, 0x8000, 0x1, 0x7}) getresuid(0x0, &(0x7f0000000300), &(0x7f0000000340)) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) setfsgid(0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) 06:55:21 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$void(r0, 0x0) 06:55:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="c0dca5055e0bcfec7be070") r1 = socket$inet6(0xa, 0x5, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0x100000000002, &(0x7f0000000000)=0x2, 0x28e) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x1a, &(0x7f00000001c0)=@raw={'raw\x00', 0x9, 0x3, 0x2e8, 0x130, 0x130, 0x130, 0x0, 0x0, 0x218, 0x218, 0x218, 0x218, 0x218, 0x3, 0x0, {[{{@ipv6={@local, @local, [], [], 'teql0\x00', 'ifb0\x00'}, 0x0, 0xc8, 0x130}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}, {{@ipv6={@ipv4, @ipv4, [], [], 'lo\x00', 'vlan0\x00'}, 0x0, 0xc8, 0xe8}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x348) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20}, 0x1c) 06:55:21 executing program 5: r0 = creat(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, 0x0, &(0x7f00000004c0)) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000001c0)={@multicast1, @remote, @empty}, 0x0) unshare(0x400) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f00000000c0)={0x5, 0x3, 0x3}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) fchown(r0, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000040), 0x4) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x8000000000000800, 0x0) vmsplice(r2, &(0x7f0000000180)=[{&(0x7f0000000100)}], 0x1, 0x8) semtimedop(0x0, &(0x7f0000000400)=[{0x0, 0x0, 0x1000}], 0x1, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) shmget$private(0x0, 0x1000, 0x78000000, &(0x7f0000ffc000/0x1000)=nil) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) 06:55:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:21 executing program 2: 06:55:21 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:21 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffff9c, &(0x7f0000001100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/79, 0x4f}}], 0x1, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) writev(r1, &(0x7f00000000c0), 0x200000000000014c) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000000c0)=@in6={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, 0x80, 0x0}, 0x0) 06:55:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:21 executing program 2: getpid() r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x440400, 0x0) openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) keyctl$join(0x1, &(0x7f0000000200)={'syz', 0x2}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'U-', 0xffff}, 0x28, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240), 0x13f}}, 0x20) ioctl$int_in(r1, 0x40000000af01, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000007c0)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000180)={0x200000000001, r2}) 06:55:21 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:21 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) write$evdev(r0, &(0x7f0000000140)=[{}], 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 06:55:22 executing program 4: socket$inet6_udp(0xa, 0x2, 0x0) fsync(0xffffffffffffffff) eventfd2(0x0, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x20141042, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000100) lseek(r0, 0x0, 0x3) ioctl$KDENABIO(r0, 0x4b36) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000540)={0x100, 0x8000, 0x1, 0x7}) getresuid(0x0, &(0x7f0000000300), &(0x7f0000000340)) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) setfsgid(0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) 06:55:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, 0x0, 0x0) recvfrom$packet(r2, &(0x7f0000000380)=""/240, 0xf0, 0x0, 0x0, 0x0) 06:55:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:22 executing program 5: 06:55:22 executing program 5: 06:55:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, 0xffffffffffffffff, 0x0, 0x1ffe00) 06:55:22 executing program 5: 06:55:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, 0xffffffffffffffff, 0x0, 0x1ffe00) 06:55:22 executing program 2: 06:55:22 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) read(r1, 0x0, 0x273) 06:55:23 executing program 4: socket$inet6_udp(0xa, 0x2, 0x0) fsync(0xffffffffffffffff) eventfd2(0x0, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x20141042, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000100) lseek(r0, 0x0, 0x3) ioctl$KDENABIO(r0, 0x4b36) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000540)={0x100, 0x8000, 0x1, 0x7}) getresuid(0x0, &(0x7f0000000300), &(0x7f0000000340)) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) setfsgid(0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) 06:55:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) pwritev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, 0xffffffffffffffff, 0x0, 0x1ffe00) 06:55:23 executing program 5: 06:55:23 executing program 2: 06:55:23 executing program 3: 06:55:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:23 executing program 5: 06:55:23 executing program 2: 06:55:23 executing program 3: 06:55:23 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) read(r1, 0x0, 0x273) 06:55:23 executing program 5: 06:55:23 executing program 2: 06:55:24 executing program 4: getpid() r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x440400, 0x0) openat$cgroup(r0, &(0x7f00000001c0)='syz0\x00', 0x200002, 0x0) keyctl$join(0x1, &(0x7f0000000200)={'syz', 0x2}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'U-', 0xffff}, 0x28, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000240), 0x13f}}, 0x20) ioctl$int_in(r1, 0x40000000af01, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000007c0)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000180)={0x200000000001, r2}) 06:55:24 executing program 3: ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, 0x0) sched_setaffinity(0x0, 0x0, 0x0) getpeername(0xffffffffffffff9c, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) write$rfkill(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x8000000000006, 0x0) gettid() timer_create(0x0, &(0x7f0000000000), 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x5, 0x0) write(r0, &(0x7f0000c34fff), 0x3a4d) timer_settime(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x15) ioctl$TIOCLINUX3(0xffffffffffffffff, 0x541c, 0x0) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000300), 0x8) semop(0x0, &(0x7f00000001c0)=[{0x0, 0x0, 0x1000}], 0x1) 06:55:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x0, 0x0) dup2(r0, r1) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@remote, @dev={0xfe, 0x80, [], 0x2b}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x1000000000000000, 0x0, 0x0, 0x81}) 06:55:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:24 executing program 5: r0 = open(&(0x7f0000000240)='./file0\x00', 0x10000101000, 0xfffffffffffffffd) socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') flock(r0, 0x21) accept4(0xffffffffffffff9c, &(0x7f0000002000)=@xdp, &(0x7f0000002080)=0x80, 0x0) sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, 0x0, 0x40) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x100000001) add_key$user(0x0, &(0x7f00000002c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) r3 = syz_open_dev$usbmon(0x0, 0x40, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f0000000300)={@local}) ioctl$BLKIOMIN(r1, 0x1278, &(0x7f0000000200)) open(&(0x7f00000001c0)='./file0\x00', 0x200000, 0x8) syz_open_pts(r3, 0x400001) listen(0xffffffffffffffff, 0x0) fdatasync(r2) ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x77a0100]}, @rand_addr="58c4c4a733d993a894f49491cb15d13e", @loopback}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$netlink(r3, 0x10e, 0x0, 0x0, &(0x7f0000000100)) dup2(0xffffffffffffffff, r5) 06:55:24 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) read(r1, 0x0, 0x273) 06:55:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="040e"], 0x2) 06:55:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x37b, 0xfffffffffffffffc, 0x0, 0xfffffffffffffe83) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000001c0)={0x1, 0x0, [{0x7}]}) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:55:24 executing program 5: 06:55:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(0xffffffffffffffff, r1, 0x0, 0x1ffe00) 06:55:25 executing program 5: [ 217.744810][ T8722] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 06:55:25 executing program 4: 06:55:25 executing program 3: 06:55:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(0xffffffffffffffff, r1, 0x0, 0x1ffe00) 06:55:25 executing program 5: 06:55:25 executing program 2: 06:55:25 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:25 executing program 5: socket$alg(0x26, 0x5, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhost-net\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x545ab53f) r1 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0xc72f, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f00000000c0)={0x0, @raw_data="4877092dac1ece2fe15202845e8203ad3ecb9e561007f5e326010f882b627a4437269f004a155fe039da7853344481e3fd43f3dd91cbdbf2136186856e15212827c4b5a6ef9a2227f1d79c23c1c0d5514925310e0deec4f550d16209162e6bc70333d05b444084c084c1cfe17fcc931600ed5542513c11741df618174bca73fd465b5536de11e3d6e65e2d6d9e03526848238ac2dbb970603e3a0fb0a21513430fe5d97586e9ec893759322d9fc6255b3a878d3126ab9a96d16a0dddd3b2c21ece173eb09a08d605"}) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x200000000001f, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "77100b6a1cc076a15ad9f0552d5b12bfc338e5269b12ac2a4ee4202c64122b0a"}}) read(r0, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) removexattr(0x0, 0x0) io_submit(0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x0, 0x0) 06:55:25 executing program 4: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x9, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_G_PARM(r0, 0xc0d05605, &(0x7f0000000100)={0x9, @raw_data="cff1379840e6b512bab2664f4e4d36318e8e96eb17dbe1aceb506eb1828910a52cd91b127babcce43fa413160c172c8e2fef7812f2e6511d7e6edd49a810c2939493ee51f3967ad1b4308a934b172ab30b288af3c68baaf5cd3907b2eb17125ed923f87e711bb84acfa01f74b478f09f31145ac0cf6cd553eaecef97e3b40afe462f12cf5a509fe783152e1699117d0f8ea6f254d111028e1ab56f5e48c084d7a0a67f6d5846adbb3156e8f3fcdfb6e0bb485cbff4137426dd7d4cfdccba8ff0678f7dd147fb798d"}) 06:55:25 executing program 3: 06:55:25 executing program 2: 06:55:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(0xffffffffffffffff, r1, 0x0, 0x1ffe00) 06:55:25 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:25 executing program 3: 06:55:25 executing program 2: 06:55:25 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x4003) write$binfmt_script(r0, &(0x7f0000000380)=ANY=[@ANYRESOCT=0x0], 0x17) close(r0) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000280)) execve(&(0x7f0000000180)='./file0\x00', &(0x7f0000000540)=[&(0x7f00000001c0)='\xe3\x00', &(0x7f0000000200)='/dev/ubi_ctrl\x00', &(0x7f0000000240)='/dev/ubi_ctrl\x00', &(0x7f0000000340)='/dev/ubi_ctrl\x00', 0x0, &(0x7f0000000500)='/dev/sequencer\x00'], &(0x7f00000007c0)=[&(0x7f0000000580)='/dev/ubi_ctrl\x00', &(0x7f00000005c0)='/dev/ubi_ctrl\x00', &(0x7f0000000600)='ppp0\x00', &(0x7f0000000740)='\x00', 0x0]) 06:55:25 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:25 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r0, r1, 0x0, 0x1ffe00) 06:55:25 executing program 3: select(0x2, 0x0, 0x0, 0x0, 0x0) getresuid(0x0, 0x0, &(0x7f0000000840)) munmap(&(0x7f0000ffa000/0x6000)=nil, 0x6000) 06:55:26 executing program 5: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x1a, &(0x7f00000001c0)=@raw={'raw\x00', 0x9, 0x3, 0x2e8, 0x130, 0x130, 0x130, 0x0, 0x0, 0x218, 0x218, 0x218, 0x218, 0x218, 0x3, 0x0, {[{{@ipv6={@local, @local, [], [], 'teql0\x00', 'ifb0\x00'}, 0x0, 0xc8, 0x130}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}, {{@ipv6={@ipv4, @ipv4, [], [], 'lo\x00', 'vlan0\x00'}, 0x0, 0xc8, 0xe8}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x348) bind$inet6(r0, &(0x7f0000000080), 0x1c) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000540), 0x0) 06:55:26 executing program 2: r0 = memfd_create(&(0x7f0000000080)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff\x99\x12)\xa1N\x91\xa2\x06\x8f\xa7J\x14c+>\xa9/`\x90\xa1S]X\x8a\x8a\x01a0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x32b, &(0x7f0000000000)=[{}]}, 0x10) 06:55:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xf6) read(0xffffffffffffffff, 0x0, 0x273) 06:55:26 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x4003) write$binfmt_script(r0, &(0x7f0000000380)=ANY=[@ANYRESOCT=0x0], 0x17) close(r0) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, &(0x7f0000000280)) execve(&(0x7f0000000180)='./file0\x00', &(0x7f0000000540)=[&(0x7f00000001c0)='\xe3\x00', &(0x7f0000000200)='/dev/ubi_ctrl\x00', &(0x7f0000000240)='/dev/ubi_ctrl\x00', &(0x7f0000000340)='/dev/ubi_ctrl\x00', 0x0, &(0x7f0000000500)='/dev/sequencer\x00'], &(0x7f00000007c0)=[&(0x7f0000000580)='/dev/ubi_ctrl\x00', &(0x7f00000005c0)='/dev/ubi_ctrl\x00', &(0x7f0000000600)='ppp0\x00', &(0x7f0000000740)='\x00', 0x0]) 06:55:26 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r0, r1, 0x0, 0x1ffe00) 06:55:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xf6) read(0xffffffffffffffff, 0x0, 0x273) 06:55:26 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001180)="11dca5055e0bcfec7be070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmsg$alg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000280)="89cf902ec4fcdcdd6db7e24c230753ea4ddc55adc93cae", 0x17}], 0x1}, 0x0) 06:55:26 executing program 4: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000040)={0x1}, 0x6) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr="ff3e6808e92b7abafc47d822996f60e4"}, 0x1c) sendmmsg$sock(r0, &(0x7f0000002b40)=[{{0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}}], 0x1, 0x24008004) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x0, 0x0}}], 0x400000000000007, 0x0) 06:55:26 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r0, r1, 0x0, 0x1ffe00) 06:55:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, 0x0) 06:55:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xf6) read(0xffffffffffffffff, 0x0, 0x273) 06:55:26 executing program 3: msgrcv(0x0, 0x0, 0x0, 0x2, 0x2000) 06:55:26 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) read(r0, 0x0, 0x273) 06:55:26 executing program 2: r0 = memfd_create(&(0x7f0000000080)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff\x99\x12)\xa1N\x91\xa2\x06\x8f\xa7J\x14c+>\xa9/`\x90\xa1S]X\x8a\x8a\x01a0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x32b, &(0x7f0000000000)=[{}]}, 0x10) 06:55:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x2287) 06:55:26 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) read(r0, 0x0, 0x273) 06:55:26 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r0, r1, 0x0, 0x1ffe00) 06:55:26 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e0bcfec7be070") ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00\a\x00\x00\x00\x0f\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="0e00000000000000000000000000003b"]}) [ 219.605403][ T8817] Unknown ioctl 44801 [ 219.605419][ T8829] Unknown ioctl 1074310915 06:55:26 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) read(r0, 0x0, 0x273) 06:55:27 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000180)=0xf6, 0xfe7e) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x1b5, 0x20008800, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") recvmmsg(r0, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x114}}], 0x789, 0x2, 0x0) 06:55:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dca5055e0bcfec7be070") clone(0x802102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x60}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 219.838684][ T8848] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 06:55:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, 0x0) 06:55:27 executing program 0: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) read(r0, 0x0, 0x273) 06:55:27 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r0, r1, 0x0, 0x1ffe00) 06:55:27 executing program 4: 06:55:27 executing program 0: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) read(r0, 0x0, 0x273) 06:55:27 executing program 2: 06:55:27 executing program 4: 06:55:27 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, 0x0) 06:55:27 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r0, r1, 0x0, 0x1ffe00) 06:55:27 executing program 4: 06:55:27 executing program 0: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) read(r0, 0x0, 0x273) 06:55:27 executing program 5: 06:55:27 executing program 2: 06:55:27 executing program 4: 06:55:27 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r0, r1, 0x0, 0x1ffe00) 06:55:27 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) read(r0, 0x0, 0x273) 06:55:27 executing program 5: 06:55:27 executing program 2: 06:55:27 executing program 4: 06:55:27 executing program 3: 06:55:27 executing program 5: 06:55:27 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) read(r0, 0x0, 0x273) 06:55:27 executing program 2: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x5, 0x0) ioctl$VIDIOC_ENUMINPUT(r0, 0xc050561a, &(0x7f0000000280)={0x1, "c648e4929cb68ba045be247f150f0b36a674a03953da069609354b53b45f00e6"}) 06:55:27 executing program 5: r0 = syz_open_dev$video4linux(&(0x7f0000000200)='/dev/v4l-subdev#\x00', 0xfffffffffff7ffd, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000000)) 06:55:27 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) msgctl$IPC_SET(0x0, 0x1, 0x0) msgsnd(0x0, &(0x7f0000000300)={0x2}, 0x8, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000240)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}) 06:55:27 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d616e675e650000000000000000000000181b526bb5957004b3090000000000000000000000000000001f00000006000000a00500d32d024f9f80a3306e074fd9ab0d8dd0d93c7d71c54c00000000000097a2cf0000e80700000000000000000033f3c52dcc86b2000000000000499debe8af28332094e8967eb2cbfa48d3b9c789e348ea60a8f45d236c1cfa0975e390a220bcaec3339c04556f8ec60dcd7c73621f4f07bef2f6f2c3ddcebe3b02200000e1771fcd49a40ba81ab3fc28333f54ce3d5523590c9897408f4e48e9caca560200000035fb843216ec6983eb7a0300000000000000afdfd65459933918da"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) tkill(r2, 0x3c) 06:55:28 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r0, r1, 0x0, 0x1ffe00) 06:55:28 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0xf6) read(r0, 0x0, 0x273) 06:55:28 executing program 5: 06:55:28 executing program 2: 06:55:28 executing program 4: perf_event_open(&(0x7f0000000240)={0x1, 0x6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x0) socket$inet6(0xa, 0x0, 0xfd7) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180), 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="02090000ade86de4c650b234d5fc32357c1a3fa00d47e11962917a041087680000203b849c055935edcff289c312a9c993"], 0x31}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020100021000000000000600000000000800120000ffff00000000000000000006000000000000060000800000000000e00000010b00000000000000000035000000000000000000000000ff00000000030006000000000002000004000000bb000000000000000003000500000000000200423b000000000000004000000000"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0) 06:55:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:28 executing program 2: socket$alg(0x26, 0x5, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhost-net\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x545ab53f) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0xc72f, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f00000000c0)={0x0, @raw_data="4877092dac1ece2fe15202845e8203ad3ecb9e561007f5e326010f882b627a4437269f004a155fe039da7853344481e3fd43f3dd91cbdbf2136186856e15212827c4b5a6ef9a2227f1d79c23c1c0d5514925310e0deec4f550d16209162e6bc70333d05b444084c084c1cfe17fcc931600ed5542513c11741df618174bca73fd465b5536de11e3d6e65e2d6d9e03526848238ac2dbb970603e3a0fb0a21513430fe5d97586e9ec893759322d9fc6255b3a878d3126ab9a96d16a0dddd3b2c21ece173eb09a08d605"}) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x200000000001f, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "77100b6a1cc076a15ad9f0552d5b12bfc338e5269b12ac2a4ee4202c64122b0a"}}) read(r0, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) removexattr(0x0, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$SIOCRSGL2CALL(r2, 0x89e5, &(0x7f0000000100)=@null) syz_open_procfs(0x0, &(0x7f0000000080)='coredump_filter\x00') socket$inet_udplite(0x2, 0x2, 0x88) 06:55:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="2e0000003300815fe45a0000185082cf0300a0eba06ec40092ff002fff0f00"/46, 0x2e}], 0x1}, 0x0) 06:55:28 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r0 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x42800) r1 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r1, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r0, r1, 0x0, 0x1ffe00) 06:55:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) [ 221.173853][ T8939] netlink: 22 bytes leftover after parsing attributes in process `syz-executor.5'. 06:55:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x545ab53f) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0xc72f, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f00000000c0)={0x0, @raw_data="4877092dac1ece2fe15202845e8203ad3ecb9e561007f5e326010f882b627a4437269f004a155fe039da7853344481e3fd43f3dd91cbdbf2136186856e15212827c4b5a6ef9a2227f1d79c23c1c0d5514925310e0deec4f550d16209162e6bc70333d05b444084c084c1cfe17fcc931600ed5542513c11741df618174bca73fd465b5536de11e3d6e65e2d6d9e03526848238ac2dbb970603e3a0fb0a21513430fe5d97586e9ec893759322d9fc6255b3a878d3126ab9a96d16a0dddd3b2c21ece173eb09a08d605"}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x200000000001f, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "77100b6a1cc076a15ad9f0552d5b12bfc338e5269b12ac2a4ee4202c64122b0a"}}) read(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) removexattr(0x0, 0x0) io_submit(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='coredump_filter\x00') 06:55:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca5055e0bcfec7be070") clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x81, 0x2000) add_key(&(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0), &(0x7f0000000100), 0x390, 0xfffffffffffffffb) 06:55:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:28 executing program 4: syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) accept4(0xffffffffffffff9c, 0x0, 0x0, 0x800) creat(&(0x7f0000000000)='./bus\x00', 0xffffffffffdffffe) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000080)="797d34e50f04f937eedcaa6d82f0e3ab191df83301fcef4130722969ef58f01edd5c202bcccbcf92b55daf6a8666c1e4f6835785e9e36740eff4b6ed7d85d647dddc007d70185570dd63d08604139ee93df9b04ad66926e0fdc68a3a3f6d0925ca8e069a109b6fb1dd3ece6a4288810cf3da4c1a1ede33b0cb630148aae77db3042a07e87037207edf807be29aa40763f4e63bd8d05853d6ce47679a7512c8169f5139ec1e5e46f2d19e8affa525d81a9fcfaf3297", 0xb5) syz_open_dev$dspn(0x0, 0x21, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00t\x00\x00\x00\x00\x00\x0e\b', @ifru_flags}) 06:55:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:28 executing program 4: [ 221.427035][ T8960] Option 'D' to dns_resolver key: bad/missing value 06:55:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:28 executing program 5: [ 221.502357][ T8967] Option 'D' to dns_resolver key: bad/missing value 06:55:28 executing program 2: 06:55:28 executing program 3: 06:55:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:28 executing program 4: 06:55:28 executing program 5: 06:55:29 executing program 5: 06:55:29 executing program 3: 06:55:29 executing program 2: 06:55:29 executing program 4: 06:55:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:29 executing program 5: 06:55:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000080)="c0dca5055e00b4ec7be070") r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:29 executing program 4: 06:55:29 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) write$binfmt_elf32(r0, 0x0, 0x0) 06:55:29 executing program 2: 06:55:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:29 executing program 5: 06:55:29 executing program 4: 06:55:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:29 executing program 4: 06:55:29 executing program 5: 06:55:29 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='syz_tun\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040), 0x4) 06:55:29 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = accept4$unix(0xffffffffffffff9c, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_origin(r0, 0x0, 0x0, 0x0, 0x0) 06:55:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:29 executing program 5: 06:55:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:29 executing program 4: 06:55:29 executing program 3: 06:55:29 executing program 5: 06:55:29 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:29 executing program 3: sched_setattr(0x0, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$apparmor_current(r0, &(0x7f0000000380)=ANY=[@ANYRES64], 0x1) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) creat(&(0x7f0000000540)='./bus\x00', 0x0) 06:55:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") unshare(0x8020000) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000001740)='ns/ipc\x00\x90\x92\xb3\xe6L\xc9l`w_G-\x18p\xffMG\x1c~\xefC\xb9\xf6Vr\x11x\x1d\x1dh\xe1[\xfa\xb4Y\\\xe0\xd3\xb0\xbd[W\x06#\x836\xd9\r>R\x1c\xca!MR\xbf\x93\xcc,P\x90\xdf\x8d^\xd4\xecW\xab\xdc!\x029\x82\xc1\xba5o\xa0{r\xb5v\xea\xd8\x05\x036\xa3\n\xcb\xec\xa7; \xa1\xe1w\x0f~\xebw\xb3\x1a\xf2\x00\xf2\x97\xb2l-=\xf5\xf8\x10\x1f\xb2\xfe\x80\xb5s\x05gI\x9a\x1do\x15\x1f\xd8\x93Wb\xe48M\xd9') shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) shmget(0xffffffffffffffff, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) shmget$private(0x0, 0x7000, 0x0, &(0x7f0000ff6000/0x7000)=nil) mq_open(&(0x7f00000001c0)='md5sumcgroup{[em0vboxnet1:-md5sum:proc\x00', 0x41, 0x0, 0x0) setns(r1, 0x0) 06:55:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:30 executing program 2: socket$alg(0x26, 0x5, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x545ab53f) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0xc72f, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f00000000c0)={0x0, @raw_data="4877092dac1ece2fe15202845e8203ad3ecb9e561007f5e326010f882b627a4437269f004a155fe039da7853344481e3fd43f3dd91cbdbf2136186856e15212827c4b5a6ef9a2227f1d79c23c1c0d5514925310e0deec4f550d16209162e6bc70333d05b444084c084c1cfe17fcc931600ed5542513c11741df618174bca73fd465b5536de11e3d6e65e2d6d9e03526848238ac2dbb970603e3a0fb0a21513430fe5d97586e9ec893759322d9fc6255b3a878d3126ab9a96d16a0dddd3b2c21ece173eb09a08d605"}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000000)={0x0, 0x0, 0x200000000001f, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "77100b6a1cc076a15ad9f0552d5b12bfc338e5269b12ac2a4ee4202c64122b0a"}}) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) 06:55:30 executing program 5: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x4003) close(r0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) execve(&(0x7f0000000180)='./file0\x00', &(0x7f0000000540)=[&(0x7f00000001c0)='\xe3\x00', &(0x7f0000000200)='/dev/ubi_ctrl\x00', &(0x7f0000000240)='/dev/ubi_ctrl\x00', &(0x7f00000003c0)='/dev/sequencer\x00', &(0x7f0000000500)='/dev/sequencer\x00'], &(0x7f00000007c0)=[&(0x7f0000000580)='/dev/ubi_ctrl\x00', &(0x7f00000005c0)='/dev/ubi_ctrl\x00', &(0x7f0000000600)='ppp0\x00', &(0x7f0000000700)='@lo}eth1eth0selinux\x00', &(0x7f0000000740)='\x00', &(0x7f0000000780)='/dev/sequencer\x00']) [ 222.872271][ T26] audit: type=1804 audit(1560063330.128:33): pid=9058 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir740771159/syzkaller.I6WJpb/27/bus" dev="sda1" ino=16524 res=1 [ 222.999022][ T26] audit: type=1804 audit(1560063330.248:34): pid=9069 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir740771159/syzkaller.I6WJpb/27/bus" dev="sda1" ino=16524 res=1 06:55:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)) r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:30 executing program 4: mknod$loop(&(0x7f0000009800)='./file0\x00', 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) 06:55:30 executing program 2: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0xc00c5512, &(0x7f0000000000)) 06:55:30 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") readahead(r1, 0x0, 0x0) 06:55:30 executing program 4: bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0], 0x3}, 0x20) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x1f4, 0x2) ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/54}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/loop-control\x00', 0x8000000000000800, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 06:55:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)) r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) [ 223.615232][ T26] audit: type=1804 audit(1560063330.868:35): pid=9069 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir740771159/syzkaller.I6WJpb/27/bus" dev="sda1" ino=16524 res=1 [ 224.772005][ C1] sched: RT throttling activated 06:55:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000040)="9b247f9c1793", 0x0, 0x0, 0x10014, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) 06:55:32 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) msgctl$IPC_SET(0x0, 0x1, &(0x7f00000014c0)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070") msgsnd(0x0, &(0x7f0000000300)={0x2}, 0x8, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000240)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}) 06:55:32 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) [ 224.907917][ T26] audit: type=1804 audit(1560063330.908:36): pid=9069 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir740771159/syzkaller.I6WJpb/27/bus" dev="sda1" ino=16524 res=1 06:55:32 executing program 5: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000200)) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x4, 0x248400) ioctl$TIOCSTI(r2, 0x5412, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000400), &(0x7f0000000480)=0x68) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000880)={r2, &(0x7f00000006c0)="848143eacf058100b779111c1a024ad275f0b85063398312660913697880c00035314d840bd73da3b1c6b5f71fedb321d031ce065423c6c75db04854b7a18875e0bee879853526ffe6461aba1991b4807f77168e20bf1ed4c66e97c5c5a75e5229ba1957217e213417f7951484747af27f84199dd011921ef1870ded2d4b2a1b9e397bf953c3f0e84b7d49181357f5d3e203b5b99d353f952cf7d277781cc05c1b", 0x0}, 0x18) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000001800120010000100767469000c000200080002c0e0000002"], 0x1}}, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000680)={0x10, 0x0, 0x25dfdbff}, 0xc) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000000)={0x8, 0x0, 0x10001, 0x101}) ioctl$KDGKBTYPE(r1, 0x4b33, &(0x7f00000001c0)) ioctl$DRM_IOCTL_AGP_FREE(r0, 0x40206435, &(0x7f0000000040)={0xff, r3, 0x3, 0x6}) 06:55:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)) r1 = socket$kcm(0x29, 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x42800) r2 = memfd_create(&(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f00001f2000)="aa", 0x1}], 0x1, 0x800000) sendfile(r1, r2, 0x0, 0x1ffe00) 06:55:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000040)="9b247f9c1793", 0x0, 0x0, 0x10014, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) [ 225.016565][ T26] audit: type=1804 audit(1560063332.028:37): pid=9092 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir740771159/syzkaller.I6WJpb/27/bus" dev="sda1" ino=16524 res=1 06:55:32 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) read(r1, 0x0, 0x273) 06:55:32 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0xa, 0x100000001, 0x7}, 0xd) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={r0, &(0x7f0000000140)="81", 0x0}, 0x18) 06:55:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xffff7ffbbfffffff, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000040)="9b247f9c1793", 0x0, 0x0, 0x10014, 0x0, 0x0}) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6) [ 225.187879][ T17] ================================================================== [ 225.196190][ T17] BUG: KASAN: use-after-free in blk_mq_free_rqs+0x49f/0x4b0 [ 225.203869][ T17] Read of size 8 at addr ffff888081b86f90 by task kworker/1:0/17 [ 225.212031][ T17] [ 225.214395][ T17] CPU: 1 PID: 17 Comm: kworker/1:0 Not tainted 5.2.0-rc3-next-20190607 #11 [ 225.223098][ T17] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.233264][ T17] Workqueue: events __blk_release_queue [ 225.238821][ T17] Call Trace: [ 225.242417][ T17] dump_stack+0x172/0x1f0 [ 225.246918][ T17] ? blk_mq_free_rqs+0x49f/0x4b0 [ 225.252153][ T17] print_address_description.cold+0xd4/0x306 [ 225.258152][ T17] ? blk_mq_free_rqs+0x49f/0x4b0 [ 225.263151][ T17] ? blk_mq_free_rqs+0x49f/0x4b0 [ 225.268125][ T17] __kasan_report.cold+0x1b/0x36 [ 225.273804][ T17] ? blk_mq_free_rqs+0x49f/0x4b0 [ 225.278860][ T17] kasan_report+0x12/0x20 06:55:32 executing program 2: [ 225.283301][ T17] __asan_report_load8_noabort+0x14/0x20 [ 225.288961][ T17] blk_mq_free_rqs+0x49f/0x4b0 [ 225.294623][ T17] ? dd_exit_queue+0x92/0xd0 [ 225.299218][ T17] ? kfree+0x1ec/0x2a0 [ 225.303451][ T17] blk_mq_sched_tags_teardown+0x126/0x210 [ 225.309532][ T17] ? dd_request_merge+0x230/0x230 [ 225.315023][ T17] blk_mq_exit_sched+0x1fa/0x2d0 [ 225.319984][ T17] elevator_exit+0x70/0xa0 [ 225.324421][ T17] __blk_release_queue+0x127/0x330 [ 225.329548][ T17] process_one_work+0x989/0x1790 [ 225.334523][ T17] ? pwq_dec_nr_in_flight+0x320/0x320 [ 225.340248][ T17] ? lock_acquire+0x16f/0x3f0 [ 225.345394][ T17] worker_thread+0x98/0xe40 [ 225.345427][ T17] kthread+0x354/0x420 [ 225.345439][ T17] ? process_one_work+0x1790/0x1790 [ 225.345450][ T17] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 225.345467][ T17] ret_from_fork+0x24/0x30 [ 225.345483][ T17] [ 225.345489][ T17] Allocated by task 9100: [ 225.345503][ T17] save_stack+0x23/0x90 [ 225.345514][ T17] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 225.345523][ T17] kasan_kmalloc+0x9/0x10 [ 225.345534][ T17] kmem_cache_alloc_trace+0x151/0x750 [ 225.345546][ T17] loop_add+0x51/0x8d0 [ 225.345555][ T17] loop_control_ioctl+0x165/0x360 [ 225.345566][ T17] do_vfs_ioctl+0xdb6/0x13e0 [ 225.345573][ T17] ksys_ioctl+0xab/0xd0 [ 225.345581][ T17] __x64_sys_ioctl+0x73/0xb0 [ 225.345594][ T17] do_syscall_64+0xfd/0x680 [ 225.345605][ T17] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 225.345608][ T17] [ 225.345612][ T17] Freed by task 9115: [ 225.345622][ T17] save_stack+0x23/0x90 [ 225.345632][ T17] __kasan_slab_free+0x102/0x150 [ 225.345641][ T17] kasan_slab_free+0xe/0x10 [ 225.345649][ T17] kfree+0x106/0x2a0 [ 225.345657][ T17] loop_remove+0xa1/0xd0 [ 225.345665][ T17] loop_control_ioctl+0x320/0x360 [ 225.345675][ T17] do_vfs_ioctl+0xdb6/0x13e0 [ 225.345684][ T17] ksys_ioctl+0xab/0xd0 [ 225.345691][ T17] __x64_sys_ioctl+0x73/0xb0 [ 225.345702][ T17] do_syscall_64+0xfd/0x680 [ 225.345713][ T17] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 225.345716][ T17] [ 225.345727][ T17] The buggy address belongs to the object at ffff888081b86d80 [ 225.345727][ T17] which belongs to the cache kmalloc-1k of size 1024 [ 225.345737][ T17] The buggy address is located 528 bytes inside of [ 225.345737][ T17] 1024-byte region [ffff888081b86d80, ffff888081b87180) [ 225.345741][ T17] The buggy address belongs to the page: [ 225.345754][ T17] page:ffffea000206e180 refcount:1 mapcount:0 mapping:ffff8880aa400ac0 index:0xffff888081b86000 compound_mapcount: 0 [ 225.345766][ T17] flags: 0x1fffc0000010200(slab|head) [ 225.345782][ T17] raw: 01fffc0000010200 ffffea000283ed08 ffffea000228e908 ffff8880aa400ac0 [ 225.345795][ T17] raw: ffff888081b86000 ffff888081b86000 0000000100000006 0000000000000000 [ 225.345799][ T17] page dumped because: kasan: bad access detected [ 225.345802][ T17] [ 225.345804][ T17] Memory state around the buggy address: [ 225.345812][ T17] ffff888081b86e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 225.345819][ T17] ffff888081b86f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 225.345826][ T17] >ffff888081b86f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 225.345829][ T17] ^ [ 225.345835][ T17] ffff888081b87000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 225.345842][ T17] ffff888081b87080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 225.345845][ T17] ================================================================== [ 225.345849][ T17] Disabling lock debugging due to kernel taint [ 225.369848][ T17] Kernel panic - not syncing: panic_on_warn set ... [ 225.379196][ T8391] kobject: '7:0' (000000005056026c): kobject_add_internal: parent: 'bdi', set: 'devices' [ 225.382505][ T17] CPU: 1 PID: 17 Comm: kworker/1:0 Tainted: G B 5.2.0-rc3-next-20190607 #11 [ 225.382511][ T17] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.382528][ T17] Workqueue: events __blk_release_queue [ 225.675812][ T17] Call Trace: [ 225.679099][ T17] dump_stack+0x172/0x1f0 [ 225.683737][ T17] panic+0x2cb/0x744 [ 225.687654][ T17] ? __warn_printk+0xf3/0xf3 [ 225.692446][ T17] ? blk_mq_free_rqs+0x49f/0x4b0 [ 225.697636][ T17] ? preempt_schedule+0x4b/0x60 [ 225.702585][ T17] ? ___preempt_schedule+0x16/0x18 [ 225.707770][ T17] ? trace_hardirqs_on+0x5e/0x220 [ 225.712850][ T17] ? blk_mq_free_rqs+0x49f/0x4b0 [ 225.717810][ T17] end_report+0x47/0x4f [ 225.721956][ T17] ? blk_mq_free_rqs+0x49f/0x4b0 [ 225.726971][ T17] __kasan_report.cold+0xe/0x36 [ 225.731823][ T17] ? blk_mq_free_rqs+0x49f/0x4b0 [ 225.736752][ T17] kasan_report+0x12/0x20 [ 225.741547][ T17] __asan_report_load8_noabort+0x14/0x20 [ 225.747165][ T17] blk_mq_free_rqs+0x49f/0x4b0 [ 225.751925][ T17] ? dd_exit_queue+0x92/0xd0 [ 225.756589][ T17] ? kfree+0x1ec/0x2a0 [ 225.760686][ T17] blk_mq_sched_tags_teardown+0x126/0x210 [ 225.766487][ T17] ? dd_request_merge+0x230/0x230 [ 225.771501][ T17] blk_mq_exit_sched+0x1fa/0x2d0 [ 225.776427][ T17] elevator_exit+0x70/0xa0 [ 225.780937][ T17] __blk_release_queue+0x127/0x330 [ 225.786316][ T17] process_one_work+0x989/0x1790 [ 225.791418][ T17] ? pwq_dec_nr_in_flight+0x320/0x320 [ 225.796888][ T17] ? lock_acquire+0x16f/0x3f0 [ 225.801659][ T17] worker_thread+0x98/0xe40 [ 225.806216][ T17] kthread+0x354/0x420 [ 225.810544][ T17] ? process_one_work+0x1790/0x1790 [ 225.815779][ T17] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 225.822448][ T17] ret_from_fork+0x24/0x30 [ 225.831677][ T17] Kernel Offset: disabled [ 225.836008][ T17] Rebooting in 86400 seconds..