[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 63.278025] sshd (6298) used greatest stack depth: 53184 bytes left [....] Starting OpenBSD Secure Shell server: sshd[ 63.457906] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 64.738382] random: sshd: uninitialized urandom read (32 bytes read) [ 65.145077] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 67.711622] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts. [ 73.449156] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/10 16:19:20 fuzzer started [ 78.187185] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/10 16:19:25 dialing manager at 10.128.0.26:45337 2018/10/10 16:19:25 syscalls: 1 2018/10/10 16:19:25 code coverage: enabled 2018/10/10 16:19:25 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/10 16:19:25 setuid sandbox: enabled 2018/10/10 16:19:25 namespace sandbox: enabled 2018/10/10 16:19:25 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/10 16:19:25 fault injection: enabled 2018/10/10 16:19:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/10 16:19:25 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/10 16:19:25 net device setup: enabled [ 83.342478] random: crng init done 16:21:29 executing program 0: ioctl(0xffffffffffffffff, 0x0, &(0x7f00000007c0)) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) [ 205.296525] IPVS: ftp: loaded support on port[0] = 21 [ 206.593918] ip (6411) used greatest stack depth: 53056 bytes left [ 206.748445] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.755024] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.763928] device bridge_slave_0 entered promiscuous mode [ 206.915890] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.922511] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.931231] device bridge_slave_1 entered promiscuous mode [ 207.080457] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 207.232226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 207.684383] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 207.836042] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 208.122882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 208.129983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:21:33 executing program 1: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9c84a2c00d2970600dc0d") [ 208.586705] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 208.594887] team0: Port device team_slave_0 added [ 208.773531] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 208.781709] team0: Port device team_slave_1 added [ 209.060756] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.316455] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 209.323736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.333019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.395451] IPVS: ftp: loaded support on port[0] = 21 [ 209.546174] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.559448] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.568927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.819352] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.827255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.836874] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.945141] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.951621] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.960448] device bridge_slave_0 entered promiscuous mode [ 212.248681] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.255277] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.264058] device bridge_slave_1 entered promiscuous mode [ 212.456642] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.463225] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.470219] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.476811] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.486290] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 212.518273] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 212.745061] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 213.142496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.305729] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 213.532911] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 213.722504] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 213.729700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 16:21:38 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000100)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f0000000140)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000040)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800000000004, 0x20011, r1, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x7b, &(0x7f0000000340)={0x0, @in={{0x2, 0x0, @rand_addr}}}, &(0x7f0000000000)=0x2c2) [ 213.976044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.983281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.856727] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 214.865119] team0: Port device team_slave_0 added [ 215.048492] IPVS: ftp: loaded support on port[0] = 21 [ 215.195419] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 215.203769] team0: Port device team_slave_1 added [ 215.531068] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 215.538500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 215.547733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 215.871173] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 215.878474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 215.887631] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 216.215374] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 216.223379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 216.232691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 216.530657] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 216.538480] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 216.548042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.755937] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.762724] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.771399] device bridge_slave_0 entered promiscuous mode [ 218.022155] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.028621] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.037259] device bridge_slave_1 entered promiscuous mode [ 218.414906] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 218.619654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 219.595354] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 219.863032] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 220.046024] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 220.053282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 220.235040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 220.242355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 220.328128] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.334751] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.341716] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.348349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.357779] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.364721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.943934] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 220.952366] team0: Port device team_slave_0 added [ 221.190668] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 221.199213] team0: Port device team_slave_1 added [ 221.521332] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 221.528571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.537944] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.892579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 221.899703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.908607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.153357] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 222.161020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.170533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 16:21:47 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xb, 0x81) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {&(0x7f0000000380)}}, 0xffffff01) ioctl$int_in(r0, 0x800000c0045002, &(0x7f00000000c0)) [ 222.463821] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 222.471518] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.481088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 224.006544] IPVS: ftp: loaded support on port[0] = 21 [ 225.873932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.740779] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.747431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.754584] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.761118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.770842] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.389200] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 227.564671] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.571157] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.580191] device bridge_slave_0 entered promiscuous mode [ 227.784370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.027316] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.033998] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.042752] device bridge_slave_1 entered promiscuous mode [ 228.402541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 228.730775] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 228.915604] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.952283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.960347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.895736] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 230.146186] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 230.399009] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 230.406553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.421619] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.805366] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 230.812659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 232.045556] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.054049] team0: Port device team_slave_0 added [ 232.374959] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.383284] team0: Port device team_slave_1 added 16:21:57 executing program 4: r0 = socket$inet6(0xa, 0x1000000000003, 0x20) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x0, 0x0) r2 = socket$nl_generic(0xa, 0x5, 0x84) dup2(r2, r1) [ 232.760993] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.768277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.777313] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.307153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 233.314663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 233.323832] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.693030] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 233.700798] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.710267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 234.162437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 234.170212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 234.179749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.621181] IPVS: ftp: loaded support on port[0] = 21 [ 236.794696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.451911] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.900743] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.907421] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.916267] device bridge_slave_0 entered promiscuous mode [ 239.290039] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.296706] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.306304] device bridge_slave_1 entered promiscuous mode [ 239.402110] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.408660] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.415850] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.422446] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.431557] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.593011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.895909] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 240.201254] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 240.446875] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.453597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.461706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:22:05 executing program 0: ioctl(0xffffffffffffffff, 0x0, &(0x7f00000007c0)) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) 16:22:06 executing program 0: ioctl(0xffffffffffffffff, 0x0, &(0x7f00000007c0)) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) [ 241.525392] bond0: Enslaving bond_slave_0 as an active interface with an up link 16:22:06 executing program 0: ioctl(0xffffffffffffffff, 0x0, &(0x7f00000007c0)) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) 16:22:07 executing program 0: ioctl(0xffffffffffffffff, 0x0, &(0x7f00000007c0)) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) [ 242.031696] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 242.230133] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.432432] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 242.439609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 16:22:07 executing program 0: mknod(&(0x7f0000000140)='./file1\x00', 0x88, 0x0) clone(0x3103001ff3, 0x0, 0xfffffffffffffffe, &(0x7f0000000540), 0xffffffffffffffff) execve(&(0x7f0000000040)='./file1\x00', &(0x7f0000000400), &(0x7f0000000b40)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) write$P9_RGETLOCK(r1, &(0x7f0000000180)=ANY=[], 0x0) [ 242.876451] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.883879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:22:08 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x80000) 16:22:08 executing program 0: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x80000) 16:22:09 executing program 0: io_setup(0x2, &(0x7f0000000080)=0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rfkill\x00', 0x0, 0x0) io_cancel(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0xba, r1, &(0x7f0000000100)="381017ec0b4cd1a9b9f0f912b11c3639574dc1753269f9e3b8c1902cbe65928ab78767285b9d228e39e26fe062f052957ae4bbdd3eb6370499", 0x39, 0x100, 0x0, 0x1, r2}, &(0x7f00000001c0)) io_setup(0x40, &(0x7f0000000040)=0x0) r4 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) io_submit(r3, 0x1, &(0x7f0000000b00)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) [ 244.302571] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 244.310944] team0: Port device team_slave_0 added [ 244.452448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.834809] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 244.843336] team0: Port device team_slave_1 added [ 245.247604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 245.254986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.264134] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.474755] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.525590] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 245.532878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.542241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.889998] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 245.897942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.907233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 246.290716] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 246.298714] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.308145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 246.443695] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 246.450201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.458548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 247.612585] 8021q: adding VLAN 0 to HW filter on device team0 [ 249.579124] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.585801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.593091] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.599611] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.608536] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 249.615375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 16:22:15 executing program 1: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9c84a2c00d2970600dc0d") [ 253.297175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.149476] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 254.834687] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 254.841133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 254.849179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:22:20 executing program 2: [ 255.527183] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.312548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.900624] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 259.520757] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 259.527370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 259.535687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:22:25 executing program 0: r0 = socket$inet(0x10, 0x3, 0xc) r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x3, 0x20000) getsockopt$inet_int(r0, 0x0, 0x5, &(0x7f0000000180), &(0x7f00000001c0)=0x4) getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f00000000c0)={'NETMAP\x00'}, &(0x7f0000000100)=0x1e) ioctl$RTC_PIE_OFF(r1, 0x7006) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000080)={0x3, 0x80}) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000000)="24000000040607031dfffd946fa2830020200a0009000100061d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000240)={{0x4f28, 0x1}, {0x3158, 0xfffffffffffffff8}, 0x8, 0x5, 0xd742}) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000140)=0x0) r3 = gettid() setpgid(r2, r3) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000200)={0x0, @remote, 0x4e23, 0x3, 'sh\x00', 0x8, 0x1ff, 0x2f}, 0x2c) [ 260.200897] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 260.215774] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 260.272886] 8021q: adding VLAN 0 to HW filter on device team0 16:22:27 executing program 4: 16:22:27 executing program 5: r0 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000040)=0x9, 0x4) socket$xdp(0x2c, 0x3, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000080)=0x6, 0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={0xffffffffffffffff}, 0x106, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000180)={0xf, 0x8, 0xfa00, {r2}}, 0x10) ioctl$KVM_SET_SIGNAL_MASK(r1, 0x4004ae8b, &(0x7f00000001c0)) getpeername$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000240)=0x1c) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000280), &(0x7f00000002c0)=0x4) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x2, 0x0, @ioapic={0x11004, 0x10001, 0x7fff, 0x8, 0x0, [{0x6be4, 0x0, 0x6, [], 0x2b1}, {0x7, 0x1, 0x8, [], 0xffffffffffffc9b6}, {0x4, 0x4, 0x2, [], 0x100}, {0x6, 0x8, 0x0, [], 0x2}, {0x101, 0x0, 0x8001, [], 0x8}, {0x0, 0xffffffffffffffe1, 0x8001}, {0xffff, 0x0, 0x8000, [], 0x800}, {0x2, 0x1, 0x80000001, [], 0x100000001}, {0x80000000, 0x6a, 0x80000000, [], 0x9}, {0x3, 0x0, 0x1ff, [], 0x1}, {0x4, 0x8, 0x3, [], 0x4}, {0x3f, 0x2, 0x200}, {0x8000, 0x0, 0x4000000000000000, [], 0x8000}, {0xff, 0xfff, 0x7, [], 0x5}, {0x8, 0x3ff, 0x100000001, [], 0x7fffffff}, {0xfffffffffffffff8, 0x81, 0x1, [], 0x4}, {0x1, 0x8, 0x6ee, [], 0x6}, {0xfffffffffffffd12, 0x1ff, 0x0, [], 0x80}, {0x460e0373, 0x5, 0x8000, [], 0x8}, {0x1, 0x1, 0xffffffffffff0000, [], 0x7}, {0x1, 0x3f, 0x4, [], 0x7fff}, {0x5, 0x4, 0x8, [], 0x100000000}, {0x4, 0x200, 0x4, [], 0x3ff}, {0x2, 0x1, 0x400, [], 0x3}]}}) ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f0000000400)={0x1, 0x1}) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000440)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000480)={0x5cf, 0x1a2, 0x13ff, 0x4}, 0x8) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000004c0)={0x20, 0xffffffff7fffffff, 0x4f1, 0x400}) setxattr(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)=@random={'system.', '/dev/dsp\x00'}, &(0x7f0000000580)='/dev/dsp\x00', 0x9, 0x2) r4 = epoll_create1(0x80000) r5 = accept$packet(r0, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000600)=0x14) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000640)={@mcast1, @mcast2, @mcast2, 0x3ff, 0x6, 0x7f, 0x500, 0x3, 0x80106, r6}) getsockopt$inet6_buf(r1, 0x29, 0x3d, &(0x7f00000006c0)=""/252, &(0x7f00000007c0)=0xfc) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000800), 0x2) ioctl$KDSETMODE(r3, 0x4b3a, 0x9) fcntl$getownex(r5, 0x10, &(0x7f0000000840)) r7 = syz_open_dev$vcsa(&(0x7f0000000880)='/dev/vcsa#\x00', 0x6, 0x2001) ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, &(0x7f00000008c0)={0x2, 0x1}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000900)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f0000000940)) ioctl$KDSETMODE(r7, 0x4b3a, 0x6) r8 = add_key$user(&(0x7f0000000980)='user\x00', &(0x7f00000009c0)={'syz', 0x1}, &(0x7f0000000a00)="dacb6489296a85a6e7eba69a023d095d2a2dbc5693819b317425be2b1de2873881d0035657671947de", 0x29, 0xfffffffffffffff8) r9 = add_key$user(&(0x7f0000000bc0)='user\x00', &(0x7f0000000c00)={'syz', 0x0}, &(0x7f0000000c40)="4e494a8000e26404a9825be1fd6fb4db151372fc4bbc6148d7d7a188ea1b4d5f7ef917f2f2bd59a5dd9f59aabffd0d365d7a75375a3948e3ad8669cdcb4ba526c9613af0eff5349c9b86f8e59e904d3a66dc62f1bfebe99dbf7557b624ba4e60b9eed45760e526a717a88e6ad9b4ac0295ffb893383ac3cbfe1c9cbf5d7809a076b43d46001bf1a98de7babba70748c9492f0682603c734800be824a66ec84309d464b33071d5a01d7182b2f17c50e2202a934161f8593fdcba858ad47d753b1c1b74a6987bfa57de9", 0xc9, 0xfffffffffffffffb) keyctl$instantiate_iov(0x14, r8, &(0x7f0000000b80)=[{&(0x7f0000000a40)="3f67b1cde810ec915cd83c0376d8789cb8c703d9667cb8236ef5ba3e8cd36d17b3f231289274d3c74e29f6b80434cfb77245e167b8882c06323e7553c2824e235c02655912eb6f01e50eff83ffe73964765782819b1106fd2143eb74c63a3759bd5bcdb41af54b1a854e08efa8ef56966ea8fe4ffb9bbb9c583a91e20900c0638e", 0x81}, {&(0x7f0000000b00)="a95219fec028a72b3512ed61a619d0d4566374d9d38d32aaa7d1935a93cfcf4c2fa2c3f911ff1b6c746a3a7b4e9327f68d8cf37cec3fe6484d0483582c1f5f16a53b8d30b9b06ab0d47c56a54583a6a735400e5f88a75f4e22f8a715fecc5b6882bd069d25854f71cb3c19dc1f08c41f223096c16bea83a6d58e", 0x7a}], 0x2, r9) 16:22:27 executing program 2: 16:22:27 executing program 1: 16:22:27 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xb, 0x81) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {&(0x7f0000000380)}}, 0xffffff01) ioctl$int_in(r0, 0x800000c0045002, &(0x7f00000000c0)) 16:22:27 executing program 0: 16:22:27 executing program 2: 16:22:27 executing program 1: 16:22:28 executing program 4: 16:22:28 executing program 0: 16:22:28 executing program 2: 16:22:28 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) r2 = dup2(r1, 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="9082eedea91034ae878dad43369594682f27854804653c753384641a2e12664e3c4dceb3e56a36d1c100fcc8697a816653f3d7ae4451eb5b4ec8d56cff813b0149e04f74668ce67d310700491093d32d1cd0d7cbd15c3bb82e6825c61e94e45947b59b03f0569c92e47bb7b1395e94bcab7f404748a95ebeaa8fad9ddb7f554be9b953e075c3bfb24ee9c65cef628b6874c82476a3d6b0f106dfa6f38689499b4f47188abc341f65f6e57dd92a3b34646ce9d47f295f38d8557dc437fb6ac27944de80c6a6c6ccc0baa32330a619fc4bfee6e59cd74c05f4d3ad400a5b071172273de39ac52c6090d3707ed955faf1a30b508673d7342519cc3974eacfa36f85ad3e6c91170975263b437f60197e2ff7ec4187ec6f9d34db1788933a2111a96fccde5c84880109a4cd47207b2252256638c6c80b75fe69c959ee444ff3f7afa18bf6bb5ea17142ec522f"], 0x1}}, 0x44801) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, r0, 0x0, 0xd, &(0x7f0000000340)='/dev/binder#\x00'}, 0x30) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) clone(0x202102001ffd, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) unshare(0x40000000) fcntl$setstatus(r1, 0x4, 0x40000) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet6_udp_int(r2, 0x11, 0xa, &(0x7f0000000500)=0x7, 0x4) sendto$inet(r3, &(0x7f0000a34fff), 0x0, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r3, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f0000033ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r3, 0x1) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000280)) ioctl$KVM_GET_CPUID2(r2, 0xc008ae91, &(0x7f0000000200)) sendto$inet(r1, &(0x7f0000000000), 0xfffffffffffffe4e, 0x0, &(0x7f0000000000)={0x2, 0x0, @empty, [0x0, 0x3e8]}, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f0000000440)={0x10, 0x30, 0xfa00, {&(0x7f0000000300), 0x0, {0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, [], 0x14}}}}, 0x38) 16:22:28 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x200000, 0xc04e27d3b503e3df}) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000040)) [ 263.715899] hrtimer: interrupt took 44854 ns [ 264.250286] IPVS: ftp: loaded support on port[0] = 21 [ 264.832129] IPVS: ftp: loaded support on port[0] = 21 [ 266.009607] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.016281] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.025145] device bridge_slave_0 entered promiscuous mode [ 266.270515] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.277343] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.286272] device bridge_slave_1 entered promiscuous mode [ 266.448617] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 266.621265] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 267.456106] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 267.610658] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 267.766803] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 267.774248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 268.026217] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 268.033633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 268.606248] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 268.614793] team0: Port device team_slave_0 added [ 268.784893] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 268.793608] team0: Port device team_slave_1 added [ 268.942734] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 268.950045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 268.959624] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 269.124781] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 269.132279] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 269.141404] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 269.294880] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 269.303058] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 269.312515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 269.467614] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 269.475570] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 269.485337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 271.237920] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.244576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.251668] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.258386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.267598] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 271.274654] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 277.207075] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.632264] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 278.162150] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 278.168642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 278.176741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 278.601223] 8021q: adding VLAN 0 to HW filter on device team0 16:22:45 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') fchdir(r0) r1 = memfd_create(&(0x7f0000000300), 0x0) write(r1, &(0x7f00000001c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) mount(&(0x7f0000000100)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='anon_inodefs\x00', 0x0, &(0x7f0000000dc0)) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 16:22:45 executing program 0: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) 16:22:45 executing program 4: perf_event_open(&(0x7f0000000040)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) open(&(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0) 16:22:45 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x84000, 0x0) 16:22:45 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={&(0x7f0000000040), 0xc, &(0x7f0000000240)={&(0x7f0000002b80)=@updpolicy={0xb8, 0x19, 0x70b, 0x0, 0x0, {{@in=@rand_addr, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0xb8}}, 0x0) 16:22:45 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev}, 0xfffffffffffffee2) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff9c}, 0x2c) r1 = socket(0xa, 0x3, 0x1000000000ff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000002c0)='ip6tnl0\x00', 0x10) sendto$unix(r1, &(0x7f0000000000), 0x5a4, 0x0, &(0x7f0000000080)=@abs, 0x6e) 16:22:46 executing program 3: r0 = socket$kcm(0xa, 0x802, 0x88) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @mcast2, 0x9}, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="380000000000000029000000040000007a040401010000c00735001006e7a0592723bb959144473fc52daf0300200000000038157617c27b"], 0x38}, 0x8000) sendmsg(r0, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002580), 0x0, &(0x7f00000025c0)}, 0x0) 16:22:46 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x84000, 0x0) 16:22:46 executing program 1: 16:22:46 executing program 0: 16:22:46 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') fchdir(r0) r1 = memfd_create(&(0x7f0000000300), 0x0) write(r1, &(0x7f00000001c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) mount(&(0x7f0000000100)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='anon_inodefs\x00', 0x0, &(0x7f0000000dc0)) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 16:22:46 executing program 3: r0 = socket$kcm(0xa, 0x802, 0x88) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @mcast2, 0x9}, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="380000000000000029000000040000007a040401010000c00735001006e7a0592723bb959144473fc52daf0300200000000038157617c27b"], 0x38}, 0x8000) sendmsg(r0, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002580), 0x0, &(0x7f00000025c0)}, 0x0) 16:22:46 executing program 0: 16:22:46 executing program 1: 16:22:46 executing program 4: 16:22:46 executing program 2: 16:22:46 executing program 0: 16:22:46 executing program 3: 16:22:47 executing program 5: 16:22:47 executing program 1: 16:22:47 executing program 2: 16:22:47 executing program 0: 16:22:47 executing program 4: 16:22:47 executing program 3: 16:22:47 executing program 5: 16:22:47 executing program 2: 16:22:47 executing program 1: 16:22:47 executing program 4: 16:22:47 executing program 3: 16:22:48 executing program 5: 16:22:48 executing program 0: 16:22:48 executing program 4: 16:22:48 executing program 1: 16:22:48 executing program 2: 16:22:48 executing program 0: 16:22:48 executing program 5: 16:22:48 executing program 1: 16:22:48 executing program 3: 16:22:48 executing program 4: 16:22:48 executing program 2: 16:22:48 executing program 5: 16:22:48 executing program 0: 16:22:49 executing program 3: 16:22:49 executing program 1: 16:22:49 executing program 4: 16:22:49 executing program 2: 16:22:49 executing program 5: 16:22:49 executing program 0: 16:22:49 executing program 3: 16:22:49 executing program 1: 16:22:49 executing program 2: 16:22:49 executing program 4: 16:22:49 executing program 3: 16:22:49 executing program 5: 16:22:50 executing program 0: 16:22:50 executing program 1: 16:22:50 executing program 2: 16:22:50 executing program 3: 16:22:50 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000180)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, &(0x7f00000001c0), 0xfffffdf5, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000005c0)="1a8c443d3a568c81cc096aa87ddab0f1b182da383fd71795f41053261e63b0b9f1283f7431b6146106716c21b43625f9194bf4b6a5dba53c46b82862a2f804121cda7e6be8fd507bb1545de629746d878f10be8036e98a270c42d6458f97b342303464e94ccb6d6f4f81941e3f3fa371596cdf17e160c992140c9dc81362f019f017", 0x82, 0x0, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/226, 0xfffffd85}], 0x1) recvfrom(r0, &(0x7f0000000480)=""/239, 0xef, 0x0, 0x0, 0xf7) close(r0) 16:22:50 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) r1 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r1, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f0000000140)}, 0xc100) sendmsg(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000340)="119a0e63c9476288b671afdbd53a5994e137381f62021d1951b627b8dda57a5d17d744648c81c5703ed8146ab1b0171f89091b1dd3238d03dbb686df460963245dedf2013ee555af99499e44ad420dbf65fd46fbc99a1274429e2d5783751815828ec8cb3553110cca66460215353d19f6d8bbd8fb08ad0491634ac2fd10e2cd30bcd7fede24263a7fff16e53ea293f3551b7147c33a44ea437fb1515c3e8d4f162fdebf8ebe11ae6fcd9372c8d8f19556ee091fe94215ae9434da412f6fa4cb6561e5f78ff9707844ee5d573fb294437722d9a06dfa61748c32c73d759933a8dd344c947d3efdbe90d0eb049df5fbb0c19f6785264b619c530d97395d44b04f7e2a280d658c7871ad373b792678c49227999651ef3b2ee1bc2b8f3035db2d6e8e09aa3837233c8713065a8ad131d24f6c42a3220d0e07c3d3e95d9f44f059a5dd10c0971608f874ecf53aadfa5050ff40f2c3c4a629b6445e5836100afff5a8977583653b40ca116f8f11416e5c1bd5499636ddae25fc49709f0309cf5c0bf8e432160c258d14223b3b0d009b09858645773dd97e68a9531072713cff077b2e73e03ed4f145e9199c126a7f235e5674a3c7f5c7129ac7c1a3319590249b6d34ef6c3d8b94c6fc7cdcbddb053243f33e7bc1f230d3bc7dfc4359e33992d0a3946b914a093287a76ac4a249b5b86cc75476466e409553355fefab75e9268a8751ffc9481fcff1f49c475699595b315e2147eebe8b7291600c6b1cf7c8f24d587b9464a67e5ccec17820e711b98f4f7d5053642068a3fff72b53e2622d6e8b4a4c815fb2ea90ef63e141209dd29254e5ab5bde9c6817b3cb184586049e7741b2d8b5b1a19e99e1834a25959155720c1c0efa4d9d3c42e1ba282847d476cef0228b6a1422aba08e5f3c1cd279bb20dcf3e90f80a4a8ac093de9f0d9c11a540aff2de27437787bbed317439cafb71e7f92b7e02cbadb076f04ba2cb8c96aeef53c74d9036c922b1b24a79228e833abc661b5630caa45389341cb8ddf277fd916141023fb53c0d155faf6fdfb593e22db25c4f8afdcd90d437672ebe975f4a5f445bbdd845505fcfea702a42d821d3dc11720de0009e83161e5a089d09184346606e126842de54e85e20aa5bac874367a8690d09d6ee61278bd424eabe824ff22693b0cece9e4d935f28bb7efd85afb1642a363d583eb01f48f25784f80002b163bd3da724b0391dac7c23f76b5c5c6319f7aab18a486d5607f68ce2f83d2a6a8a13f8ecdb845b8af96230f063019ff113698c720403bbf6202b2d50800000000000000d538fc1fa57518769bd3bfc11e743b4e56b01f17483a152abcca0bd84a1011bd703a494150176d17322cf10307d259999622b76ac6a86407c9ed281ae29b9b569b382d3f39fe4d07706c96c41a565437d9edb1cb532d900efe54f518044bba5fa5791c1797c569a3d6c21342d92f4b104a3d957cf85e617c46ac97b6785a455ce7765eb80a02de4dffde0207061e1afb61e777379b202707f0f49edcf21a186ea1f2e08ef1dc15ae3371280d89aabb3bd53408b4cb2a8e42f9f4d0bc11d766eb51940f5e92559b91954649f2786fb6683e19ca5f609c40e327876f5515aeefce0f390d3fd557aabcb091b04131f3edc1ed80a2d5a812786530a302ab54f7e1f3a6bca852722d1af85ceab2e6565733b31f76d795b1a603a780564b181ebadb0028c03d0c2c2831ce3a83369bf4ec61f802633e719040dac86c9c26e01bdad8", 0x4e0}], 0x1, &(0x7f0000000280)}, 0x0) 16:22:50 executing program 1: 16:22:50 executing program 5: 16:22:50 executing program 2: 16:22:50 executing program 3: 16:22:51 executing program 5: prctl$setname(0xf, &(0x7f0000000200)="cd23330bff00") bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=ANY=[], &(0x7f00000000c0)='syzkaller\x00'}, 0x48) 16:22:51 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fsetxattr$security_capability(r1, &(0x7f0000000180)='security.capability\x00', &(0x7f00000002c0)=@v2, 0x14, 0x0) 16:22:51 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2000000000000002) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) r1 = dup2(r0, r0) clone(0x6102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) ioctl$EVIOCGREP(r1, 0x80084503, &(0x7f00000003c0)=""/126) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, "872914e15e3dbeff3a87bdc81345d4577cc286d412735e16bb02ce80e86ea40c"}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 16:22:51 executing program 2: r0 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, r0, &(0x7f0000000440)='id_resolver\x00', &(0x7f0000000480)={'syz'}, r0) [ 286.272424] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 16:22:51 executing program 5: r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000017000)=0xfffff7fffffffffd, 0x4) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @dev}, 0x10) listen(r1, 0x0) 16:22:51 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000180)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, &(0x7f00000001c0), 0xfffffdf5, 0x200007fc, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='hybla\x00', 0x6) sendto$inet(r0, &(0x7f00000005c0)="1a8c443d3a568c81cc096aa87ddab0f1b182da383fd71795f41053261e63b0b9f1283f7431b6146106716c21b43625f9194bf4b6a5dba53c46b82862a2f804121cda7e6be8fd507bb1545de629746d878f10be8036e98a270c42d6458f97b342303464e94ccb6d6f4f81941e3f3fa371596cdf17e160c992140c9dc81362f019f017", 0x82, 0x0, &(0x7f0000000100)={0x2, 0x0, @multicast2}, 0x10) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/226, 0xfffffd85}], 0x1) recvfrom(r0, &(0x7f0000000480)=""/239, 0xef, 0x0, 0x0, 0xf7) close(r0) 16:22:51 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) geteuid() getgroups(0x2, &(0x7f0000004140)=[0xee00, 0xffffffffffffffff]) getresgid(&(0x7f0000006880), &(0x7f00000068c0), &(0x7f0000006900)) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000006e40)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000006e80)={{{@in6=@remote, @in=@dev}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@dev}}, &(0x7f0000006f80)=0xe8) getresgid(&(0x7f00000071c0), &(0x7f0000007200), &(0x7f0000007240)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getrandom(&(0x7f0000001740)=""/40, 0x102ca, 0x0) 16:22:52 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu\x00', 0x200002, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000000c0), 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000040), 0x1) 16:22:52 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r1, 0x208200) r2 = open(&(0x7f00000004c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000001c80)=ANY=[@ANYBLOB="0000000000000000010000800000000001000000000000002f"]) 16:22:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0xaaaaaaaaaaaab7d, 0x0, &(0x7f0000000080), 0x111) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000180)={0x0, 0x1, 0x6, @local}, 0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f00000001c0)="650fc75c276766b882000f00d0c4423d3c56eef22ede9a002000000f01cf0f3042802100660f38802afb0f23d4", 0x2d}], 0x1, 0xffffffffffffffff, &(0x7f0000000040), 0x0) ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f0000000080)="68bd08dfd7ebd3") ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:22:53 executing program 1: 16:22:53 executing program 4: 16:22:53 executing program 4: r0 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000040)=0x9, 0x4) socket$xdp(0x2c, 0x3, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000080)=0x6, 0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={0xffffffffffffffff}, 0x106, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000180)={0xf, 0x8, 0xfa00, {r2}}, 0x10) ioctl$KVM_SET_SIGNAL_MASK(r1, 0x4004ae8b, &(0x7f00000001c0)) getpeername$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, &(0x7f0000000240)=0x1c) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000280), &(0x7f00000002c0)=0x4) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x2, 0x0, @ioapic={0x11004, 0x10001, 0x7fff, 0x8, 0x0, [{0x6be4, 0x0, 0x6, [], 0x2b1}, {0x7, 0x1, 0x8, [], 0xffffffffffffc9b6}, {0x4, 0x4, 0x2, [], 0x100}, {0x6, 0x8, 0x0, [], 0x2}, {0x101, 0x0, 0x8001, [], 0x8}, {0x0, 0xffffffffffffffe1, 0x8001}, {0xffff, 0x0, 0x8000, [], 0x800}, {0x2, 0x1, 0x80000001, [], 0x100000001}, {0x80000000, 0x6a, 0x80000000, [], 0x9}, {0x3, 0x0, 0x1ff, [], 0x1}, {0x4, 0x8, 0x3, [], 0x4}, {0x3f, 0x2, 0x200}, {0x8000, 0x0, 0x4000000000000000, [], 0x8000}, {0xff, 0xfff, 0x7, [], 0x5}, {0x8, 0x3ff, 0x100000001, [], 0x7fffffff}, {0xfffffffffffffff8, 0x81, 0x1, [], 0x4}, {0x1, 0x8, 0x6ee, [], 0x6}, {0xfffffffffffffd12, 0x1ff, 0x0, [], 0x80}, {0x460e0373, 0x5, 0x8000, [], 0x8}, {0x1, 0x1, 0xffffffffffff0000, [], 0x7}, {0x1, 0x3f, 0x4, [], 0x7fff}, {0x5, 0x4, 0x8, [], 0x100000000}, {0x4, 0x200, 0x4, [], 0x3ff}, {0x2, 0x1, 0x400, [], 0x3}]}}) ioctl$IOC_PR_RESERVE(r1, 0x401070c9, &(0x7f0000000400)={0x1, 0x1}) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000440)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000480)={0x5cf, 0x1a2, 0x13ff, 0x4}, 0x8) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000004c0)={0x20, 0xffffffff7fffffff, 0x4f1, 0x400}) setxattr(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)=@random={'system.', '/dev/dsp\x00'}, &(0x7f0000000580)='/dev/dsp\x00', 0x9, 0x2) r4 = epoll_create1(0x80000) r5 = accept$packet(r0, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000600)=0x14) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000640)={@mcast1, @mcast2, @mcast2, 0x3ff, 0x6, 0x7f, 0x500, 0x3, 0x80106, r6}) getsockopt$inet6_buf(r1, 0x29, 0x3d, &(0x7f00000006c0)=""/252, &(0x7f00000007c0)=0xfc) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000800), 0x2) ioctl$KDSETMODE(r3, 0x4b3a, 0x9) fcntl$getownex(r5, 0x10, &(0x7f0000000840)) r7 = syz_open_dev$vcsa(&(0x7f0000000880)='/dev/vcsa#\x00', 0x6, 0x2001) ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, &(0x7f00000008c0)={0x2, 0x1}) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000900)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f0000000940)) ioctl$KDSETMODE(r7, 0x4b3a, 0x6) r8 = add_key$user(&(0x7f0000000980)='user\x00', &(0x7f00000009c0)={'syz', 0x1}, &(0x7f0000000a00)="dacb6489296a85a6e7eba69a023d095d2a2dbc5693819b317425be2b1de2873881d0035657671947de", 0x29, 0xfffffffffffffff8) r9 = add_key$user(&(0x7f0000000bc0)='user\x00', &(0x7f0000000c00)={'syz', 0x0}, &(0x7f0000000c40)="4e494a8000e26404a9825be1fd6fb4db151372fc4bbc6148d7d7a188ea1b4d5f7ef917f2f2bd59a5dd9f59aabffd0d365d7a75375a3948e3ad8669cdcb4ba526c9613af0eff5349c9b86f8e59e904d3a66dc62f1bfebe99dbf7557b624ba4e60b9eed45760e526a717a88e6ad9b4ac0295ffb893383ac3cbfe1c9cbf5d7809a076b43d46001bf1a98de7babba70748c9492f0682603c734800be824a66ec84309d464b33071d5a01d7182b2f17c50e2202a934161f8593fdcba858ad47d753b1c1b74a6987bfa57de9", 0xc9, 0xfffffffffffffffb) keyctl$instantiate_iov(0x14, r8, &(0x7f0000000b80)=[{&(0x7f0000000a40)="3f67b1cde810ec915cd83c0376d8789cb8c703d9667cb8236ef5ba3e8cd36d17b3f231289274d3c74e29f6b80434cfb77245e167b8882c06323e7553c2824e235c02655912eb6f01e50eff83ffe73964765782819b1106fd2143eb74c63a3759bd5bcdb41af54b1a854e08efa8ef56966ea8fe4ffb9bbb9c583a91e20900c0638e", 0x81}, {&(0x7f0000000b00)="a95219fec028a72b3512ed61a619d0d4566374d9d38d32aaa7d1935a93cfcf4c2fa2c3f911ff1b6c746a3a7b4e9327f68d8cf37cec3fe6484d0483582c1f5f16a53b8d30b9b06ab0d47c56a54583a6a735400e5f88a75f4e22f8a715fecc5b6882bd069d25854f71cb3c19dc1f08c41f223096c16bea83a6d58e", 0x7a}], 0x2, r9) 16:22:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0xaaaaaaaaaaaab7d, 0x0, &(0x7f0000000080), 0x111) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000180)={0x0, 0x1, 0x6, @local}, 0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f00000001c0)="650fc75c276766b882000f00d0c4423d3c56eef22ede9a002000000f01cf0f3042802100660f38802afb0f23d4", 0x2d}], 0x1, 0xffffffffffffffff, &(0x7f0000000040), 0x0) ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, &(0x7f0000000080)="68bd08dfd7ebd3") ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 289.868927] clocksource: timekeeping watchdog on CPU1: Marking clocksource 'tsc' as unstable because the skew is too large: [ 289.880302] clocksource: 'acpi_pm' wd_now: 147afc wd_last: 5e9929 mask: ffffff [ 289.889745] clocksource: 'tsc' cs_now: a0641964f5 cs_last: 9e9b966a2d mask: ffffffffffffffff [ 289.900341] tsc: Marking TSC unstable due to clocksource watchdog [ 289.918438] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'. [ 289.927335] sched_clock: Marking unstable (289976470060, -58073225)<-(290042860988, -124443751) [ 289.938783] clocksource: Switched to clocksource acpi_pm 16:22:55 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2000000000000002) write$evdev(r0, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) r1 = dup2(r0, r0) clone(0x6102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) ioctl$EVIOCGREP(r1, 0x80084503, &(0x7f00000003c0)=""/126) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, "872914e15e3dbeff3a87bdc81345d4577cc286d412735e16bb02ce80e86ea40c"}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 16:22:55 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) geteuid() getgroups(0x2, &(0x7f0000004140)=[0xee00, 0xffffffffffffffff]) getresgid(&(0x7f0000006880), &(0x7f00000068c0), &(0x7f0000006900)) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000006e40)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000006e80)={{{@in6=@remote, @in=@dev}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@dev}}, &(0x7f0000006f80)=0xe8) getresgid(&(0x7f00000071c0), &(0x7f0000007200), &(0x7f0000007240)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getrandom(&(0x7f0000001740)=""/40, 0x102ca, 0x0) 16:22:55 executing program 1: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000080)=0x0) waitid(0x0, r0, &(0x7f0000000140), 0x1000000, &(0x7f0000000180)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x800, 0x0) io_setup(0x9, &(0x7f0000001300)=0x0) preadv(r1, &(0x7f0000000700)=[{&(0x7f0000000040)=""/20, 0x14}], 0x1, 0x0) io_submit(r2, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000001340)}]) 16:22:55 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu\x00', 0x200002, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000000c0), 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) sendfile(r1, r1, &(0x7f0000000040), 0x1) 16:22:55 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) getresgid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000001c0)={{0x0, 0x0, 0x0, 0x0, "73797a31000000000000000000000000000000000000000000000000008000"}, 0x6, 0x0, 0x2b, 0x0, 0x0, 0x0, 'syz1\x00', &(0x7f0000000040), 0x0, [], [0x7, 0xfffffffffffffff9, 0x80000000000000]}) r1 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x8, 0x0) ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000300)={0x17, 0x42, &(0x7f0000000140)="79f9b522bbc1c0a11eef8a6d09ca3df19184cefe9ac131f5fa6830fa7c79907966a546e83e862b7e5ebc69ba5a4d15766b8548046249245ecba065048a3365ed4af1"}) 16:22:55 executing program 2: r0 = socket$inet_dccp(0x2, 0x6, 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x9) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f00000001c0)=""/205) getsockopt$inet_int(r0, 0x10d, 0xc, &(0x7f00000002c0), &(0x7f00000000c0)=0x4) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r3, 0x80045530, &(0x7f0000000300)=""/4096) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x4) 16:22:55 executing program 3: 16:22:55 executing program 5: 16:22:55 executing program 4: 16:22:56 executing program 3: 16:22:56 executing program 5: 16:22:56 executing program 5: 16:22:58 executing program 0: 16:22:58 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps_rollup\x00') socket$inet6_dccp(0xa, 0x6, 0x0) mlock(&(0x7f000058b000/0x4000)=nil, 0x4000) sigaltstack(&(0x7f0000585000/0x5000)=nil, &(0x7f0000000000)) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)=0x8000) sendfile(r0, r0, &(0x7f0000000140)=0x8008004, 0x1fc) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 16:22:58 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x10000, 0x400) r2 = geteuid() stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RGETATTR(r1, &(0x7f00000001c0)={0xa0, 0x19, 0x1, {0x1, {0x0, 0x3, 0x3}, 0x20, r2, r3, 0x2, 0x8, 0x7, 0x7, 0x401, 0xff, 0x7fffffff, 0x8, 0x9, 0x6, 0x1000, 0x100000000, 0x8, 0x8, 0x5}}, 0xa0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_bridge\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r4, 0x1, 0x6, @remote}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r4, 0x1, 0x6}, 0x10) io_setup(0x7fffffff, &(0x7f0000000280)=0x0) io_getevents(r5, 0x7, 0x1, &(0x7f00000002c0)=[{}], &(0x7f0000000300)={0x77359400}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000008c0)={r4, 0x1, 0x6, @remote}, 0x10) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000400)=0x0) perf_event_open(&(0x7f0000000380)={0x5, 0x70, 0x5, 0x8000, 0x1ff, 0x2, 0x0, 0x0, 0xda0affe3d41a0165, 0x2, 0x6, 0x70cf1d3c, 0x100, 0x0, 0x21, 0xffffffffffff8001, 0x3, 0x0, 0x3, 0x1, 0x1, 0xa8, 0x7, 0x1, 0x140000000000, 0x9, 0x3, 0x3f, 0x1f, 0xa1, 0x2, 0xf2c9, 0xf52, 0x4, 0x10000, 0x31e2ad23, 0xffffffffffffff9d, 0x3, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000340), 0x2}, 0x400, 0x9, 0x9, 0x7, 0x2, 0x7fffffff, 0x800}, r6, 0x8, r1, 0x8) 16:22:58 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0x10) setsockopt$sock_int(r0, 0x1, 0x200000000003c, &(0x7f0000000000)=0x1, 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) sendto$inet(r0, &(0x7f000099bf26), 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000980)={0x1}, 0x55) sendto$inet(r0, &(0x7f0000000100), 0x229f, 0x4008000, 0x0, 0x13b) dup3(r1, r0, 0x0) 16:22:58 executing program 1: 16:22:58 executing program 2: [ 293.778961] device veth0_to_bridge entered promiscuous mode [ 293.804241] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 16:22:59 executing program 1: [ 293.944657] device veth0_to_bridge left promiscuous mode 16:22:59 executing program 5: 16:22:59 executing program 0: 16:22:59 executing program 2: 16:22:59 executing program 4: 16:22:59 executing program 3: 16:22:59 executing program 5: 16:22:59 executing program 1: 16:22:59 executing program 2: 16:22:59 executing program 0: 16:22:59 executing program 4: 16:22:59 executing program 5: 16:23:00 executing program 3: 16:23:00 executing program 0: 16:23:00 executing program 2: 16:23:00 executing program 5: 16:23:00 executing program 1: 16:23:00 executing program 4: 16:23:00 executing program 3: 16:23:00 executing program 2: 16:23:00 executing program 0: 16:23:00 executing program 1: 16:23:00 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000000000)={0x4400000010, 0x0, 0x0, 0x70a0}, 0xc) getsockopt$netlink(r1, 0x10e, 0x8000000009, &(0x7f00007e0000)=""/4, &(0x7f0000000080)=0x4) 16:23:00 executing program 2: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000040)=0x4, 0x0, 0x4, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000080), 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r0, 0x1000000000016) clone(0x0, &(0x7f0000000380), &(0x7f0000001380), &(0x7f00000013c0), &(0x7f0000001400)) futex(&(0x7f000000cffc), 0x800000000005, 0x0, &(0x7f0000000180)={0x77359400}, &(0x7f0000000040), 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381) 16:23:01 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x8d4, 0x10}, 0xfffffeb1) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0xd, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x48, 0x1}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0xfb, &(0x7f00001a7f05)=""/251}, 0x14) 16:23:01 executing program 0: mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10000032, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x522000000003, 0x11) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000000)) 16:23:01 executing program 1: 16:23:01 executing program 3: 16:23:01 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='fusectl\x00', 0x3, &(0x7f0000000180)="7766646e6f86ab72bf27c3f7f5c4e108ae53310209cd338f6df397d6df029da2e410a5596fdf31227a200afd79c16dcb4d3fe62753ce183676007a665e43c6cee915f46fb447706e4ca00c0f3eadc51a65b71ed0bb300e78fe7c1caa4f71ac59001cd68654adc4b6c08d718d0642ddc7fa3309d91837015c1e41b8a1d777ffe04a3d869e398bd0fd120353a0afa9fca92e2013f7a2f6631626086c011355d701a8d01f8dd37caabbe85c9af95d10f3a20ab4373b01b1a9049fc6f3b9b2bb") 16:23:01 executing program 4: r0 = socket(0x10, 0x3, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={{0x77359400}, {0x0, 0x7530}}, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0xb5, 0x0, &(0x7f0000000000)={0x77359400}) sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000003a00050300000000000000000a000000d8111d703edb1864b1fb6cc2859d37cc4d665511f972c9f1b9fe022e27d6598791bd73392c8fde8b332fdea8a2850dd1b1d7e9a674d6a5032d4852ac4c704996da645d533ba39e6ee3f3c3c1632ff741d913bebd829016361950c296fe733edaeecdec28a1f383dae7ed0bc905204046f50edcc1047e870015f08816"], 0x1}}, 0x0) 16:23:01 executing program 1: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/current\x00', 0x2, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000000)={0x7}, 0x7) 16:23:01 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f00000018c0)={&(0x7f0000000000), 0xc, &(0x7f0000001880)={&(0x7f0000001840)={0x14}, 0x14}, 0x1, 0x0, 0x0, 0x5}, 0x404c890) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000040)={&(0x7f00000001c0)=@ipv6_newaddr={0x40, 0x14, 0x509, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r3}, [@IFA_CACHEINFO={0x14, 0x6, {0x0, 0xf0ffff00000005}}, @IFA_LOCAL={0x14, 0x2, @local={0xfe, 0x80, [0xffffffffa0010000]}}]}, 0x179}}, 0x0) 16:23:01 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) sendmsg(r0, &(0x7f0000014fc8)={&(0x7f0000006ff0)=@in={0x2, 0x4e23, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x80, &(0x7f0000000040), 0x0, &(0x7f000001ef80)=[{0x10, 0x0, 0x7}], 0x10}, 0x0) 16:23:01 executing program 5: r0 = timerfd_create(0x7, 0x80800) timerfd_settime(r0, 0x0, &(0x7f0000000000)={{0x77359400}, {0x0, 0x989680}}, &(0x7f0000000100)) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000040)=""/60, 0x3c}], 0x1) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x204000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x34, r2, 0x8, 0x0, 0x25dfdbfd, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x14}, 0x0) 16:23:02 executing program 1: 16:23:03 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f00000003c0)) mount(&(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)="18765468f7c38d", 0x100000, &(0x7f0000000400)) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200)) mount(&(0x7f0000000100)=@nullb='/dev/nullb0\x00', &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='sysfs\x00', 0x0, &(0x7f0000000440)='eth1{\x00') umount2(&(0x7f0000000380)='./file0\x00', 0x0) 16:23:03 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) sendmsg(r0, &(0x7f0000014fc8)={&(0x7f0000006ff0)=@in={0x2, 0x4e23, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x80, &(0x7f0000000040), 0x0, &(0x7f000001ef80)=[{0x10, 0x0, 0x7}], 0x10}, 0x0) 16:23:03 executing program 0: 16:23:03 executing program 5: 16:23:03 executing program 1: 16:23:03 executing program 4: 16:23:03 executing program 4: 16:23:03 executing program 5: 16:23:03 executing program 1: 16:23:03 executing program 0: 16:23:03 executing program 3: 16:23:04 executing program 4: 16:23:04 executing program 2: 16:23:04 executing program 1: 16:23:04 executing program 0: 16:23:04 executing program 5: 16:23:04 executing program 3: 16:23:04 executing program 4: 16:23:04 executing program 0: 16:23:04 executing program 5: 16:23:04 executing program 1: 16:23:05 executing program 3: 16:23:05 executing program 2: 16:23:05 executing program 4: 16:23:05 executing program 0: r0 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) mremap(&(0x7f00004d9000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000066f000/0x3000)=nil) 16:23:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x1000000000000a, 0x80000000005, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gre0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x3}, 0xc, &(0x7f00000006c0)={&(0x7f0000000180)=@bridge_delneigh={0x1c, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r2}}, 0x1c}}, 0x0) 16:23:05 executing program 1: r0 = openat$ion(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ion\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x8, 0x1b, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000100)=0x2) 16:23:05 executing program 2: mlockall(0x1) mlock2(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) 16:23:05 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f00000000c0)}, 0x10) 16:23:05 executing program 4: socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000100, 0x0, 0xfffffffffffffffe, &(0x7f0000000fc0), 0xffffffffffffffff) [ 300.637360] ================================================================== [ 300.642038] BUG: KMSAN: uninit-value in vmap_page_range_noflush+0x975/0xed0 [ 300.642038] CPU: 0 PID: 8331 Comm: syz-executor1 Not tainted 4.19.0-rc4+ #66 [ 300.642038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.642038] Call Trace: [ 300.642038] dump_stack+0x306/0x460 [ 300.642038] ? vmap_page_range_noflush+0x975/0xed0 [ 300.642038] kmsan_report+0x1a2/0x2e0 [ 300.642038] __msan_warning+0x7c/0xe0 [ 300.642038] vmap_page_range_noflush+0x975/0xed0 [ 300.642038] map_vm_area+0x17d/0x1f0 [ 300.642038] kmsan_vmap+0xf2/0x180 [ 300.642038] vmap+0x3a1/0x510 [ 300.642038] ? ion_heap_map_kernel+0xa33/0xad0 [ 300.642038] ion_heap_map_kernel+0xa33/0xad0 [ 300.642038] ? ion_ioctl+0x690/0x690 [ 300.642038] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 300.717102] ? ion_dma_buf_release+0x430/0x430 [ 300.717102] dma_buf_ioctl+0x376/0x630 [ 300.717102] ? dma_buf_poll+0x1690/0x1690 [ 300.717102] do_vfs_ioctl+0xcf3/0x2810 [ 300.717102] ? security_file_ioctl+0x92/0x200 [ 300.717102] __se_sys_ioctl+0x1da/0x270 [ 300.745999] __x64_sys_ioctl+0x4a/0x70 [ 300.745999] do_syscall_64+0xbe/0x100 [ 300.752127] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 300.752127] RIP: 0033:0x457579 [ 300.752127] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 300.752127] RSP: 002b:00007f035fc58c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 300.752127] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 300.793353] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000004 [ 300.793353] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 300.793353] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f035fc596d4 [ 300.814031] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 300.814031] [ 300.814031] Uninit was created at: [ 300.814031] kmsan_internal_poison_shadow+0xc8/0x1d0 [ 300.814031] kmsan_kmalloc+0xa4/0x120 [ 300.814031] __kmalloc+0x14b/0x440 [ 300.814031] kmsan_vmap+0x9b/0x180 [ 300.814031] vmap+0x3a1/0x510 [ 300.814031] ion_heap_map_kernel+0xa33/0xad0 [ 300.814031] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 300.814031] dma_buf_ioctl+0x376/0x630 [ 300.814031] do_vfs_ioctl+0xcf3/0x2810 [ 300.814031] __se_sys_ioctl+0x1da/0x270 [ 300.814031] __x64_sys_ioctl+0x4a/0x70 [ 300.814031] do_syscall_64+0xbe/0x100 [ 300.814031] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 300.814031] ================================================================== [ 300.814031] Disabling lock debugging due to kernel taint [ 300.814031] Kernel panic - not syncing: panic_on_warn set ... [ 300.814031] [ 300.814031] CPU: 0 PID: 8331 Comm: syz-executor1 Tainted: G B 4.19.0-rc4+ #66 [ 300.814031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.814031] Call Trace: [ 300.814031] dump_stack+0x306/0x460 [ 300.814031] panic+0x54c/0xafa [ 300.814031] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 300.814031] kmsan_report+0x2d3/0x2e0 [ 300.814031] __msan_warning+0x7c/0xe0 [ 300.814031] vmap_page_range_noflush+0x975/0xed0 [ 300.814031] map_vm_area+0x17d/0x1f0 [ 300.814031] kmsan_vmap+0xf2/0x180 [ 300.814031] vmap+0x3a1/0x510 [ 300.814031] ? ion_heap_map_kernel+0xa33/0xad0 [ 300.814031] ion_heap_map_kernel+0xa33/0xad0 [ 300.814031] ? ion_ioctl+0x690/0x690 [ 300.814031] ion_dma_buf_begin_cpu_access+0x2ba/0x9b0 [ 300.814031] ? ion_dma_buf_release+0x430/0x430 [ 300.814031] dma_buf_ioctl+0x376/0x630 [ 300.814031] ? dma_buf_poll+0x1690/0x1690 [ 300.814031] do_vfs_ioctl+0xcf3/0x2810 [ 300.814031] ? security_file_ioctl+0x92/0x200 [ 300.814031] __se_sys_ioctl+0x1da/0x270 [ 300.814031] __x64_sys_ioctl+0x4a/0x70 [ 300.814031] do_syscall_64+0xbe/0x100 [ 300.814031] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 300.814031] RIP: 0033:0x457579 [ 300.814031] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 300.814031] RSP: 002b:00007f035fc58c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 300.814031] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 300.814031] RDX: 0000000020000100 RSI: 0000000040086200 RDI: 0000000000000004 [ 301.057685] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 301.063909] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f035fc596d4 [ 301.072604] R13: 00000000004bedb1 R14: 00000000004ceb30 R15: 00000000ffffffff [ 301.072604] Kernel Offset: disabled [ 301.072604] Rebooting in 86400 seconds..