[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 63.448227] audit: type=1800 audit(1543606725.493:25): pid=6614 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 63.467421] audit: type=1800 audit(1543606725.493:26): pid=6614 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 63.486834] audit: type=1800 audit(1543606725.523:27): pid=6614 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts. 2018/11/30 19:38:59 fuzzer started 2018/11/30 19:39:05 dialing manager at 10.128.0.26:34589 2018/11/30 19:39:05 syscalls: 1 2018/11/30 19:39:05 code coverage: enabled 2018/11/30 19:39:05 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/30 19:39:05 setuid sandbox: enabled 2018/11/30 19:39:05 namespace sandbox: enabled 2018/11/30 19:39:05 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/30 19:39:05 fault injection: enabled 2018/11/30 19:39:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/30 19:39:05 net packet injection: enabled 2018/11/30 19:39:05 net device setup: enabled 19:42:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000a40)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_INTERRUPT(r2, 0x4004ae99, &(0x7f0000000000)=0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) syzkaller login: [ 260.928205] IPVS: ftp: loaded support on port[0] = 21 [ 262.031955] ip (6793) used greatest stack depth: 53472 bytes left [ 263.286365] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.293184] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.302116] device bridge_slave_0 entered promiscuous mode [ 263.440655] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.447340] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.456214] device bridge_slave_1 entered promiscuous mode [ 263.592375] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 263.728384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 264.217284] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 264.429548] bond0: Enslaving bond_slave_1 as an active interface with an up link 19:42:06 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000040)) [ 264.817211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 264.824657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 265.203929] IPVS: ftp: loaded support on port[0] = 21 [ 265.583513] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 265.592058] team0: Port device team_slave_0 added [ 265.905953] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 265.914161] team0: Port device team_slave_1 added [ 266.095296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 266.102539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 266.111945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 266.330453] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 266.337623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 266.346748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 266.606396] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 266.614220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 266.623440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 266.849253] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 266.856987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 266.866220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 268.487959] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.494722] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.503868] device bridge_slave_0 entered promiscuous mode [ 268.730345] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.737360] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.746043] device bridge_slave_1 entered promiscuous mode [ 268.998264] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 269.253225] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 269.599892] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.606498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 269.613720] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.620213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 269.629462] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 269.762974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 269.918078] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 270.059258] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 270.218820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 270.226076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 270.523778] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 270.530853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 19:42:12 executing program 2: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) modify_ldt$write2(0x11, &(0x7f0000000000)={0x66d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x5, 0x64c}, 0x10) [ 271.455811] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 271.464188] team0: Port device team_slave_0 added [ 271.559516] IPVS: ftp: loaded support on port[0] = 21 [ 271.725696] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 271.734062] team0: Port device team_slave_1 added [ 272.073634] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 272.080736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 272.089927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 272.425877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 272.433112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 272.442296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 272.738607] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 272.746498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 272.755827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 272.959016] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 272.966831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 272.976103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 276.125248] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.131842] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.138817] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.145409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.154310] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 276.369171] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.375821] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.384775] device bridge_slave_0 entered promiscuous mode [ 276.720283] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.726883] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.735534] device bridge_slave_1 entered promiscuous mode [ 277.060955] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 277.082436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 277.358357] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 278.212768] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 278.535440] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 278.808902] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 278.816074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 19:42:21 executing program 3: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') [ 279.150371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 279.157642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 280.163853] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 280.172734] team0: Port device team_slave_0 added [ 280.481592] IPVS: ftp: loaded support on port[0] = 21 [ 280.644256] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 280.653087] team0: Port device team_slave_1 added [ 280.733872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 280.979871] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 280.987140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 280.996102] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 281.296396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 281.303697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 281.312613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 281.666010] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 281.674333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 281.683434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 282.035562] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 282.073453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 282.081085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 282.090172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 283.389714] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 283.396265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 283.404361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 284.750522] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.975849] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.982422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.989353] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.996000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.005212] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 286.155681] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.162437] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.172328] device bridge_slave_0 entered promiscuous mode [ 286.493070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 286.569250] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.575951] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.584772] device bridge_slave_1 entered promiscuous mode [ 286.950811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 287.335350] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 288.301446] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 288.657383] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 289.066389] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 289.073623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 289.462636] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 289.469761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 289.498598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.421901] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 290.429956] team0: Port device team_slave_0 added [ 290.658016] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 19:42:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) semget$private(0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0xc08, 0x52, &(0x7f0000000480), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000540)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000500), 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000680)=0x14) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x1000, 0x5, [0x0, 0x0, 0x1000, 0x1, 0x9]}, 0x0) sendmsg$IPVS_CMD_ZERO(r1, &(0x7f00000003c0)={&(0x7f0000000000), 0xc, &(0x7f0000000380)}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 290.883349] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 290.891435] team0: Port device team_slave_1 added [ 291.328907] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 291.336179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 291.345306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 291.765712] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 291.772894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 291.781902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 292.113265] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 292.141838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 292.150933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 292.318018] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 292.324582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 292.332902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 292.363800] IPVS: ftp: loaded support on port[0] = 21 [ 292.576327] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 292.584241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 292.593525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 293.173920] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 19:42:35 executing program 0: syz_execute_func(&(0x7f0000000140)="3666440f50f564ff0941c366440f56c9c4c27d794e0066420fe2e3f347aac442019dccd3195be1") fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$inet(0x2, 0x2, 0x7, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) recvfrom$inet(r0, 0x0, 0x9d, 0x0, 0xfffffffffffffffe, 0x10000015f) 19:42:35 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x381600, 0x0) ioctl$VIDIOC_G_MODULATOR(r1, 0xc0445636, &(0x7f0000000040)={0x285, "4334cbb7bae1c3d77f15a9341000000000000000000000000000000000004000", 0x2d, 0x22, 0x0, 0x4, 0x6}) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000003cc0)={0x0, @in={{0xa, 0x0, @multicast1}}, 0x0, 0x6000, 0x0, 0x0, 0x300}, 0x9c) [ 293.997752] 8021q: adding VLAN 0 to HW filter on device team0 19:42:36 executing program 0: capset(&(0x7f00002d0ff8)={0x19980330}, &(0x7f0000cc0000)) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = accept4(r0, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @broadcast}}, &(0x7f0000000080)=0x80, 0x80800) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f00000000c0)=ANY=[@ANYBLOB="0600000005000304000200"], &(0x7f0000000100)=0x10) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000600)={{{@in6=@mcast2, @in6=@remote, 0x4e21, 0x0, 0x0, 0x0, 0x3, 0x80000, 0x0, 0x4000000000000}, {}, {0x0, 0x0, 0x9}}, {{@in=@remote}, 0x0, @in6=@remote}}, 0xe8) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000140)=0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000180)={0x0, 0x7}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000240)={0x0, 0x200}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f00000002c0)={r3, 0xe645, 0x9, 0xe4, 0x5, 0x5, 0x7, 0x100000001, {r4, @in={{0x2, 0x4e23, @local}}, 0xffffffff, 0xfffffffffffeffff, 0x1000, 0x10000, 0x4}}, &(0x7f0000000380)=0xb0) sched_getattr(r2, &(0x7f00000001c0), 0x30, 0x0) accept$alg(r1, 0x0, 0x0) [ 294.445779] capability: warning: `syz-executor0' uses 32-bit capabilities (legacy support in use) 19:42:36 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d06403162c52244e7") r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="020b000007000000000021002d54036205001a001000e0c99f3d653c00f0ff9da499df0000210000000000000071ccb0d15f6265d26408e075"], 0x39}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x20, 0x0) 19:42:37 executing program 0: socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000100)) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x48002, 0x0) set_thread_area(&(0x7f0000000140)={0xd031, 0xffffffffffffffff, 0x1000, 0x7aa044d3, 0x3, 0x98, 0xcaec, 0xfffffffffffffff7, 0x0, 0x4}) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000080)) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x4000) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x2, 0x30}, &(0x7f00000002c0)=0xc) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000300)={r2, 0x38b}, &(0x7f0000000400)=0x8) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000440)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000ca0000000a2c5178551bbbb00be0544c804a7c64eb87d8c609234aa31e9f6814311b08a1fd2e4ef08f81d708f99db8b35c6f9cb828f7d9a467ac84646f196441f024fc475f1bb2d1b60a9898b9896db4473ef4b36a1deedff4cd46a9e3345085fc97158f4e813a0279cf9b3a633d1161096e8f37f20b4059c3203b76d5c6c089ef01dbb1a69b96d67eb4fcc2febf48194b6edc0002e67a667e22ea7dd879e0187791a695e3e25a977030c2d64170c06f7c9d2d99f60f2be0dfa5242e929ff333707f2c7c3e1a92b04dee71ff73fb44c1f582ffcc41f11d53438cdeeeef9b7000279e60303ab0756c0c14cb3f048ad5004dc6fe075063d3c2e8c38b2cddc29a2e22"], &(0x7f0000000240)=0xee) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x6) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x0, 0x0) readv(r3, &(0x7f0000000700)=[{&(0x7f0000000340)=""/12, 0xc}, {&(0x7f0000000380)=""/67, 0x43}], 0x2) [ 295.534311] dlm: non-version read from control device 67 [ 295.681537] dlm: non-version read from control device 67 19:42:38 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f00000006c0)={'team0\x00', {0x2, 0x0, @loopback}}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20000, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000180)={0x2, &(0x7f0000000040)=[{}, {}]}) signalfd(r0, &(0x7f00000001c0)={0x3}, 0x8) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0xfff, 0x333, 0x2, 0x0, 0xf5}) 19:42:38 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x88811, r0, 0x0) socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000000040)) 19:42:38 executing program 0: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) close(r0) r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) get_thread_area(&(0x7f0000000000)={0x1, 0x20000800, 0x1000, 0x100000000, 0x7, 0x6, 0x1000000000000, 0x0, 0xc036, 0xffffffff}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) madvise(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x9) [ 297.433044] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.439544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.446620] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.453194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.462067] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 298.332449] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 299.054460] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.060941] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.069749] device bridge_slave_0 entered promiscuous mode [ 299.451612] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.458269] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.467126] device bridge_slave_1 entered promiscuous mode [ 299.826504] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 300.084666] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 300.853184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.124436] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 301.477542] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 301.793350] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 301.800417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 302.119885] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 302.127192] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 302.154824] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 19:42:44 executing program 1: r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000034000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}}, 0xffffff3d) clone(0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000e5f000)=0xffffffffffffff3e) [ 303.290579] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 303.298814] team0: Port device team_slave_0 added [ 303.465330] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 303.491912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 303.499833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 303.647671] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 303.656345] team0: Port device team_slave_1 added [ 303.835547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 303.842747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 303.851532] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 304.008057] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 304.015366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 304.024254] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 304.242445] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 304.250066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 304.259296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 304.405750] 8021q: adding VLAN 0 to HW filter on device team0 [ 304.480906] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 304.488592] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 304.497665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 307.037860] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.044434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 307.051387] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.058009] bridge0: port 1(bridge_slave_0) entered forwarding state [ 307.066734] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 307.073530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 308.581461] 8021q: adding VLAN 0 to HW filter on device bond0 19:42:51 executing program 2: [ 309.405021] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 309.913605] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 309.920007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 309.928047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 310.444345] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.348112] 8021q: adding VLAN 0 to HW filter on device bond0 19:42:55 executing program 3: [ 313.819713] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 314.147818] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 314.154143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 314.162133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 314.445112] 8021q: adding VLAN 0 to HW filter on device team0 [ 316.447658] hrtimer: interrupt took 44825 ns 19:42:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) semget$private(0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0xc08, 0x52, &(0x7f0000000480), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000540)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000500), 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000680)=0x14) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x1000, 0x5, [0x0, 0x0, 0x1000, 0x1, 0x9]}, 0x0) sendmsg$IPVS_CMD_ZERO(r1, &(0x7f00000003c0)={&(0x7f0000000000), 0xc, &(0x7f0000000380)}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:42:58 executing program 0: r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) close(r0) r1 = memfd_create(&(0x7f0000000140)="000000008c00000000000000000000", 0x0) pwritev(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1, 0x81003) get_thread_area(&(0x7f0000000000)={0x1, 0x20000800, 0x1000, 0x100000000, 0x7, 0x6, 0x1000000000000, 0x0, 0xc036, 0xffffffff}) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) madvise(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x9) 19:42:58 executing program 5: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x4, 0x51d, 0x80000001, 0xffffffff, 0x9260}, &(0x7f0000000080)=0x14) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={r1, 0x7f, 0x4, 0x1}, 0x10) set_mempolicy(0x0, &(0x7f0000000100)=0x1ff, 0x6) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000140)=""/187, &(0x7f0000000200)=0xbb) connect$pppoe(r0, &(0x7f0000000240)={0x18, 0x0, {0x0, @broadcast, 'team_slave_1\x00'}}, 0x1e) sendfile(r0, r0, &(0x7f0000000280), 0x55) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f00000002c0), &(0x7f0000000300)=0x4) ioctl$void(r0, 0x5451) ioctl$TIOCSCTTY(r0, 0x540e, 0x1f) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000340), &(0x7f0000000380)=0x4) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000003c0), &(0x7f0000000400)=0x14) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000440)={0x3, {{0x2, 0x4e21, @remote}}, 0x1, 0x1, [{{0x2, 0x4e23, @local}}]}, 0x110) setxattr$trusted_overlay_upper(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)='trusted.overlay.upper\x00', &(0x7f0000000600)={0x0, 0xfb, 0x4f, 0x2, 0x1, "d57349316c19f61462c937ac40281f68", "cc71b4beb89a66daeacc1cffb975ec072d2338b64e697993b0fde35b4789ab6939aedb4314e401e8efc6f0a5b427ab305198055d3ae2c5f92099"}, 0x4f, 0x1) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000680)=0x0) ptrace(0x11, r2) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000006c0)="c1ac41ce1347dbb6ada9ba4387dac7ae", 0x10) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000700)={r1, 0x2, 0x800}, &(0x7f0000000740)=0x8) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000780)=0x5, 0x4) socket$inet_sctp(0x2, 0x1, 0x84) r3 = semget(0x2, 0x3, 0x42) getresuid(&(0x7f00000007c0), &(0x7f0000000800)=0x0, &(0x7f0000000840)) getresgid(&(0x7f0000000880), &(0x7f00000008c0)=0x0, &(0x7f0000000900)) r6 = geteuid() stat(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000a00)={{0x2, r4, r5, r6, r7, 0xf3, 0x398}, 0x5, 0x8, 0x6}) ioctl$TIOCLINUX5(r0, 0x541c, &(0x7f0000000a80)={0x5, 0x4, 0x80000000, 0x9, 0x1ff}) fchmodat(r0, &(0x7f0000000ac0)='./file0\x00', 0x100) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000b00), &(0x7f0000000b80)=0x60) 19:42:58 executing program 2: 19:42:58 executing program 3: 19:42:58 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000701000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000000000012d640500000000006504040000000000070400000100bbccb7050000000000006a0a00fe00000000850000001a000000b7000100000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0xfa, 0x541400) write$binfmt_misc(r0, &(0x7f0000000740)={'syz0', "ed6db76b1679f5b9c27d9ef49956e68706ab500d63a9122aeaa5ee21eef6594f792748e5ba0d7cc5647a7f7462c103f3e623de9ade126aa37bed43cb5ad890e46a4b6b466153e8fa"}, 0x4c) sendmsg$kcm(r1, &(0x7f0000000700)={&(0x7f0000000140)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x80, &(0x7f0000000380)=[{&(0x7f00000001c0)="67c2a9ce51418483a6db97affd56c6c47a3af06e188e8344999e6d9f6b2b466a8372af638132cc1cfde2b8d8edc8d310fd27b1ac3e6d17eab8d0e98f42bb5b02a30691", 0x43}, {&(0x7f0000000240)="0d9704611a9a9a52270a1887d1c8d0d9fb7636efccce6d4c2642150f33d305d520d85bc0d56398389180e899554251c5d0a4e73a8acbe11aee85b62286f3c8f1e89ae3e065e522eb3fbf41f47e97028cee80323e24fee7ed20a466b7097f3106928ced650dd7025e0c984f537f4e86e44c02b1948b818cdc0684623c38ac40bf4c3b37fe456a482a176c79fd8ad3df6bb4746506be8135855dd2ecbc2afa55f03e405b6fcc3a18dc41a0e20f7413caa51b991d34f154cfb85501272a3497abe8dac3991cadfd2095b30174a79740ec49ec2174bc0ed46c7ce83bb4d46b74e9f8ac284c72d12c3707d65ed220cd45a8c3a43f06dac3f7", 0xf6}, {&(0x7f00000000c0)="0e69463f0ac5b0913f078c56e1c1dc2cf44d70ad35fbcafb0e193478030f3ea6fcd479574548074bab5fe6997daa46a1c6914e4f31fa", 0x36}, {&(0x7f0000000340)="9e6ad2348dda8ac309c596db2f2dafca2f3ee8f9dc2a00e5a7a2aab4e70b991a9ff9179f67d923a3ae79c27d", 0x2c}], 0x4, &(0x7f00000003c0)=[{0xd8, 0x11b, 0x9, "1d593f92b3bb1e7923345f6fe8086b16b036ec4ca43231e4bb88a45e740a19b9ea58fa9c697709af85b6a8d6bc8f1d314535581efd6417e66bb5b5c97e021d0f1ee265e161e1787f9832a917e70239401a28e4f850a3d75c66dcbbc78e588e0d279c7842ba9f1f11d44f1ef5b953cc3e73cea02a81a9d543025c44e05de9d27fb3e1b92a3b71c5e16664b9a083eae6a26db098d464f9159dfc6ba5451048669802f44f0ab968e1b80cfc2093b6f73eff767f4ea1eab1e47559d6032136c5e870d4cb"}, {0x78, 0x109, 0x93, "c7835a0f5643c0fc61eb88ebbb71d5484618689b19cd2bb5382ca3ec3845a0abf4a29e7cb993b2f28ee33b2b7f429356117fe46e3e0d1962ecd2edff59346f983e329a52891eb7b2b5b547083e4bbddc80dad3862efd12ffa90e5b80fafde2abd3f2de"}, {0xd0, 0x11f, 0x3, "33b68b5c2163ffd48c5a1b8088814f15b16e52466eb97adda4caf96a6650c025672b968cdc2563396d611e03c704cecc73d7b040ff0a683cecbb97f34327aca927420630402a0bc9602f309d88e4286ff121159a07abddbea7059caff8feb148884ab609564de455526dcd7044df1180ddb8e9276665014dbffe943a4e372b4863a1c25ef98650f24112b7f5a239d16980f498571bf9bc0c7e50844606865a9508068935d34e070b336f54cf2ac63785da861ff5f1fa8e07e12d7a1399"}, {0x108, 0x115, 0x7ff, "988bb7b583c58a9aa2bddeca08bbb86004b2633b4f8b2fd6f46ad00425bdac913c78be0d9f197bea8b4b0a116e28da3dff8fb5fe2aaee4ed45ed92d8946ec404be6824628eb83e286bb228ca0936288fab7b807cea4a9fa85444220e64e7dcaf3d13b302d67d00f611b3d0c8bdc1e0ecdecbd5281c81ef27c70f41284aaf8f1fe4c3782710756ce202453f6b482696c07e29ad32ba97030ad5d283f61287431067beec9ee93818d92c819a5ae0b2b4c11119fb25fe5107adf91f7289467839516bb5b8e8078caaf9e98d236c343d88ad36226fa1c822edb222ab2f091dfc5f20c51ed36f2da8f40b2ddd6b824a704a72b1"}], 0x328, 0x800}, 0x24044000) 19:42:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) semget$private(0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0xc08, 0x52, &(0x7f0000000480), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000540)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000500), 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000680)=0x14) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x1000, 0x5, [0x0, 0x0, 0x1000, 0x1, 0x9]}, 0x0) sendmsg$IPVS_CMD_ZERO(r1, &(0x7f00000003c0)={&(0x7f0000000000), 0xc, &(0x7f0000000380)}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:42:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) semget$private(0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0xc08, 0x52, &(0x7f0000000480), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000540)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000500), 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000680)=0x14) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x1000, 0x5, [0x0, 0x0, 0x1000, 0x1, 0x9]}, 0x0) sendmsg$IPVS_CMD_ZERO(r1, &(0x7f00000003c0)={&(0x7f0000000000), 0xc, &(0x7f0000000380)}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:42:59 executing program 1: 19:42:59 executing program 3: 19:42:59 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) semget$private(0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0xc08, 0x52, &(0x7f0000000480), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000540)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000500), 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000680)=0x14) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x1000, 0x5, [0x0, 0x0, 0x1000, 0x1, 0x9]}, 0x0) sendmsg$IPVS_CMD_ZERO(r1, &(0x7f00000003c0)={&(0x7f0000000000), 0xc, &(0x7f0000000380)}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:42:59 executing program 3: 19:43:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0xc08, 0x0, &(0x7f0000000480), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000540)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000500), 0x0) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e7, &(0x7f00000002c0)) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x1000, 0x5, [0xfffffffffffffff7, 0x0, 0x1000, 0x1, 0x9]}, &(0x7f0000000100)=0x12) sendmsg$IPVS_CMD_ZERO(r1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:43:00 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00007b1000), 0x4) mbind(&(0x7f00003b5000/0x800000)=nil, 0x800000, 0x0, &(0x7f0000000080), 0x1, 0x3) [ 318.882180] IPVS: ftp: loaded support on port[0] = 21 [ 320.420332] bridge0: port 1(bridge_slave_0) entered blocking state [ 320.426916] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.435026] device bridge_slave_0 entered promiscuous mode [ 320.509339] bridge0: port 2(bridge_slave_1) entered blocking state [ 320.515911] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.524067] device bridge_slave_1 entered promiscuous mode [ 320.597932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 320.670747] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 320.893808] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 320.972952] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 321.133730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 321.140759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 321.374448] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 321.382451] team0: Port device team_slave_0 added [ 321.456766] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 321.464507] team0: Port device team_slave_1 added [ 321.539521] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 321.616997] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 321.696528] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 321.704588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 321.713548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 321.789070] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 321.796447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 321.805489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 322.655808] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.662339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 322.669125] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.675688] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.683687] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 323.081947] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 325.709190] 8021q: adding VLAN 0 to HW filter on device bond0 [ 325.992407] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 326.351364] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 326.358725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 326.366811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 326.671071] 8021q: adding VLAN 0 to HW filter on device team0 19:43:10 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000100)={0x0, {{0x2, 0x0, @dev}}, 0x0, 0x7, [{{0x2, 0x4e23, @broadcast}}, {{0x2, 0x4e22, @loopback}}, {{0x2, 0x4e23, @loopback}}, {{0x2, 0x4e24, @broadcast}}, {{0x2, 0x4e22, @rand_addr=0x5}}, {{0x2, 0x4e22}}, {{0x2, 0x4e21}}]}, 0x410) 19:43:10 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) clone(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) 19:43:10 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='syscall\x00') sendfile(r0, r1, 0x0, 0x7) 19:43:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) semget$private(0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0xc08, 0x52, &(0x7f0000000480), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000540)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000500), 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000680)=0x14) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x1000, 0x5, [0x0, 0x0, 0x1000, 0x1, 0x9]}, 0x0) sendmsg$IPVS_CMD_ZERO(r1, &(0x7f00000003c0)={&(0x7f0000000000), 0xc, &(0x7f0000000380)}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:43:10 executing program 2: pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_selinux(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) io_setup(0x9, &(0x7f0000000040)=0x0) io_submit(r2, 0x30b, &(0x7f0000001700)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000080), 0x10}]) pipe(&(0x7f0000002a80)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r4, &(0x7f0000000300)=[{&(0x7f0000000280)='\'', 0x1}], 0x1) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0) tee(r3, r1, 0x8, 0x0) 19:43:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0xc08, 0x0, &(0x7f0000000480), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000540)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000500), 0x0) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e7, &(0x7f00000002c0)) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x1000, 0x5, [0xfffffffffffffff7, 0x0, 0x1000, 0x1, 0x9]}, &(0x7f0000000100)=0x12) sendmsg$IPVS_CMD_ZERO(r1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:43:10 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)="7374617475730042236739c16d17f90dc22322c94f133520785e91ea85ae107cc3819819c263540b1de1ba201e6de4b75a50115091eed530aa482e36594601ceb5d169c5baf41b35d8a5a09a82496613d86023865b57ef269f90d304969f687df53b611b40a44291b5a882208fbb835e54a41310a3b481d5bdbb0981742909a63b7cd1a18d405e5b011bfbe5a4d5bf299447e4c0dd4b63a367211c0078238b509d614100d33a5584aa3b3cb9b99e6e5f84719294d41b27117c47fb4f2b2be475eb25d5f69b6d10cf8422cade570c087b03f6b1818bc97077db23") write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c460000800000000000000a0000000000000000000079030000000000204000000000000000ab00000000000000000000000000380000000000000000000000000000000000000000000000000000000000000000000000ffff00000000000000000000000000000000000000000000c2a3d27bd88efcf9bf892edbe0e0dff636085557fcc4d5d0b86b7e8800af5700e7f54040f41d0a6a31d20c72ea037ae542d7522ec71bafb01dd16eeb0db9b364f763f71b56713124bfa4cbc45447387f7ef18fe42220a2ee17893fb8707af149981c000549e18cf57c56e3b61aeb3614441382a1ab0b94190e75ab2e6b1bc6ed899f9ac5f7e8c5f7a25b9d0d1f9b7a211d9e9edad85386481343d9c90d1786ae42e2c73e55f72d8ab763fef92120c46f32f1af7f9b4645a800000000d4c672f880041e03102aa84b7b8937ca85f551c24c36f863e934f4bd29f96de11c6eaace96fbc265bfcb7913601c12ec1abdd9086ba65d2dbf9685b34af5ceb4cf4ef1c6baf938702faa0fa7040d2134ea8109c31f6d240a9c63bb9a2b8cd7aff71cd68d428cd7b89618eabf479ef7ffb5b2bdfc79fa5ea424d57c9122bd1a7d324beca05d909766a6933f8424e601a8f28319425371125e11825f89b3af5d52e74f4605b695462b9ab625a3f8589660cd8fa3"], 0x1e1) memfd_create(&(0x7f0000000640)="7374617475730042236739c16d17f90dc22322c94f133520785e91ea85ae107cc3819819c263540b1de1ba201e6de4b75a50115091eed530aa482e36594601ceb5d169c5baf41b35d8a5a09a82496613d86023865b57ef269f90d304969f687df53b611b40a44291b5a882208fbb835e54a41310a3b481d5bdbb0981742909a63b7cd1a18d405e5b011bfbe5a4d5bf299447e4c0dd4b63a367211c0078238b509d614100d33a5584aa3b3cb9b99e6e5f84719294d41b27117c47fb4f2b2be475eb25d5f69b6d10cf8422cade570c087b03f6b1818bc97077db23", 0x0) setgroups(0x2a7, &(0x7f0000000140)) sendfile(r0, r1, 0x0, 0x4) 19:43:11 executing program 0: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/14, 0xe}], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x80000003, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000b2e000/0x1000)=nil) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffd000/0x2000)=nil) 19:43:11 executing program 2: openat$null(0xffffffffffffff9c, 0x0, 0x200000, 0x0) futex(0x0, 0x8b, 0x0, 0x0, &(0x7f0000000000), 0x1) 19:43:11 executing program 3: ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0) r0 = syz_open_dev$usb(0x0, 0x205, 0x105002) set_mempolicy(0x4003, &(0x7f0000000140)=0x6, 0x9) r1 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x44000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000001c0)={0x0, 0x74, &(0x7f0000000380)=[@in6={0xa, 0x4e20, 0x5, @mcast1, 0x10001}, @in6={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, [], 0xd}, 0xfffffffffffffff8}, @in6={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, [], 0x20}}, @in={0x2, 0x0, @loopback}, @in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000480)={r2}, &(0x7f00000004c0)=0x8) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000280)) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000580)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a9061", 0x1f) r4 = accept$alg(r3, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0xbd}], 0x30}], 0x1, 0x0) write$binfmt_script(r4, 0x0, 0x0) recvmmsg(r4, &(0x7f0000006240)=[{{0x0, 0x0, &(0x7f0000005040)=[{&(0x7f0000004d80)=""/140, 0x8c}, {&(0x7f0000004fc0)=""/109, 0x6d}], 0x2}}], 0x1, 0x0, &(0x7f0000006440)={0x77359400}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) fallocate(r1, 0x0, 0x0, 0xa6ba0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) io_submit(r5, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000000000, 0xc00000000000000, 0x8, 0x1, 0x44030000000000, r1, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00}]) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x5c831, 0xffffffffffffffff, 0x0) r6 = add_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$clear(0x7, r6) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000bc0)=0x14) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000280)={0x1f, 0x28, &(0x7f0000000240)="70b11efcaeb3a53c6e16a5c0789ef984ba8e580fbe920cb2e1c35d51078640f368dbd25805165014"}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) 19:43:11 executing program 5: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000280)=[@decrefs, @dead_binder_done], 0x0, 0x0, &(0x7f0000000600)}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 19:43:11 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001a00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000008000)=ANY=[@ANYBLOB="850000002200000007000000005dde009500000000000000"], 0x0, 0x2, 0x1000, &(0x7f0000014000)=""/4096}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x0, 0x4a, 0x0, &(0x7f0000001780)="e4600192060006c1066227bc86dd6a000000000704eb305660319056115082553800800000000000e8d5004cf35074700000010000eb590065586181dcbd848b4ac151f9e841b83c0b41", 0x0, 0xeb59}, 0x28) 19:43:11 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$inet6(0xa, 0x4000000000000003, 0x2) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0x0, 0x8}}, 0x1c) 19:43:11 executing program 1: r0 = socket$inet(0x2b, 0x1, 0x0) r1 = socket$inet6(0xa, 0x400000000000803, 0x3) ioctl(r1, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c127285718070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x3, &(0x7f00000003c0)='tls\x00', 0x1b5) 19:43:12 executing program 5: r0 = fanotify_init(0x0, 0x0) fanotify_mark(r0, 0x7e, 0x40000000, 0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00') 19:43:12 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) socketpair(0x9, 0x80807, 0xad, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000000080)={0x3b, 0x6, 0x0, {0x4, 0x4, 0x12, 0x0, '/dev/loop-control\x00'}}, 0x3b) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 19:43:12 executing program 2: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/14, 0xe}], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x80000003, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffd000/0x3000)=nil) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffd000/0x2000)=nil) 19:43:12 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'ofb(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ad56b6c5820fae9d6dcd3292ea54c7beef", 0x11) 19:43:12 executing program 3: ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0) r0 = syz_open_dev$usb(0x0, 0x205, 0x105002) set_mempolicy(0x4003, &(0x7f0000000140)=0x6, 0x9) r1 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x44000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000001c0)={0x0, 0x74, &(0x7f0000000380)=[@in6={0xa, 0x4e20, 0x5, @mcast1, 0x10001}, @in6={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, [], 0xd}, 0xfffffffffffffff8}, @in6={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, [], 0x20}}, @in={0x2, 0x0, @loopback}, @in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000480)={r2}, &(0x7f00000004c0)=0x8) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000280)) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000580)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a9061", 0x1f) r4 = accept$alg(r3, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0xbd}], 0x30}], 0x1, 0x0) write$binfmt_script(r4, 0x0, 0x0) recvmmsg(r4, &(0x7f0000006240)=[{{0x0, 0x0, &(0x7f0000005040)=[{&(0x7f0000004d80)=""/140, 0x8c}, {&(0x7f0000004fc0)=""/109, 0x6d}], 0x2}}], 0x1, 0x0, &(0x7f0000006440)={0x77359400}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) fallocate(r1, 0x0, 0x0, 0xa6ba0) io_setup(0x40000100000003, &(0x7f0000000200)=0x0) io_submit(r5, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000000000, 0xc00000000000000, 0x8, 0x1, 0x44030000000000, r1, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00}]) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x5c831, 0xffffffffffffffff, 0x0) r6 = add_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$clear(0x7, r6) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000bc0)=0x14) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000280)={0x1f, 0x28, &(0x7f0000000240)="70b11efcaeb3a53c6e16a5c0789ef984ba8e580fbe920cb2e1c35d51078640f368dbd25805165014"}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) 19:43:14 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) renameat(r1, &(0x7f00000001c0)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", r1, &(0x7f0000000000)='./file0\x00') 19:43:14 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000000000)="1f00000002031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) writev(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1f0000000203193b000007000000068100023b05090003000b004042040058", 0x1f}], 0x1) 19:43:14 executing program 5: r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/14, 0xe}], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x3, &(0x7f000060f000/0x2000)=nil) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffd000/0x2000)=nil) 19:43:14 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000)='/dev/ptmx\x00', 0x1000002, 0x0) write(r0, &(0x7f0000caf000)="9c", 0x1) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x0) 19:43:14 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00007b1000), 0x4) mbind(&(0x7f00003b5000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3) [ 332.858820] netlink: 'syz-executor4': attribute type 3 has an invalid length. [ 332.920974] netlink: 'syz-executor4': attribute type 3 has an invalid length. 19:43:15 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 19:43:15 executing program 3: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4002, 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) sendfile(r0, r0, &(0x7f0000000140), 0x8800000) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) 19:43:15 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) 19:43:15 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00007b1000), 0x4) mbind(&(0x7f00003b5000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x1, 0x3) 19:43:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000140)="420fb507b805000000b98de92d630f01c1f2430f3566b869008ec0f0814b00ec480000470f017a00f3f7e4470f017cc0423e26460f21f6410f01df", 0x3b}], 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x100000004000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 19:43:15 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$packet(r0, &(0x7f00000001c0), 0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000002fd8)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000000)={&(0x7f0000004000)={0x1d, r1}, 0x10, &(0x7f0000002ff0)={&(0x7f0000000040)={0x1, 0x802, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "164a92b7d6358879d9f0373865b5b0ef54ee3d556f3a1c08dfc1d956c0c0591550f32c15a0dc1c833756d2ebef036b61087e44378a7a6331d294c1b273a9610d"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000eff0)={&(0x7f0000002100)={0x3, 0xfffffffffffffffc, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "3e9681a5f6d27a82c5bdb8223ce54be7906dfdf29099c61609ae011540ea3f8e16bc3d9768c7d98e0f360c31eef7485055e1b4331b7020967c5bd2fcc5cdddf1"}}, 0x80}}, 0x0) 19:43:15 executing program 3: r0 = socket$inet6(0xa, 0x10000080003, 0xff) connect$inet6(r0, &(0x7f0000000180), 0x1c) write(r0, &(0x7f00000011c0)="3cb46accad4b51ac32d80838a5b8469faaf2834d413b3b4e0df29ec36edbbe67bc43fe6f8cd6ca5a", 0x28) 19:43:15 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x400000000001, 0x0) ioctl$EVIOCGREP(r0, 0x80084504, &(0x7f0000000100)=""/124) 19:43:16 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x9, &(0x7f0000000040)=0x0) io_submit(r0, 0x1, &(0x7f0000000840)=[&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0}]) 19:43:17 executing program 4: socketpair$unix(0x1, 0x400000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) flistxattr(r0, 0x0, 0x0) 19:43:17 executing program 5: 19:43:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="0000003500000000000000000000dfff0000000000000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1}}, 0x0) 19:43:17 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$packet(r0, &(0x7f00000001c0), 0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000002fd8)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000000)={&(0x7f0000004000)={0x1d, r1}, 0x10, &(0x7f0000002ff0)={&(0x7f0000000040)={0x1, 0x802, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "164a92b7d6358879d9f0373865b5b0ef54ee3d556f3a1c08dfc1d956c0c0591550f32c15a0dc1c833756d2ebef036b61087e44378a7a6331d294c1b273a9610d"}}, 0x80}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000000c0)={&(0x7f0000010ff0)={0x1d, r1}, 0x10, &(0x7f000000eff0)={&(0x7f0000002100)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "3e9681a5f6d27a82c5bdb8223ce54be7906dfdf29099c61609ae011540ea3f8e16bc3d9768c7d98e0f360c31eef7485055e1b4331b7020967c5bd2fcc5cdddf1"}}, 0x200000f8}}, 0x0) 19:43:17 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffffffffe, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto(r0, &(0x7f0000001180)="8a", 0x1, 0x20048040, 0x0, 0x0) close(r0) 19:43:17 executing program 1: 19:43:17 executing program 1: ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x100000000}) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000180)) ptrace(0x10, r0) tkill(r0, 0x24) ptrace$poke(0x4209, r0, &(0x7f00000000c0), 0x70f000) [ 335.509560] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 19:43:17 executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f00000014c0)={&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x7f}, 0x10, &(0x7f0000001340), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000000000000000000000100000000000000"], 0x18}, 0x0) 19:43:17 executing program 3: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDENTROPY(r0, 0x5207, 0x0) [ 335.802701] ================================================================== [ 335.810164] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x19a/0x230 [ 335.816743] CPU: 1 PID: 8613 Comm: syz-executor1 Not tainted 4.20.0-rc3+ #100 [ 335.824048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.833437] Call Trace: [ 335.836079] dump_stack+0x32d/0x480 [ 335.839758] ? _copy_to_user+0x19a/0x230 [ 335.843881] kmsan_report+0x12c/0x290 [ 335.848036] kmsan_internal_check_memory+0x514/0xa50 [ 335.853191] ? do_page_fault+0x98/0xd0 [ 335.857155] kmsan_copy_to_user+0x78/0xd0 [ 335.861355] _copy_to_user+0x19a/0x230 [ 335.865302] copy_siginfo_to_user+0x80/0x160 [ 335.869780] ptrace_request+0x24a5/0x2900 [ 335.873990] ? __msan_poison_alloca+0x1e0/0x270 [ 335.878726] ? arch_ptrace+0x89/0x1150 [ 335.882676] ? __se_sys_ptrace+0x46c/0x990 [ 335.886970] arch_ptrace+0xb66/0x1150 [ 335.890827] __se_sys_ptrace+0x46c/0x990 [ 335.894952] __x64_sys_ptrace+0x56/0x70 [ 335.898966] do_syscall_64+0xcf/0x110 19:43:17 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) [ 335.902804] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 335.908041] RIP: 0033:0x457569 [ 335.911356] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 335.933334] RSP: 002b:00007fc9da8c1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 335.944394] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 335.951702] RDX: 00000000200000c0 RSI: 0000000000000123 RDI: 0000000000004209 [ 335.959024] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 335.966334] R10: 000000000070f000 R11: 0000000000000246 R12: 00007fc9da8c26d4 [ 335.973646] R13: 00000000004c3882 R14: 00000000004d5ce0 R15: 00000000ffffffff [ 335.980980] [ 335.982652] Local variable description: ----kiov@ptrace_request [ 335.988740] Variable was created at: [ 335.992505] ptrace_request+0x1a9/0x2900 [ 335.996609] arch_ptrace+0xb66/0x1150 [ 336.000426] 19:43:18 executing program 2: [ 336.002085] Bytes 0-15 of 48 are uninitialized [ 336.006688] Memory access of size 48 starts at ffff88811933fd50 [ 336.012783] Data copied to user address 000000000070f000 [ 336.018269] ================================================================== [ 336.025656] Disabling lock debugging due to kernel taint [ 336.031128] Kernel panic - not syncing: panic_on_warn set ... [ 336.037182] CPU: 1 PID: 8613 Comm: syz-executor1 Tainted: G B 4.20.0-rc3+ #100 19:43:18 executing program 5: [ 336.045888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 336.055276] Call Trace: [ 336.057908] dump_stack+0x32d/0x480 [ 336.061594] panic+0x624/0xc08 [ 336.064878] kmsan_report+0x28a/0x290 [ 336.068745] kmsan_internal_check_memory+0x514/0xa50 [ 336.073897] ? do_page_fault+0x98/0xd0 [ 336.077853] kmsan_copy_to_user+0x78/0xd0 [ 336.082050] _copy_to_user+0x19a/0x230 [ 336.085991] copy_siginfo_to_user+0x80/0x160 [ 336.090445] ptrace_request+0x24a5/0x2900 [ 336.094650] ? __msan_poison_alloca+0x1e0/0x270 [ 336.099373] ? arch_ptrace+0x89/0x1150 [ 336.103309] ? __se_sys_ptrace+0x46c/0x990 [ 336.107595] arch_ptrace+0xb66/0x1150 [ 336.111471] __se_sys_ptrace+0x46c/0x990 [ 336.115612] __x64_sys_ptrace+0x56/0x70 [ 336.119634] do_syscall_64+0xcf/0x110 [ 336.123581] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 336.128818] RIP: 0033:0x457569 [ 336.132057] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 336.151005] RSP: 002b:00007fc9da8c1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 336.158771] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 336.166586] RDX: 00000000200000c0 RSI: 0000000000000123 RDI: 0000000000004209 [ 336.173895] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 336.181294] R10: 000000000070f000 R11: 0000000000000246 R12: 00007fc9da8c26d4 [ 336.188609] R13: 00000000004c3882 R14: 00000000004d5ce0 R15: 00000000ffffffff [ 336.197138] Kernel Offset: disabled [ 336.200794] Rebooting in 86400 seconds..