[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 97.066356] audit: type=1800 audit(1553473332.125:25): pid=10103 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 97.085663] audit: type=1800 audit(1553473332.125:26): pid=10103 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 97.105174] audit: type=1800 audit(1553473332.145:27): pid=10103 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. 2019/03/25 00:22:26 fuzzer started 2019/03/25 00:22:32 dialing manager at 10.128.0.26:45327 2019/03/25 00:22:32 syscalls: 1 2019/03/25 00:22:32 code coverage: enabled 2019/03/25 00:22:32 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/03/25 00:22:32 extra coverage: extra coverage is not supported by the kernel 2019/03/25 00:22:32 setuid sandbox: enabled 2019/03/25 00:22:32 namespace sandbox: enabled 2019/03/25 00:22:32 Android sandbox: /sys/fs/selinux/policy does not exist 2019/03/25 00:22:32 fault injection: enabled 2019/03/25 00:22:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/03/25 00:22:32 net packet injection: enabled 2019/03/25 00:22:32 net device setup: enabled 00:26:16 executing program 0: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x0, 0x0) finit_module(r0, &(0x7f0000000040)='\x00', 0x2) socket$unix(0x1, 0x1, 0x0) close(r0) r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x71a, 0x4000) r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0xa000, 0x4) ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0xfff) write$P9_RLINK(r1, &(0x7f0000000100)={0x7, 0x47, 0x1}, 0x7) fcntl$F_SET_FILE_RW_HINT(r2, 0x40e, &(0x7f0000000140)=0x4) ioctl$KVM_SET_TSS_ADDR(r0, 0xae47, 0xd000) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000180)=0x9, 0x4) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f00000001c0)={0x0, 0x2, 0x2, 0x5, [], [], [], 0x4df2313c, 0x5, 0x1ff, 0x36, "6f14bf6781cfa55782b1f5d4862ce03b"}) pipe2(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$CAPI_SET_FLAGS(r4, 0x80044324, &(0x7f0000000340)) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) chmod(&(0x7f0000000380)='./file0\x00', 0x80) ioctl$SG_GET_LOW_DMA(r3, 0x227a, &(0x7f00000003c0)) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000400)={0x0, 0x55, "cf01c8d81eb50c1e39c12f435e55f820daa3cac7c19d72ae46ca3437129ee64bff038ad158212bcee09f2260e05af95004fb1c7a0b713468804a3cdd988a870538228df077380dc56af3e9d763ffb2d3a3717cd5b5"}, &(0x7f0000000480)=0x5d) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000004c0)={r5}, &(0x7f0000000500)=0x8) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000540)={0x4, 0x3}) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x1) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000580)="d3743d466b02fe844654531400d6a6b5", 0x10) ioctl$TUNSETVNETLE(r3, 0x400454dc, &(0x7f00000005c0)=0x1) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000600)={r5, 0x100000000}, &(0x7f0000000640)=0x8) ioctl$PPPIOCGFLAGS1(r3, 0x8004745a, &(0x7f0000000680)) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f00000006c0)) ioctl$KDSIGACCEPT(r4, 0x4b4e, 0x22) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000700)={0x1, 0x0, [], {0x0, @reserved}}) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000007c0)={r5, 0x76d}, 0x8) io_setup(0x7, &(0x7f0000000800)=0x0) io_submit(r6, 0x1, &(0x7f00000008c0)=[&(0x7f0000000880)={0x0, 0x0, 0x0, 0x5, 0x2, r0, &(0x7f0000000840)="d1d3b59caa5f51333ced4ad0e15b715f86b96dee4cc8da4957a2cd68e9d7199730b65e0d8b3f938333fd577e8b", 0x2d, 0x0, 0x0, 0x2, r4}]) syzkaller login: [ 341.922888] IPVS: ftp: loaded support on port[0] = 21 [ 342.082627] chnl_net:caif_netlink_parms(): no params data found [ 342.160537] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.167283] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.175918] device bridge_slave_0 entered promiscuous mode [ 342.185880] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.193083] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.201621] device bridge_slave_1 entered promiscuous mode [ 342.237614] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 342.250093] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 342.285447] team0: Port device team_slave_0 added [ 342.294404] team0: Port device team_slave_1 added [ 342.498082] device hsr_slave_0 entered promiscuous mode [ 342.562886] device hsr_slave_1 entered promiscuous mode [ 342.674807] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.681409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 342.688797] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.695423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 342.779323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 342.801044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 342.816029] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.826079] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.838816] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 342.859478] 8021q: adding VLAN 0 to HW filter on device team0 [ 342.878004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 342.886409] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.893048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 342.953812] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 342.963704] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 342.981180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 342.989702] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.996347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 343.006438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 343.015900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 343.024761] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 343.033638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 343.045451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 343.053332] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 343.107898] 8021q: adding VLAN 0 to HW filter on device batadv0 00:26:18 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={r3, 0x6}, 0x8) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:19 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={r3, 0x6}, 0x8) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:19 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={r3, 0x6}, 0x8) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:20 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={r3, 0x6}, 0x8) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:20 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000140)=0x8) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:20 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000140)=0x8) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:20 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:20 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:21 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:21 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:21 executing program 1: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x0, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x26, &(0x7f0000000040)={@remote, @local, @multicast2}, 0xc) fsetxattr$security_evm(r0, &(0x7f0000000080)='security.evm\x00', &(0x7f00000000c0)=@ng={0x4, 0xa, "5c81bd7c"}, 0x6, 0x3) socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000100), &(0x7f0000000140)=0x14) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x84000, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x20200, 0x0) ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000000200)={0x1, 0x0, 0x9, 0x40}) ioctl$KVM_PPC_ALLOCATE_HTAB(r3, 0xc004aea7, &(0x7f0000000240)=0x9) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000280)=0x1) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r2, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={&(0x7f0000000340)={0x268, r4, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x110, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffe01}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x53c7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb660}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xcdbc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x672f}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5f}]}, @TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x400}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA={0x64, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xbe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2673}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x101}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xc75d}]}, @TIPC_NLA_MON={0x54, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7d}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x101}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200000000000}]}]}, 0x268}, 0x1, 0x0, 0x0, 0x10}, 0x4090) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000640)=[@sack_perm, @sack_perm], 0x2) getsockopt$inet6_dccp_buf(r0, 0x21, 0xcf, &(0x7f0000000680)=""/180, &(0x7f0000000740)=0xb4) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000780)={0x0, 0x5d, 0x3, [0x3800000, 0x400, 0x2]}, &(0x7f00000007c0)=0xe) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000800)={r5, 0x173, 0xffff, 0x7, 0x27b4000000000000, 0x4}, &(0x7f0000000840)=0x14) sendmsg$xdp(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000880)="5eff92d7003538736ad42c356131aece50e5b156068aaef0c68f2d1ff4b37ee2ea5ce089", 0x24}], 0x1}, 0x4008000) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000940)={0x2}) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000a40)={0x1, &(0x7f0000000980)=[{}]}) ioctl$VIDIOC_S_PARM(r3, 0xc0cc5616, &(0x7f0000000a80)={0x5, @raw_data="12f25542d3301110cfb9579b764772adf76b048b1421deaf5e06e2682744891c22367448eff95bdf2a5655bfb8fcbb771c3dbb5f38ce1387ddcfa40997b153410e9439f85f45d3681d5c11c1cc949b7d0caaebd4a6c31b76eadfb7bdb26a1bc48b85ce2d371394bc20fe7486d16c4988f2a54d9cf628284c0d09a5d87b3d820f35598413e94ab830dafa95a31254174f31c09d96424e199d5d78c4c8c3550e4d5d0728c42bf91632aecdb18aecdc895c586c41d15c4c9172415667df0e94a793ba31aad2190b459d"}) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000b80)={0xea16, 0x0, 0x800, 0x1f, 0x80}) ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000000c00)={0x9, &(0x7f0000000bc0)=[{0x5, 0x80}, {0x20, 0xfffffffffffffff9}, {0x100000001, 0x1}, {0x6, 0x1}, {0xa7175cd, 0x8}, {0x9, 0x1}, {0x80000000, 0x6}, {0x200, 0x800}, {0x7ff, 0x80000001}]}) sendmsg$TIPC_NL_NET_GET(r2, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0xf0, r4, 0xa5c28f36eb8b7b83, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xac, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe2e}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd67}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x58}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffff97}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xea}]}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2020000000}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x1}, 0x40080) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000e00)={0x401, 0xffffffff9323e7c7}) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000e40)) prctl$PR_SET_NAME(0xf, &(0x7f0000000e80)='user\x00') keyctl$set_reqkey_keyring(0xe, 0x7) recvfrom(r2, &(0x7f0000000ec0)=""/4096, 0x1000, 0x102, &(0x7f0000001ec0)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e22, @multicast2}}, 0x80) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000001f80)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000002080)={&(0x7f0000001f40), 0xc, &(0x7f0000002040)={&(0x7f0000001fc0)={0x68, r6, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x7fffffff}, @NBD_ATTR_SOCKETS={0x3c, 0x7, [{0x8, 0x1, r3}, {0x8, 0x1, r1}, {0x8, 0x1, r3}, {0x8, 0x1, r3}, {0x8, 0x1, r2}, {0x8, 0x1, r2}, {0x8, 0x1, r2}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0xffffffffffffff4b}]}, 0x68}}, 0x4000000) 00:26:21 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:21 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:21 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) [ 346.885386] IPVS: ftp: loaded support on port[0] = 21 00:26:22 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) [ 347.230353] chnl_net:caif_netlink_parms(): no params data found 00:26:22 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) [ 347.317577] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.324416] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.333229] device bridge_slave_0 entered promiscuous mode [ 347.344219] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.350902] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.359688] device bridge_slave_1 entered promiscuous mode [ 347.433344] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 347.446977] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 347.487350] team0: Port device team_slave_0 added [ 347.497623] team0: Port device team_slave_1 added [ 347.599110] device hsr_slave_0 entered promiscuous mode 00:26:22 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) [ 347.643391] device hsr_slave_1 entered promiscuous mode [ 347.708190] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.714903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.722280] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.728879] bridge0: port 1(bridge_slave_0) entered forwarding state 00:26:22 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) [ 347.891913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.937082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 347.949767] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.983885] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.003266] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 348.081610] 8021q: adding VLAN 0 to HW filter on device team0 [ 348.120385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 348.128996] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.135685] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.208502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 348.217009] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.223675] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.233888] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 348.243549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 00:26:23 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) ioctl$KVM_SET_TSC_KHZ(0xffffffffffffffff, 0xaea2, 0x6) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) [ 348.252409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 348.260777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 348.274534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 348.350700] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 348.367102] 8021q: adding VLAN 0 to HW filter on device batadv0 00:26:23 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) ioctl$KVM_SET_TSC_KHZ(0xffffffffffffffff, 0xaea2, 0x6) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:23 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) ioctl$KVM_SET_TSC_KHZ(0xffffffffffffffff, 0xaea2, 0x6) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:23 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x6) bind$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:23 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x10001, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000080)=0x400) ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000100)) close(r0) 00:26:24 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x6) bind$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:24 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'hwsim0\x00', 0x43732e5398416f1a}) r2 = socket$packet(0x11, 0x800000000003, 0x300) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'vec\x00\x00\x00\x00\x00\x00\f\x00\x00\xbdh\x00', 0x43732e5398416f1e}) poll(&(0x7f0000000040)=[{r1}, {r3}], 0x2, 0x9d) r4 = open(&(0x7f0000000000)='./file0\x00', 0x4000, 0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000180)=@int=0x8, 0x4) getsockopt$IP_VS_SO_GET_TIMEOUT(r4, 0x0, 0x486, &(0x7f00000001c0), &(0x7f0000000240)=0xc) dup2(r2, r3) r5 = syz_open_dev$usbmon(&(0x7f0000000280)='/dev/usbmon#\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f00000002c0)={0x0, 0xe2, "00ec2f6e9965730e845d25624e1a5c639cafc8fc03f9efb58a588fd7b4b09a76e8d096dfc10c05affb61e6315fb8fe4768612bb5538a2faa1e354561e27cdec2558f8e1a0e6ac930bc596ec05a62660275ff83766f5c3c5bb5d6557b109b36890efa56c5820e143ca8bdb6d3e440677ab50247ca8d33378c72a97f4b3db197109491487b3e404a73cf829901e9579fd5ab98c75e6a983d0ca27394e0fb36b8e246d41a2f3113f89dacfc7a15d545a7ccbcb3df9dc693ca0db301692999fa9b96c9fc2961d89924387984bf1114461b20a9d9112d2e200433d59e42843d8994f10e08"}, &(0x7f00000003c0)=0xea) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r5, 0x84, 0x70, &(0x7f0000000400)={r6, @in6={{0xa, 0x4e23, 0xd1, @mcast1, 0x8}}, [0x3c, 0x1000, 0xffff, 0x1, 0x6, 0x8000, 0x0, 0x1f, 0x1, 0x0, 0x127, 0x3, 0x80000001, 0x1000, 0x6]}, &(0x7f0000000500)=0x100) dup3(r3, r1, 0x0) 00:26:24 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x6) bind$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:24 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x6) bind$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:24 executing program 1: syz_emit_ethernet(0x51, &(0x7f0000000980)={@local, @remote, [{[{0x9100, 0xa33c, 0x1c, 0x4}], {0x8100, 0x7fffffff, 0x200, 0x3}}], {@ipv6={0x86dd, {0x4, 0x6, "8faf1c", 0x0, 0x7b, 0x2bbb, @local, @local, {[@fragment={0x1, 0x0, 0x9, 0x0, 0x0, 0x1, 0x67}, @routing={0xfe, 0x0, 0x0, 0xfffffffffffffffc, 0x0, [@remote]}], @icmpv6=@time_exceed={0x3, 0x1, 0x0, 0x4, [], {0x100000001, 0x6, "9bbebe", 0x6a8ec39b, 0x87, 0x6, @remote, @ipv4={[], [], @loopback}, [@dstopts={0x2b, 0x0, [], [@ra={0x5, 0x2, 0x6}, @generic={0x80, 0x0, "b80223c11507959a8e53f3cf2d365ea4b7136309c7e6b39f1c5bc354a085b7ed636b981327b5d017d1cb83a2"}, @pad1]}, @srh={0x3b, 0x0, 0x4, 0x0, 0x18, 0x0, 0xa38a000000, [@loopback]}, @dstopts={0x33, 0x0, [], [@jumbo={0xc2, 0x4, 0x3f}, @jumbo={0xc2, 0x4, 0x5}, @jumbo={0xc2, 0x4, 0xfffffffffffffffa}]}, @routing={0xff, 0x0, 0x0, 0x6, 0x0, [@mcast2, @loopback, @mcast1, @mcast2, @remote, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x23}}, @mcast2]}, @hopopts={0x6, 0x0, [], [@ra={0x5, 0x2, 0x77a}]}, @hopopts={0x32, 0x0, [], [@generic={0x2, 0x0, "5952414f3b5301b55012aadb237f68884912837895a6795280bcbbabd33139689a58a794ee22d5bf609ee824ea7d30b582c56893b659759aa31105bfd05d59759114887cce51cc5116ebaec17c44a71834e08b4ad9babe7b6dd442f5d5aab96a3b2ac0dd74d5a0cb9345c4f50fc534a9e790d1473539a4476590b7b0b10f0641fc88e5c4287f087f227e802d794b1590de69116c624d9e336f0ed7c27f72263ff8578af1101f50be9d7475a033d3b1c449df57c29f68a4f6"}, @calipso={0x7, 0x0, {0xc9f, 0x0, 0x2aac, 0x1000, [0xffffffff00000001]}}]}, @hopopts={0x3c, 0x0, [], [@hao={0xc9, 0x0, @empty}, @pad1, @ra={0x5, 0x2, 0x53bae49f}, @pad1, @ra={0x5, 0x2, 0x63ee}, @generic={0xd9, 0x0, "d5e6b83f12a8246057"}, @generic={0x101, 0x0, "0cd6eac3885f34d3f855fdc56cfcb029e950ec93c81797c116753b58ff2141234e2c151cd657d166fd67f04e055706d6e44289ee567df241d43deb1cfe68a3854cfee108731b58ec8a71c1640ff4bf2cd71fceb3dc349e206ccc4e77b8d5cf84b7af68156db2afc0d0577cd48c4f6fcce97645bd1cc17817333f10246c4c"}, @generic={0x0, 0x0, "8e32cb66fbac6e522b1334b86a9233389a953e35351a70b2f950ac66a736f6b4f914542cea5577986148da465fd8324a91cd9e039a2ccff00b2d1e512601ff66987341ef69c6ec1152b8ebf37a2aa92e5d103100a167ff20b2ce6a7186c138b90a8fddaf54cd2941a9419320269ee6fdb41a3f8f05a5721f37d54ae612468f341a"}, @pad1]}], "08d8196ac47d9e43052a33850fefc7fc30bda2e2779e42d673a08ff70da2c8494cfd6902c9f5d578b10aed43a2c97ca828086fb3abe1b2074b7e2a8d2c38c509f4ee39d7f2735bde9f3f3144c61d0d3d9d1b9c888f5c4775eaa3464983aef0a02887f94ae90e381f0f56fc048f876f216e40a1be097f254fafded974763612bb4545cff5caa5e55f4b128caad35a83e152aa6dea96d22b6899f5dc0df35911ac0a7810455db3bbe79168146a8a9ae0e872af4b865e96f2c2d6301f67843615049352dc8000126e1bda0b"}}}}}}}, 0x0) 00:26:24 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x6) bind$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:24 executing program 1: socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) accept(r0, &(0x7f0000000040)=@caif=@dgm, &(0x7f00000000c0)=0x80) r1 = socket$alg(0x26, 0x5, 0x0) unshare(0x400) bind$alg(r1, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00003c1000), 0x0) r2 = accept(r1, 0x0, &(0x7f0000000500)=0xfffffffffffffdcb) recvfrom$packet(r2, &(0x7f0000000600)=""/4096, 0x1000, 0x0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x930000) 00:26:25 executing program 1: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="240000000c061f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1}, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x400000, 0x0) execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000100)='/dev/dlm_plock\x00', &(0x7f0000000180)='self\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000200)=')\x00'], &(0x7f0000000380)=[&(0x7f0000000280)='{\x00', &(0x7f00000002c0)='proc:-\x87\x00', &(0x7f0000000300)='\\\x00', &(0x7f0000000340)='em0cpuset/gsystem\x00']) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') sendmsg$TIPC_CMD_SET_NETID(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000500)={0x24, r2, 0x300, 0x70bd2d, 0x25dfdbfd, {{}, 0x0, 0x800b, 0x0, {0x8, 0x2, 0x5}}, [""]}, 0x24}}, 0x14) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000080)=0xffffffffffffffff, 0x4) 00:26:25 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x6) bind$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r1 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) [ 350.053736] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 350.061312] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 350.161752] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 350.169463] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 00:26:25 executing program 1: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000000c0)='\x00', 0x0}, 0x30) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm_plock\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000200)={{0xaf, @multicast2, 0x4e20, 0x2, 'sh\x00', 0xf, 0x6, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e23, 0x2003, 0xf, 0x56d, 0x7}}, 0x44) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)=r0, 0x4) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000180)) r2 = socket$inet_udplite(0x2, 0x2, 0x88) sendto$inet(r1, &(0x7f0000000280)="2e47e008c318f356ae99e4ad8acdd62d940ab86161aede9359987ec6d3f2a5fabaa9399eb88bb2663bf1cbc589d68b26d01eae2a50473e16fae71c21c16698b17896d59a4c286808f1febe9b82c57491018df5b201c3c796b0924e9ff0d1ac5738e7b9d65b3e8e7be86e23340c58cd33e077a2a0499a4fbe4ac1", 0x7a, 0x40040, &(0x7f0000000300)={0x2, 0x4e20, @loopback}, 0x10) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r3 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc) sendmsg$nl_generic(r3, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000002200010000000000000000000400000008000c003179bb7f2b23cf3e9ac0c6ad5d2d883807000000a6eea165b532c8f253045dabe11a82b30576267d308a1b23d43242a759389369638ddb5b21cbdf7984bfd01766ef57703f014326f7c79cd13e69626873e49753d78b435386129daf984dd279c1ff3ee03935abf42f902372984cc610ab37a828be4d14a8dbb67f24a52f38b3855cfce7d78040974720dd45ff377b8f0000", @ANYRES32=0x0], 0x1c}}, 0x0) 00:26:25 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:25 executing program 1: rseq(&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x1, 0xa30000}}, 0x51ecd5f855eda598, 0x0, 0x0) 00:26:25 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:25 executing program 1: timer_create(0xfffffffffffffffd, &(0x7f0000044000)={0x0, 0x28, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000280)}}, &(0x7f0000044000)) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x800, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f0000000200)) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{r1, r2+10000000}, {0x77359400}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffff9c, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) getpriority(0x0, r3) timer_gettime(0x0, &(0x7f0000000000)) 00:26:25 executing program 1: r0 = socket(0xa, 0x2, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x400000000003b, &(0x7f0000000000)=@fragment, 0x8) r1 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/attr/exec\x00', 0x2, 0x0) getsockopt$inet6_opts(r0, 0x29, 0x39, 0x0, &(0x7f0000000040)) ioctl$VIDIOC_DV_TIMINGS_CAP(r1, 0xc0905664, &(0x7f0000000100)={0x0, 0x0, [], @raw_data=[0xa18, 0x5, 0x3, 0xc4bd, 0x80000001, 0x9, 0x7582, 0x0, 0xfff, 0x2d09, 0x7dc, 0x80000001, 0x1, 0x5, 0x6, 0x80000001, 0x1f, 0x3, 0x7, 0x1, 0x4, 0x1, 0x7, 0x3, 0x3, 0x2, 0x4, 0x5, 0xffff, 0x211, 0x0, 0x1f]}) 00:26:25 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:26 executing program 1: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:26 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:26 executing program 1: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:26 executing program 0: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:26 executing program 1: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:27 executing program 0: ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:27 executing program 1: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:27 executing program 0: ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:27 executing program 1: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:27 executing program 0: ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:27 executing program 1: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:28 executing program 1: set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) 00:26:28 executing program 0: set_mempolicy(0x0, &(0x7f00000000c0)=0x1, 0x2) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, 0x0) r0 = syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x0, 0x52500) ioctl$FICLONE(r0, 0x40049409, 0xffffffffffffffff) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/dev_snmp6\x00') ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0x6) bind$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10) r2 = openat$ion(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000100)={0x10010009, 0xffffffffffffffff, 0xfff7fffffffffffc}) [ 353.229389] ------------[ cut here ]------------ [ 353.234217] kernel BUG at mm/kmsan/kmsan.c:729! [ 353.239007] invalid opcode: 0000 [#1] SMP [ 353.243271] CPU: 0 PID: 3764 Comm: udevd Not tainted 5.0.0+ #16 [ 353.249348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 353.258822] RIP: 0010:kmsan_internal_check_memory+0xb84/0xbb0 [ 353.264735] Code: 65 8b 34 25 04 90 03 00 65 48 8b 14 25 90 0d 04 00 48 c7 c7 6c 6c 81 8b 31 c0 e8 b7 fd 79 ff 0f 0b 0f 0b e8 8e 22 56 ff 0f 0b <0f> 0b e8 75 d0 79 ff 85 c0 75 1f 65 8b 34 25 04 90 03 00 65 48 8b [ 353.283658] RSP: 0018:ffff88810da3fa60 EFLAGS: 00010046 [ 353.289229] RAX: 0000000000000002 RBX: 00000000e3a000b3 RCX: ffff888000000000 [ 353.296524] RDX: 000007ffffffffff RSI: 0000000000000004 RDI: ffff88810da3fc08 [ 353.303825] RBP: ffff88810da3fb10 R08: ffff88810da3fc08 R09: ffff88818da3fc08 [ 353.311146] R10: ffff88810da8fc08 R11: ffffffff8229a110 R12: 0000000000000004 [ 353.318439] R13: 0000000000000004 R14: 0000000000000282 R15: 0000000000000000 [ 353.325758] FS: 00007f6d47f067a0(0000) GS:ffff88812fc00000(0000) knlGS:0000000000000000 [ 353.334024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 353.339922] CR2: 00007f6d47f0d000 CR3: 000000010d901000 CR4: 00000000001406f0 [ 353.347208] Call Trace: [ 353.349833] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 353.355251] kmsan_check_memory+0xd/0x10 [ 353.359342] ep_send_events_proc+0xa8b/0x1640 [ 353.363917] ep_scan_ready_list+0x366/0xe80 [ 353.368310] ? ep_busy_loop_end+0x200/0x200 [ 353.372681] do_epoll_wait+0xd00/0x1990 [ 353.376721] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 353.382292] ? prepare_exit_to_usermode+0x114/0x420 [ 353.387436] ? arch_local_irq_disable+0x10/0x10 [ 353.392158] __se_sys_epoll_wait+0xb3/0xe0 [ 353.396445] __x64_sys_epoll_wait+0x56/0x70 [ 353.400807] do_syscall_64+0xbc/0xf0 [ 353.404624] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 353.409839] RIP: 0033:0x7f6d4761a943 [ 353.413573] Code: 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 83 3d b5 dc 2a 00 00 75 13 49 89 ca b8 e8 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 3b c4 00 00 48 89 04 24 [ 353.432584] RSP: 002b:00007ffdc8bbbf38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8 [ 353.440322] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f6d4761a943 [ 353.447701] RDX: 0000000000000008 RSI: 00007ffdc8bbc030 RDI: 000000000000000a [ 353.455010] RBP: 00000000020592c0 R08: 0000000000000000 R09: 0000000000000000 [ 353.462302] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000003 [ 353.469602] R13: 0000000000000000 R14: 0000000002060200 R15: 0000000002047250 [ 353.476913] Modules linked in: [ 353.480151] ---[ end trace c74e5d1624e6ebad ]--- [ 353.484940] RIP: 0010:kmsan_internal_check_memory+0xb84/0xbb0 [ 353.490845] Code: 65 8b 34 25 04 90 03 00 65 48 8b 14 25 90 0d 04 00 48 c7 c7 6c 6c 81 8b 31 c0 e8 b7 fd 79 ff 0f 0b 0f 0b e8 8e 22 56 ff 0f 0b <0f> 0b e8 75 d0 79 ff 85 c0 75 1f 65 8b 34 25 04 90 03 00 65 48 8b [ 353.509768] RSP: 0018:ffff88810da3fa60 EFLAGS: 00010046 [ 353.515160] RAX: 0000000000000002 RBX: 00000000e3a000b3 RCX: ffff888000000000 [ 353.522448] RDX: 000007ffffffffff RSI: 0000000000000004 RDI: ffff88810da3fc08 [ 353.529739] RBP: ffff88810da3fb10 R08: ffff88810da3fc08 R09: ffff88818da3fc08 [ 353.537034] R10: ffff88810da8fc08 R11: ffffffff8229a110 R12: 0000000000000004 [ 353.544326] R13: 0000000000000004 R14: 0000000000000282 R15: 0000000000000000 [ 353.551705] FS: 00007f6d47f067a0(0000) GS:ffff88812fc00000(0000) knlGS:0000000000000000 [ 353.559956] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 353.565858] CR2: 00007f6d47f0d000 CR3: 000000010d901000 CR4: 00000000001406f0 [ 353.573153] Kernel panic - not syncing: Fatal exception [ 353.579356] Kernel Offset: disabled [ 353.582992] Rebooting in 86400 seconds..