INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. 2018/09/22 05:05:20 fuzzer started 2018/09/22 05:05:22 dialing manager at 10.128.0.26:46055 2018/09/22 05:05:22 syscalls: 1 2018/09/22 05:05:22 code coverage: enabled 2018/09/22 05:05:22 comparison tracing: enabled 2018/09/22 05:05:22 setuid sandbox: enabled 2018/09/22 05:05:22 namespace sandbox: enabled 2018/09/22 05:05:22 Android sandbox: /sys/fs/selinux/policy does not exist 2018/09/22 05:05:22 fault injection: enabled 2018/09/22 05:05:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/09/22 05:05:22 net packed injection: enabled 2018/09/22 05:05:22 net device setup: enabled 05:08:08 executing program 0: socket$key(0xf, 0x3, 0x2) clone(0x20802102001ff4, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x400000000000005, &(0x7f0000000200)) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000, 0x7, &(0x7f0000000000/0x4000)=nil) 05:08:08 executing program 2: prctl$intptr(0x1000000001d, 0xfffffffffffff0be) prctl$intptr(0x1e, 0x0) 05:08:08 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0xee9, 0x0, 0x9, 0x28, 0xffffffffffffff9c}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x0, 0x0, 0x6, 0x0, 0x4}, 0x2c) socketpair(0x1d, 0x2, 0x2, &(0x7f0000000040)) getpid() 05:08:08 executing program 3: r0 = socket$packet(0x11, 0x8000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0_to_bridge\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f0000000200)=@newneigh={0x28, 0x1c, 0x503, 0x0, 0x0, {0x2, 0x0, 0x0, r1, 0x18}, [@NDA_DST_MAC={0xc, 0x1, @broadcast}]}, 0x28}}, 0x0) 05:08:08 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='proc\x00', 0x0, &(0x7f0000000180)) r1 = open$dir(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000000)=""/41, 0x29) getdents64(r1, &(0x7f0000000440)=""/186, 0x760) getdents64(r1, &(0x7f0000000100)=""/81, 0x4a) getdents(r1, &(0x7f00000005c0)=""/4096, 0x299) 05:08:08 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x1800000000000000, 0xe, 0x29, &(0x7f0000000000)="b90703e6680d698cb89e40f02cea", &(0x7f00000000c0)=""/41, 0x100, 0xa00}, 0x28) syzkaller login: [ 206.765517] IPVS: ftp: loaded support on port[0] = 21 [ 206.784326] IPVS: ftp: loaded support on port[0] = 21 [ 206.833243] IPVS: ftp: loaded support on port[0] = 21 [ 206.862801] IPVS: ftp: loaded support on port[0] = 21 [ 206.893669] IPVS: ftp: loaded support on port[0] = 21 [ 206.932118] IPVS: ftp: loaded support on port[0] = 21 [ 209.087619] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.109910] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.117660] device bridge_slave_0 entered promiscuous mode [ 209.186726] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.210222] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.217710] device bridge_slave_0 entered promiscuous mode [ 209.239388] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.252322] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.260453] device bridge_slave_1 entered promiscuous mode [ 209.267572] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.274819] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.282783] device bridge_slave_0 entered promiscuous mode [ 209.337904] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.359925] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.367392] device bridge_slave_1 entered promiscuous mode [ 209.389212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.415041] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.423154] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.431102] device bridge_slave_0 entered promiscuous mode [ 209.445200] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.453656] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.461722] device bridge_slave_1 entered promiscuous mode [ 209.471156] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.477529] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.511084] device bridge_slave_0 entered promiscuous mode [ 209.518777] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.529876] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.537308] device bridge_slave_0 entered promiscuous mode [ 209.549444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.566992] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.578994] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.619849] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.627361] device bridge_slave_1 entered promiscuous mode [ 209.635231] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.642003] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.649459] device bridge_slave_1 entered promiscuous mode [ 209.658942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.674642] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.707738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.730430] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.736810] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.760997] device bridge_slave_1 entered promiscuous mode [ 209.771988] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.808156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.842326] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.884832] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.902545] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 209.920472] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.027437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 210.093581] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.108065] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.242227] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.278082] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.327731] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.345515] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.380800] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.451266] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.492557] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.512476] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.531925] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.538804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.557750] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.575350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.620675] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.630539] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.639320] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.701345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.711670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.723236] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.748653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.781807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.788882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.803027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.813007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.847377] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.876173] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.894751] team0: Port device team_slave_0 added [ 210.929778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.968527] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.980311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.019832] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.033812] team0: Port device team_slave_1 added [ 211.103727] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.121891] team0: Port device team_slave_0 added [ 211.139098] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.166843] team0: Port device team_slave_0 added [ 211.176102] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.195691] team0: Port device team_slave_0 added [ 211.211107] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.235599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.250976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.273254] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.282021] team0: Port device team_slave_0 added [ 211.293769] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.302547] team0: Port device team_slave_1 added [ 211.314940] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.350989] team0: Port device team_slave_1 added [ 211.356342] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.370262] team0: Port device team_slave_1 added [ 211.398618] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.426336] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.446899] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.460909] team0: Port device team_slave_1 added [ 211.466986] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.491282] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.498934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.540629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.555041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.571014] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.581736] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.594187] team0: Port device team_slave_0 added [ 211.599361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.611974] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.630666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.638567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.656220] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 211.668855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.685176] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.701321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.712802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.724928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.733576] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.741689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.749647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.761396] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.770247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.778086] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.796086] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.809316] team0: Port device team_slave_1 added [ 211.817272] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 211.828140] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.843462] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.869925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.889296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.920989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.947234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.955289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.969821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.981440] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.990077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.998910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.013895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.030730] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.040786] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.047911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.063836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.087431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.110339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.124077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.138462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.146961] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.158274] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.175795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.197098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.230297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.238415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.274197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.295744] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.311423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.319336] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.329302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.338061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.420317] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.427499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.438993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.555691] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.563839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.572293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.346110] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.352653] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.359590] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.366016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.385969] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.521793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.551282] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.557677] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.564405] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.570831] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.611124] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.625801] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.632287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.638943] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.645384] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.654761] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.742369] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.748779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.755510] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.761930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.777756] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.799069] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.805489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.812220] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.818598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.854043] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.968027] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.974500] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.981233] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.987615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.003206] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 214.560240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.567567] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.590985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.598214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.630765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.701261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.946363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.967838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.999906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.179494] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.233910] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.249153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.390465] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.443116] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.540426] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.645867] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.672978] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 219.707992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.730437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.848121] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 219.887598] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 219.920539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.927749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.993394] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 219.999659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.013927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.036833] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.055313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.070605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.085707] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.193971] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.213901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.229681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.403958] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 220.420594] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.436526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.462347] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.472203] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.504339] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.741530] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.866434] 8021q: adding VLAN 0 to HW filter on device team0 05:08:25 executing program 2: r0 = perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000300)=""/177, 0x9) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f00000001c0)={r1, 0x2}) r2 = memfd_create(&(0x7f0000000280)='0\x00\x00\x00\x00\x00', 0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0x8a) [ 223.503000] hrtimer: interrupt took 33181 ns 05:08:25 executing program 2: r0 = socket$inet(0x2, 0x840000000003, 0x2) r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x6, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0, 0x0], 0x2}) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000000)={0x9, {{0x2, 0x4e23, @broadcast}}}, 0x88) setsockopt$inet_int(r0, 0x0, 0xc8, &(0x7f0000000180), 0x2d) 05:08:25 executing program 0: mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, &(0x7f0000000600), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000b60000/0x4000)=nil) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x13, r3, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f0000000000), &(0x7f0000000040)=0xc) 05:08:26 executing program 3: r0 = socket$inet6(0xa, 0x81000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000700000008ffffffad2301000000000095000000000000006916000000000000bf67000000000000570600000f0000006706000002000000070600000ee60000bf050000000000001f650000000000006707000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffbd43010000000000950000000000000005000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) r1 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x3, 0x3) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) readahead(r0, 0x401, 0x7fffffff) write$P9_RSYMLINK(r1, &(0x7f00000000c0)={0x14, 0x11, 0x2, {0xa0, 0x0, 0x3}}, 0x14) 05:08:26 executing program 3: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x1ff, 0x20000) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000000080)=""/50, 0x32}) ioctl$SG_SCSI_RESET(r0, 0x5385, 0x400000) 05:08:26 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r1, 0x1}}, 0x10) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000000)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x30) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r1}}, 0x10) close(r0) 05:08:26 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000380), 0x7, &(0x7f0000000340)={&(0x7f0000000080)=@ipmr_getroute={0x1c, 0x1a, 0xb25}}}, 0x2) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x10001, 0x240640) getsockopt$inet6_dccp_int(r1, 0x21, 0x5, &(0x7f0000000040), &(0x7f00000000c0)=0x4) 05:08:26 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) unshare(0x10000000) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, r0, 0x0, 0xb, &(0x7f0000000100)='/dev/adsp#\x00'}, 0x30) perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x3, 0x8001, 0x81, 0x0, 0x0, 0x81, 0x40, 0x1, 0x81, 0x0, 0xb9, 0x100000001, 0xff, 0x7, 0x7, 0x3082, 0x100000000, 0xffffffffffffff01, 0x5, 0x7ff, 0x5, 0x10000, 0x8, 0x1f, 0x9, 0x2b2, 0xffffffffffffffff, 0x80, 0x80000000, 0xeae, 0x20, 0x4, 0xcf, 0x5, 0xfffffffffffffff1, 0x1, 0x0, 0x9, 0x0, @perf_config_ext={0x81, 0x2}, 0x10, 0x10001, 0xfff, 0x0, 0x20, 0x6, 0x6}, r2, 0xf, r0, 0x9) ioctl(r0, 0x4112, &(0x7f0000001f64)) syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x3, 0x101000) 05:08:26 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000440)=0x6) socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000000c0)={'veth1\x00', {0x2, 0x4e20, @remote}}) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x60000, 0x0) readv(r0, &(0x7f0000000800)=[{&(0x7f0000000100)=""/23, 0x17}, {&(0x7f00000002c0)=""/78, 0x4e}, {&(0x7f00000003c0)=""/44, 0x2c}, {&(0x7f0000000480)=""/123, 0x7b}, {&(0x7f0000000500)=""/194, 0xc2}, {&(0x7f0000000600)=""/83, 0x53}, {&(0x7f0000000400)=""/9, 0x9}, {&(0x7f0000000680)=""/200, 0xc8}, {&(0x7f0000000780)=""/79, 0x4f}], 0x9) socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) write$cgroup_type(r4, &(0x7f0000000180)='threaded\x00', 0xffffff5f) r5 = fcntl$getown(r2, 0x9) perf_event_open(&(0x7f0000000340)={0x4, 0x70, 0x17b0000000000000, 0x9, 0x8, 0x7ff, 0x0, 0x7, 0x1080, 0x1, 0x13d3e79, 0x3ff, 0x80, 0x3, 0x2, 0x80000000, 0x3ff, 0xffffffff, 0x8, 0x9, 0xc28, 0xa6, 0x1, 0x5, 0x0, 0xfff, 0x8000, 0x8, 0x5000000000000, 0x8, 0x0, 0x1, 0x8, 0x3, 0x64, 0x1, 0xffffffffffffffff, 0x10000, 0x0, 0x7, 0x1, @perf_config_ext={0x100000000, 0x800}, 0x0, 0x68e71a4c, 0x8000, 0x6, 0x8, 0xdf50, 0x40}, r5, 0x6, 0xffffffffffffffff, 0x2) recvmsg$kcm(r3, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x80, &(0x7f0000000000), 0x0, &(0x7f00000001c0)=""/17, 0x11}, 0x3efc) ioctl$FIBMAP(r3, 0x1, &(0x7f0000000280)=0x100000000) 05:08:26 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x2000000000008912, &(0x7f0000000100)="153f62e5ff8623e0a247fcaecb5c91589834488dd25d76607028f2a8a78e49d2b42c1776004e4f4efcfacc5f88bc611a32c431fd04f0738ebbd71e069a07d67ed6d0363168edb2c87d4c2e03061afa45988e592f4ead91a4d51e1d638da66f682954544bd57e546ea99bacec98fa8eba754ecac2726ea9119cc867330be128f45ef6e19c4b45c8dad4a9c3cf2d14d3c33f74859da9e674015878baaa84") socket(0xa, 0x1, 0x0) fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r1) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setgroups(0x0, &(0x7f0000000000)) r4 = socket$pppoe(0x18, 0x1, 0x0) setresuid(0x0, r3, 0x0) getsockopt$bt_hci(r4, 0x0, 0x2, &(0x7f0000000080)=""/54, &(0x7f00000000c0)=0x36) shmget$private(0x0, 0x3000, 0x820, &(0x7f0000ffd000/0x3000)=nil) 05:08:26 executing program 4: r0 = syz_open_dev$sndtimer(&(0x7f00000b5ff1)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2}}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x8000000, 0x0) [ 224.230690] hugetlbfs: syz-executor3 (7189): Using mlock ulimits for SHM_HUGETLB is deprecated 05:08:26 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000000)) setsockopt$inet6_buf(r1, 0x29, 0x22, &(0x7f0000000040), 0x0) 05:08:26 executing program 4: r0 = memfd_create(&(0x7f00000000c0)="c0873a2a18c16ba7875ba06f38aa4ba5d30b86ca3c7ffd368d7dd8f247b8ea936147d4fd1e42dc6062cebb4865299086e39608e0fab1d84eb257cb8d7d336c6d38a537c900484f41c86d4352fccb247533ecde25d05dd8eb448253173fd64173e3b19a46e6ba5bc7258820ee51529f818bdcc7dcde6dbe7f321129fbe0096d17d8da4034bd6a2a541e5ef76feedf0db8771de75fde87ddc1f0911a219cd30bc99564e32aa9fa999db8893ec9f216137b1a526f3a16002b24ed58b74b56715518e26bbd0e561614671bb0cf93", 0x0) write(r0, &(0x7f0000002000)='/', 0x1) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000140)) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000200)) fchmodat(r0, &(0x7f0000000440)='./file1\x00', 0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f00000003c0), 0x8) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') readv(r2, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) sendfile(r0, r0, &(0x7f0000000040), 0x7f) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) fcntl$addseals(r1, 0x409, 0x8) lchown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) 05:08:26 executing program 0: shmget(0x0, 0x3000, 0x408, &(0x7f0000ffd000/0x3000)=nil) shmctl$SHM_LOCK(0x0, 0xb) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$RTC_PIE_OFF(r0, 0x7006) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140), 0x0, 0x0, 0xfffffffffffffffd) keyctl$invalidate(0x15, 0x0) seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x58fe4}]}) syz_execute_func(&(0x7f0000000240)="42805da0124fefeddc0f01eea873fe19fa380f38211af3f081768cc8000000c481b5e5bc2b0000002167f00fbab204000000ca6b2179dae5e54175450f2e1a8f0818ef0d0e0000000044dbe271fb0703") ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000001c0)=0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={r1, r0, 0x0, 0x24, &(0x7f00000002c0)="6264657676626f786e657430766d6e65743176626f786e6574302373656c668e7da52400"}, 0x30) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) getpid() getresuid(&(0x7f0000000200), &(0x7f00000003c0), &(0x7f0000000400)) r2 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0xffff, 0x0) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000180)={'ip6tnl0\x00', 0x400}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000000480)=0xc) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000004c0)) getresuid(&(0x7f0000000500), &(0x7f0000000540), &(0x7f0000000580)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc) gettid() fstat(0xffffffffffffffff, &(0x7f0000000e80)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000f00), &(0x7f0000000f40)=0xc) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000001e40)) 05:08:26 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000040)=0xd3, 0x5) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000080), 0x0, 0x24007ffe, &(0x7f00000000c0)={0x2, 0x8000004e23, @rand_addr=0x401}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000000140)=0x1, 0xa1) r1 = memfd_create(&(0x7f0000000100)='dev ', 0xffffffffffffffff) ioctl$SCSI_IOCTL_SYNC(r1, 0x4) ftruncate(r1, 0x40001) sendfile(r0, r1, &(0x7f0000000180), 0xa00004000000002) 05:08:26 executing program 2: mkdir(&(0x7f0000000280)='./file0\x00', 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_aout(r0, &(0x7f0000000380)={{0x10f, 0x3, 0x1, 0xf7, 0x124, 0x3, 0x1ac, 0x5}, "678d643c49b77920810af1e013164bb005db7e6fb714991ddf4374979e016d8c2c92c5c4ea77d375bc7fda14fa8aa52def", [[], [], [], [], [], [], [], [], []]}, 0x951) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000240)='overlay\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="23d59dec040e99dc5fcf0bf49e65b6b575961b8f66662c78696e6f3d6f66662c00000009000000000000"]) 05:08:26 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vcs\x00', 0x40000, 0x0) ioctl$KVM_SET_DEBUGREGS(r1, 0x4080aea2, &(0x7f0000000280)={[0x4, 0xf007, 0x0, 0x6000], 0xfffffffffffff076, 0x1, 0x4}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x1, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000040)={0x3, 0x40}) ioctl$KVM_SET_XCRS(r1, 0x4188aea7, &(0x7f00000004c0)=ANY=[]) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000100)={0x16}) r4 = fcntl$dupfd(r0, 0x0, r0) accept$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) ioctl$HCIINQUIRY(r4, 0x800448f0, &(0x7f0000000200)={r5, 0x4, 0xee, 0x7fffffff, 0x83, 0x5, 0x1}) ioctl$TIOCSLCKTRMIOS(r4, 0x5457, &(0x7f0000000000)) 05:08:26 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x0, 0x0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000200)=@assoc_value={0x0}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000280)={r3, 0x2}, &(0x7f0000000300)=0x8) write$FUSE_ATTR(r0, &(0x7f0000000180)={0x78, 0x0, 0x8, {0x3f, 0xffff, 0x0, {0x2, 0xfffffffffffffd1c, 0x1ff, 0x101, 0x7, 0x5, 0x6, 0x0, 0x8, 0x5, 0x1, r1, r2, 0x9, 0x4}}}, 0x78) shmctl$SHM_LOCK(0xffffffffffffffff, 0xb) [ 224.481251] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 224.523834] overlayfs: unrecognized mount option "#՝_ euff" or missing value 05:08:26 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = accept4$unix(r1, &(0x7f0000000080), &(0x7f0000000000)=0x6e, 0x80000) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000100)={0x1, 0x1000, 0x2, 0x5, 0xff, 0x7}) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x4000, 0x0) fchdir(r0) ioctl$sock_inet_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000180)) clock_nanosleep(0xb, 0x0, &(0x7f0000000040), &(0x7f0000003c00)) inotify_add_watch(r3, &(0x7f00000001c0)='./file0\x00', 0x880) [ 224.567639] overlayfs: unrecognized mount option "#՝_ euff" or missing value 05:08:26 executing program 1: r0 = socket$inet(0x10, 0x80002, 0x7) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000000040), 0x1}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000010}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x6c, r2, 0x310, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x5c}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}]}, @IPVS_CMD_ATTR_SERVICE={0x44, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x68}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={[], [], @rand_addr=0x3f}}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8000}, 0x40015) ioctl$FICLONE(r0, 0x40049409, r0) 05:08:27 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0x16, 0x12, &(0x7f0000000180)=ANY=[@ANYBLOB="850000000800000077000000000000009500000400000000734df95b7e7a6e95c01873eb8335daec8d044703843265617734c11feb84e1e94ec9eea51cb43b0d5eb07f865116e4d41e4dd415d1fbabe58e41db33dee3daae4ec67adfc883de5f3f4eb970039f4196b3a17bae810b68b11c577a9f5fe98af134d3ba739042e39b4d125bb45eb3e9a878d00000000000000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x1000, &(0x7f0000014000)=""/4096, 0x0, 0x0, [], 0x0, 0x7}, 0x48) r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x6, 0x400) setsockopt$llc_int(r0, 0x10c, 0xf, &(0x7f0000000080)=0x1, 0x4) 05:08:27 executing program 4: r0 = memfd_create(&(0x7f00000000c0)="c0873a2a18c16ba7875ba06f38aa4ba5d30b86ca3c7ffd368d7dd8f247b8ea936147d4fd1e42dc6062cebb4865299086e39608e0fab1d84eb257cb8d7d336c6d38a537c900484f41c86d4352fccb247533ecde25d05dd8eb448253173fd64173e3b19a46e6ba5bc7258820ee51529f818bdcc7dcde6dbe7f321129fbe0096d17d8da4034bd6a2a541e5ef76feedf0db8771de75fde87ddc1f0911a219cd30bc99564e32aa9fa999db8893ec9f216137b1a526f3a16002b24ed58b74b56715518e26bbd0e561614671bb0cf93", 0x0) write(r0, &(0x7f0000002000)='/', 0x1) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) waitid(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000140)) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000200)) fchmodat(r0, &(0x7f0000000440)='./file1\x00', 0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f00000003c0), 0x8) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') readv(r2, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) sendfile(r0, r0, &(0x7f0000000040), 0x7f) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) fcntl$addseals(r1, 0x409, 0x8) lchown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) 05:08:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000080)="b9c70b0000b802000000ba000000000f300f21bcc42175d08cf6d66a0000c4624d93443a00b9980100000f3265f2410f0866470fe07d001d0000000043d9fe66baf80cb85cc87b8fef66bafc0ced", 0x4e}], 0x1, 0x0, &(0x7f0000000040), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000680)={0x0, 0x0, @pic={0x0, 0x9}}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="65d9f3ba2000b0e1eed9ff66b8c4b800000f23c00f21f86635000005000f23f80f01d1baf80c66b8a322e48266efbafc0cb09dee6726670f32670fb2aec1cb0000ff22c02200", 0x46}], 0x0, 0x0, &(0x7f00000000c0), 0x33e) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:08:27 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000040)=0x4, 0x4) close(r3) close(r2) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x0, 0x0, 0x0, 0x8000}, 0x1c) modify_ldt$read(0x0, &(0x7f0000000040)=""/138, 0xffffffffffffff05) mmap(&(0x7f0000195000/0x2000)=nil, 0x2000, 0x8, 0x80000000000803f, r0, 0x0) mremap(&(0x7f0000447000/0x3000)=nil, 0x3000, 0x3000, 0x0, &(0x7f0000997000/0x3000)=nil) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vhci\x00', 0x801, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x50, &(0x7f0000000100)={0x0, 0x0}}, 0x10) r6 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000001c0)=r5, 0x4) r7 = accept4(r6, &(0x7f0000000200)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000280)=0x80, 0x80000) ioctl$sock_inet_SIOCSIFDSTADDR(r7, 0x8918, &(0x7f0000000440)={'ip6_vti0\x00', {0x2, 0x4e22, @multicast2}}) getsockname$netlink(r7, &(0x7f0000000300), &(0x7f0000000340)=0xc) ioctl$BINDER_SET_MAX_THREADS(r6, 0x40046205, 0x8) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f0000000000), 0x2, 0x10000000002) getsockopt$inet_sctp6_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f00000004c0)={0x0, 0x8}, &(0x7f0000000500)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000540)={r8, @in={{0x2, 0x4e24, @loopback}}, 0x80, 0x9, 0x8, 0x0, 0x48}, 0x98) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000380)=""/130) 05:08:27 executing program 2: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x2080, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f00000001c0)=0x1) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00003dd000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000040)=""/246) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x1, 0x0) ioctl$EVIOCGPROP(r2, 0x4004743d, &(0x7f000082ef0a)=""/246) r3 = dup2(r2, r1) write$P9_RLERROR(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1200000007000009002f6465762f701f7000"], 0x12) fcntl$setpipe(r2, 0x407, 0x0) r4 = msgget(0x3, 0x40) msgctl$IPC_INFO(r4, 0x3, &(0x7f0000000200)=""/135) ioctl$LOOP_SET_FD(r0, 0x4c00, r3) [ 225.046668] sched: DL replenish lagged too much 05:08:27 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x1, &(0x7f0000000000)=[{0x400000000006}]}, 0x10) 05:08:27 executing program 5: clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000000)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x400080, 0x0) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f00000001c0)={0xaa1d, {0x2, 0x4e23, @local}, {0x2, 0x4e20, @loopback}, {0x2, 0x4e22, @multicast1}, 0x2, 0x7, 0x6, 0x80000000, 0x4, &(0x7f0000000100)='bond0\x00', 0x6, 0x7fff, 0x7f}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@local}}, &(0x7f0000000040)=0xe8) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000480)=ANY=[@ANYBLOB="b7333725d7ffffffbfa20040000000000702000020b5781a07feffff7a0af0fff8ffffff79a4f0ff00000000b70a00000045040000000000000704000000000000b7040000100000e182b200fe00000000850000001a00e38330ce0000000000029500000000001612354ed8ef0b4ccc3035ace105211d00000000064052400000003f000000c8b122cd8642d84bf9e7594c474857243d9d3b8a48ab75bcd4f6b1f8d6dbabf7fdc8164ff9d05e69"], &(0x7f0000000280)="c2066dd644ec01d752677f9c2d5fd0e7fa3d32003d", 0x3, 0xffffffffffffff9d, 0x0, 0x0, 0x0, [], r2}, 0x48) 05:08:27 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f00000000c0)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr, 0x0, 0x2b}, 0x0, @in=@broadcast}}, 0xe8) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) r2 = dup3(r0, r1, 0x80000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040), 0x2, 0x3}}, 0x20) 05:08:27 executing program 1: r0 = socket$packet(0x11, 0x10000000002, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r1}, 0x14) r2 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x200000) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f0000000180)={{0x0, 0x3, 0x80, 0xfffffffffffffffc, 0x8, 0x98da}, 0x7ff, 0x43888543, 0x6, 0x2, 0x8, "6c485795e2bcf738364a6fb021fa2ee57e958ba6e7faf59920824b6bf46d138b799431cab7afea8aa39268b675b48c12cd2352f9f7d224178448cfa80c0307c44d487fa890af7952f139c86e99b9d9b9ecd13363019a13510260f6d3a8ff9ec7b9fd403be8a9de12f5c9dcd4bdb450342b57b42bbc82130c671f79511eed9bfc"}) sendmmsg(r0, &(0x7f0000003080)=[{{&(0x7f00000000c0)=@ll={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000000480), 0x0, &(0x7f0000000500)}}, {{0x0, 0x0, &(0x7f0000002500), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="10000000006ea29e09913126f4000000"], 0x10}}], 0x2, 0x0) 05:08:27 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5385, &(0x7f0000000280)) timer_create(0x5, &(0x7f0000000000)={0x0, 0x11, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000080)=0x0) timer_settime(r1, 0x1, &(0x7f00000000c0)={{0x77359400}}, 0x0) 05:08:27 executing program 2: r0 = accept(0xffffffffffffff9c, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bic\x00', 0x4) r1 = socket$packet(0x11, 0x2, 0x300) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) sendmsg$rds(r0, &(0x7f00000029c0)={&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000000140)=""/63, 0x3f}, {&(0x7f0000000180)=""/16, 0x10}, {&(0x7f0000001240)=""/97, 0x61}], 0x4, &(0x7f0000002880)=[@rdma_args={0x48, 0x114, 0x1, {{0x5, 0xd76}, {&(0x7f00000012c0)=""/174, 0xae}, &(0x7f00000013c0)=[{&(0x7f0000001380)=""/23, 0x17}], 0x1, 0x40, 0x100000001}}, @rdma_args={0x48, 0x114, 0x1, {{0x10000, 0xfdb}, {&(0x7f0000001400)=""/4096, 0x1000}, &(0x7f00000024c0)=[{&(0x7f0000002400)=""/33, 0x21}, {&(0x7f0000002440)=""/15, 0xf}, {&(0x7f0000002480)=""/4, 0x4}], 0x3, 0x42, 0xfffffffffffffffa}}, @fadd={0x58, 0x114, 0x6, {{0xfffffffffffffb35, 0x7f}, &(0x7f0000002500)=0x8, &(0x7f0000002540)=0xd63c, 0xffffffff, 0x8, 0x1, 0x8, 0x4, 0x4}}, @rdma_args={0x48, 0x114, 0x1, {{0x0, 0x2}, {&(0x7f0000002580)=""/139, 0x8b}, &(0x7f0000002840)=[{&(0x7f0000002640)=""/27, 0x1b}, {&(0x7f0000002680)=""/172, 0xac}, {&(0x7f0000002740)=""/242, 0xf2}], 0x3, 0x1, 0x7e0}}], 0x130, 0x40000}, 0x20000000) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000200)) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000100)=@req3={0x0, 0x0, 0x0, 0xfffffffffffffffa}, 0x14) 05:08:27 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) sched_setattr(r2, &(0x7f0000000100)={0x0, 0x5, 0x1, 0x2, 0x7fff, 0x77b, 0x3}, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x0, 0x0, 'wrr\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) 05:08:27 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = getpid() r2 = getgid() setgid(r2) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) sched_setscheduler(r1, 0x5, &(0x7f0000000200)) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_pauseparam={0x12, 0x0, 0xff}}) 05:08:27 executing program 5: ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000003c0)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x2000000, &(0x7f0000000440)}, &(0x7f0000000180), &(0x7f00000004c0)=""/44, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x60}) 05:08:27 executing program 4: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x80000, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) syz_open_dev$sndtimer(&(0x7f00000001c0)='/dev/snd/timer\x00', 0x0, 0x80000) syz_emit_ethernet(0x7e, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x5, 0x0, 0x0, 0x0, 0xf0ffff, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4029, 0x0, @local, @dev, {[@timestamp={0x44, 0x40, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {[@broadcast]}, {[@multicast1]}, {[@dev]}]}]}}}}}}}, &(0x7f0000000000)) 05:08:27 executing program 3: openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x200, 0x0) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid_for_children\x00') capset(&(0x7f00001e8ff8)={0x20080522}, &(0x7f0000032fe8)) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x8200) socket$rds(0x15, 0x5, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000001c0)={r1, r1, 0xf, 0x3}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f0000000080)={0x0, 0x3d, "c8e9a3d59ff966970eb4bcea4063be6d486b921aeb4fdd388792779a6d329689d1607c0a13f4d248a9c461c82da7b05964e8bbb0420ea3c81c46b0545e"}, &(0x7f0000000100)=0x45) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000140)={r2, 0x3, 0xfffffffffffffffc, 0xd89, 0x1, 0x6}, &(0x7f0000000180)=0x14) setns(r0, 0x0) 05:08:27 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000943ffc)=0xa35) read(r0, &(0x7f00003fefff)=""/1, 0x19) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom(r2, &(0x7f0000000100)=""/9, 0x9, 0x0, &(0x7f0000000280)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="e475902c7860"}, 0x80) ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) fcntl$setsig(r2, 0xa, 0x1) poll(&(0x7f0000b2c000)=[{r3}], 0x1, 0xfffffffffffffff8) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)) r4 = dup2(r2, r3) fcntl$setown(r4, 0x8, r1) tkill(r1, 0x16) 05:08:27 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x200000019, &(0x7f0000000040)=0x7, 0x4) bind$inet(r0, &(0x7f0000000100), 0x10) 05:08:27 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000200)) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x1) fcntl$setlease(r0, 0x400, 0x6) 05:08:28 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES32], 0x4b) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x8) write$evdev(r1, &(0x7f0000000100), 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/33, 0x200000a1}], 0x1) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x12, 0x6, 0xc, "3ef8b73af3e7559d0daf3d6313f14f1f5f1890d01c684dc58cc0c65d5156981252c1032c1f3b7154cdef30876e5d44ba844461e70dfff7e7ec1de2f6e1c38bf1", "8c5464f726275c81fcd974b023bd271c536d969772737b7f5cb7c450995436a2", [0x7ff, 0x30000]}) 05:08:28 executing program 5: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x8, 0x20801) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000040)={0xc692, {{0x2, 0x4e21}}, {{0x2, 0x4e24, @local}}}, 0x108) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f00000001c0)=0xc) setfsgid(r2) close(0xffffffffffffffff) 05:08:28 executing program 4: clone(0x10000000, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) r0 = memfd_create(&(0x7f0000000e40)="0000000000007225f78380807dde5053601841a0d0f82b74374852b01f125997622dc4a5e71d2ce5ac32ff90824fa25e59073487cf36ad576e32926b04894da740f7e9c0ffb42c356a1f285bfc8f0b8c6f72ef151dab4c5c2a5a751f04bfc69ac5c3b5168a6d13d826b1ed0c7527d58f54adc12fca1f25c8fc2586ea4d90f84dabcdec291fb780a39a117d12b0893b182098dceed33b222a1d413709ae355d4d297fe42c5d4e9d8bbd9d0c709cae47e88f8aa22a505b3e995b501f0d3753cd3510e87436612b401305f316177f6d4d4c70fd9d2621c3707ad88da7852596d89a59cb74505e675ac6ebc03faa3ee99889176b571135031afc973c52c5f6437b8143002b30d8fb92011c4994cc024e40497b2daeb06ad5308af486d0178a418f6bdb6940f07dc6e5cf1a3c852b401e3ecec45d22fd687928411b83f68bf7be4b21fdf0033cf949b8a76aa65d68ad885967c2cc3c2d60ec74fcf5de162c94ffe3e15775c1a1cfd9818d4c17a2f8d0a7302538f079e7b128ef123c8bb909000000000000003814c2aea86c35fbf4244a64635d32ff12e4dcb3df56e5d5d3882a9984993f8a7fef72d875d21c1e3bb2bc3e6e79a2b6d322f710f0378abc2095d32139e39f3223db9961309295e4c3c8e1b0001dd757aa000000000000000000000000000008eca80c7b0c", 0x0) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e000000000000000000000000004000000000000000000000000000000000000008000038000003"], 0x3a) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000001c0), &(0x7f00000001c0), 0x1000) 05:08:28 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)=""/49, 0x31}], 0x10000023, &(0x7f00000002c0)=""/77, 0x4d}, 0x0) recvmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x47, &(0x7f0000000000)}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpuacct.usage_percpu\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000240)={0xaf4, 0x7, 0x100, 0x2, &(0x7f0000000600)=[{}, {}, {}, {}, {}, {}, {}]}) socket$kcm(0xa, 0x0, 0x0) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000500)) r3 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x13, r0, 0x0) r4 = mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x10, r1, 0x1f) r5 = mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x50, r0, 0x0) r6 = mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x20010, r2, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000a00)={0xe4, 0x0, &(0x7f0000000800)=[@decrefs={0x40046307, 0x1}, @increfs={0x40046304, 0x2}, @acquire={0x40046305, 0x1}, @transaction={0x40406300, {0x2, 0x0, 0x2, 0x0, 0x10, 0x0, 0x0, 0x70, 0x20, &(0x7f0000000540)=[@fda={0x66646185, 0x3, 0x1, 0x23}, @ptr={0x70742a85, 0x0, &(0x7f00000003c0), 0x1, 0x3, 0x35}, @ptr={0x70742a85, 0x0, &(0x7f0000000400), 0x1, 0x4, 0xf}], &(0x7f0000000440)=[0x0, 0x68, 0x58, 0x38]}}, @free_buffer={0x40086303, r3}, @acquire={0x40046305, 0x3}, @increfs_done={0x40106308, r4, 0x4}, @acquire_done={0x40106309, r5, 0x4}, @reply_sg={0x40486312, {{0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x30, 0x8, &(0x7f00000004c0)=[@fd={0x66642a85, 0x0, r0, 0x0, 0x2}, @flat={0x736a2a85, 0x10a, r6, 0x3}], &(0x7f00000007c0)=[0x38]}, 0x400}}], 0xee, 0x0, &(0x7f0000000900)="50089e859767ebb617225d7b42b50df4aee9b3408d98ad072c35bc44164d50d818c50e269bdf30aba048be9a378455a474905876643c6a8669be736565f7e8cc53c53ef83749506c011e4c39530957b82f375fae18764a67e13b4c89df0be49cb95e710944abdc761c2d1202d441af5c49aea1eebbd502667c3378af8455d21485380736a8fa059707b80667cefea13c81508663ae3ad7eb33c787f8db1815b132aad16c325521ece559e48b3c7bd337c864d66d3eea6c8d2cbc23f2c3f984a8652d26c0851618272755649d5ca532685cbd8e9a93dd781ec135e6c45c1b9434f0fbaf124f72fb448ec9702e6864"}) socketpair(0x2, 0x0, 0xcb1, &(0x7f00000005c0)) [ 225.810135] sg_write: data in/out 65499/33 bytes for SCSI command 0x0-- guessing data in; [ 225.810135] program syz-executor0 not setting count and/or reply_len properly 05:08:28 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x20200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r0, 0x4048ae9b, &(0x7f0000000300)={0x90000, 0x0, [0x401, 0x0, 0x1, 0x35, 0x4, 0x1, 0x8000]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, &(0x7f0000000140)=[@cr0={0x0, 0x3}, @cstype0={0x4, 0x6}], 0x32) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f0000000180)=0xfffffffffffffffa) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='sched\x00') connect$inet6(r3, &(0x7f0000000380)={0xa, 0x1, 0x0, @dev, 0x7}, 0xfffffffffffffed5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) r4 = open(&(0x7f00000001c0)='./file0\x00', 0x2, 0x20) write$FUSE_IOCTL(r4, &(0x7f00000002c0)={0x20, 0xffffffffffffffda, 0x5, {0x7f, 0x0, 0x5, 0x2}}, 0x20) ioctl$KVM_RUN(r2, 0xae80, 0x0) mincore(&(0x7f0000015000/0x4000)=nil, 0x4000, &(0x7f0000000100)) 05:08:28 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0xfffffffffffffffc) mount(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='rpc_pipefs\x00', 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x640002, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000100)={0x1, {{0xa, 0x4e23, 0x5, @mcast1, 0xd755}}}, 0x88) [ 225.854449] sg_write: data in/out 65499/33 bytes for SCSI command 0x0-- guessing data in; [ 225.854449] program syz-executor0 not setting count and/or reply_len properly 05:08:28 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/rtc0\x00', 0x1, 0x0) getsockopt$packet_buf(r0, 0x107, 0x1, &(0x7f0000001ac0)=""/233, &(0x7f0000001bc0)=0xe9) fanotify_init(0xc, 0x3) 05:08:28 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000440)=0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000480)={{{@in6, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@ipv4={[], [], @loopback}}}, &(0x7f0000000580)=0xe8) getgroups(0x6, &(0x7f00000005c0)=[0xee01, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff]) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000600)=0x0) lstat(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000740)=0x0, &(0x7f0000000780), &(0x7f00000007c0)) sendmsg$unix(r0, &(0x7f0000000880)={&(0x7f0000000100)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000400)=[{&(0x7f00000001c0)="ebdc14b8692b6231c43dc08934fd2fd73bec78f91ad64814ddce5c27f7731397cf114e48da1e569869be80a59c9b79511fb6a011ff6ee6ec3c9b176afe6806f12938ca9600f43fdfffe514845132e2c2cb81a831bf53ec93f977b7d058445c2962f0dff2840ec49d0687af286c2a833dab24b9a8865be0fe68b1b7419e8c37ff006b24cd856b1900d749195b93b7da503f7aaf91a5cf9a3d08a6cd26a0254b18aaa8cb3db930de5097ecd8390a127cb532ddf642d0eab2fc81868386546af4157295f16eba71c42b0125963c4da4cb41c1946e63782ad7b2868fc71bfd9d4acaf7dfc8af60efcfae3c21cc7436a57feb6882a7726f2e1b39cd66fd9cc7e91e", 0xff}, {&(0x7f00000002c0)="97a5d2878f7316a15ed4a9297d4bc5ef7a4191479627a5cd5b676ca91dc9b34ed178c13dd26a69966af9572374592abeaff95a09059fe51abe068d2dadd7a2fecdd96d42f9d8303609a3b77051b576b6b918aada2b3368a8948e4b6482afe4508c5a337220ea5c9f3b777bee9a", 0x6d}, {&(0x7f0000000340)="e611b10b936c3e890ba12a6e6d710dafd7bafce8251edd96146c2d523c4d62819620288a810e38dc1dc57426e4db7b8c73e7b541513eec809e19c00143e5da8db9f99e03e670f5cbffadcd5625b7a97a898b278bf051e320ddc2bf721300a7fdc9d85356f5ff804dd10624aa56880a295170466199e6f8899dd0aab3e31e19f5e415739129d61edf8b18ff900551b724b0350485df6cab4d6d02ce2c40746b4b5af89546de5a5a6a6d0b", 0xaa}], 0x3, &(0x7f0000000800)=[@rights={0x18, 0x1, 0x1, [r1]}, @cred={0x20, 0x1, 0x2, r2, r3, r4}, @cred={0x20, 0x1, 0x2, r5, r6, r7}], 0x58, 0x804}, 0x4040880) r8 = getpid() sched_setscheduler(r8, 0x5, &(0x7f0000000040)) shutdown(r1, 0x3) r9 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x1000, 0x4aa00) ioctl$SNDRV_TIMER_IOCTL_INFO(r9, 0x80e85411, &(0x7f0000000080)=""/99) 05:08:28 executing program 1: r0 = socket$packet(0x11, 0x40000000000002, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000903000)={0x1, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000010000850000002e0000009700000000f4ff009500000000000000"], &(0x7f0000000200)="73797a6b616c6c65722c493d6c2b78db01beb8234b8301e2918b8b33e703f173263d15127d1c5309a0593d0f6dbe9cd5434619dfff6e61ba74ed3776315503f2d22b3ecd7a62819bc2345afd348344bed224a114267fd4cd1e55f8cf69c16cfffd3a4dc7721aacdfb55e39d507f86531752d2affc30318f5da65be34374a24f6", 0xfffffffffffffffa, 0x1000, &(0x7f00009ab000)=""/4096}, 0x48) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r2}) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000140)=r1, 0x4) r3 = socket$inet6(0xa, 0x802, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e20, 0x8d, @empty, 0x1ff}, 0x1c) sendto$inet6(r3, &(0x7f0000000280)="927e4e067b9275a046a18bb0b296cb3ea7f4d7f0eee0b3272e4c42cb7a73f6332cb355abba5d58c053916d9326a5f2840fa54cd8e7b2060d02356cf04a85f89859584bb258281e502a455d5681c15f8ec59ae869cfac3cbd93e32d27c4013ac3c5824e92a8f6592b4379cde8b498dfcfb6e83d1d67fc1c3e934805d643d94ec9b41dd97d3994d0", 0x153, 0x80, &(0x7f0000001000)={0xa, 0x4e22, 0x0, @local, 0xfffffffffffdfffe}, 0x1c) 05:08:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'team_slave_1\x00', 0x0}) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x200, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000040), 0x1) sendmsg$nl_route(r0, &(0x7f0000004300)={&(0x7f0000000180), 0xc, &(0x7f00000042c0)={&(0x7f0000004340)=@setlink={0x28, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) ioctl$EVIOCGPHYS(r2, 0x80404507, &(0x7f0000000340)=""/4096) 05:08:28 executing program 4: io_setup(0x80000001, &(0x7f0000000140)=0x0) io_destroy(r0) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000000080)=""/161) r3 = dup(r1) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x2, @broadcast, 'syzkaller0\x00'}}, 0x1e) ioctl$PIO_SCRNMAP(r3, 0x4b41, &(0x7f0000000080)) 05:08:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000180)='./control\x00', 0x0) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000480)) unshare(0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001780)='/dev/hwrng\x00', 0x480, 0x0) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f00000017c0)=0x89, &(0x7f0000001800)=0x2) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000001840)={0x0, 0x6, 0x1, 0x7}) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2), 0x0) close(0xffffffffffffffff) 05:08:28 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0xa0101, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) socket$inet6(0xa, 0x1000000000002, 0x0) r2 = memfd_create(&(0x7f00000004c0)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r2, &(0x7f0000000240)=0xa4, 0x20000102000007) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="08017b890728e7e5c27607d7608d2efc", 0x10) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={0x0, 0x40}, &(0x7f0000000380)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYBLOB="55f2050004000000080082ab91c3a97e13e80f20c3895933419bf6ac254eeee7bf70b76772542d9dcdbdd9558dbc4427cccf4b9c22d026ab9a116c5b77b75488c15203c519acf966225e149d0c1a760bf9c15d6a0302841684"], &(0x7f0000000400)=0x12) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) syslog(0x9, &(0x7f0000000280)=""/90, 0x5a) 05:08:28 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x7, 0x80000) r2 = memfd_create(&(0x7f0000000400)='bcsf0\x00', 0x2) setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000440), 0x4) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000700)='./bus\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r2, 0x40044900, 0x7fffffff) fallocate(r4, 0x0, 0x0, 0x1000f4) r5 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) sendfile(r4, r5, &(0x7f0000d83ff8)=0x3301c, 0x8000fffffffe) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200), &(0x7f0000000580)=0x4) r6 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000140)=0xc) symlinkat(&(0x7f0000000480)='./bus\x00', r4, &(0x7f00000004c0)='./bus/file1\x00') ioctl$TIOCGSID(r5, 0x5429, &(0x7f0000000280)) syz_mount_image$hfsplus(&(0x7f0000000500)='hfsplus\x00', &(0x7f0000000540)='./bus\x00', 0xffff, 0x1, &(0x7f0000000680)=[{&(0x7f0000000640)}], 0x12004, &(0x7f0000000840)=ANY=[]) kcmp$KCMP_EPOLL_TFD(r7, 0x0, 0x7, r6, &(0x7f00000002c0)={0xffffffffffffffff, r6}) io_setup(0x0, &(0x7f0000000240)) listxattr(&(0x7f0000000300)='./bus/file0\x00', &(0x7f0000000340)=""/135, 0x87) sendfile(r3, r6, &(0x7f0000d83ff8), 0x0) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f0000000100)={'bcsf0\x00', 0x3ff}) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(0xffffffffffffffff, 0x84, 0x74, &(0x7f0000000000)=""/164, &(0x7f0000000100)=0xa4) ioctl$LOOP_CHANGE_FD(r1, 0x125d, 0xffffffffffffffff) ptrace$cont(0x9, r7, 0x7, 0x185c) ioctl$ASHMEM_GET_SIZE(r3, 0x7704, 0x0) 05:08:28 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000680)={0xc, 0x8, 0xfa00, {&(0x7f0000000500)}}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @mcast1}, r1}}, 0x48) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x20200, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000000080), &(0x7f0000000100)=0x4) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000140)={0x0}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000001c0)={r3, 0x2}, &(0x7f00000002c0)=0x8) [ 226.383449] print_req_error: I/O error, dev loop0, sector 124 [ 226.401171] print_req_error: I/O error, dev loop0, sector 0 [ 226.407247] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 226.415244] print_req_error: I/O error, dev loop0, sector 4 [ 226.421043] Buffer I/O error on dev loop0, logical block 1, lost async page write [ 226.428903] print_req_error: I/O error, dev loop0, sector 8 [ 226.435186] Buffer I/O error on dev loop0, logical block 2, lost async page write [ 226.443332] print_req_error: I/O error, dev loop0, sector 12 [ 226.449157] Buffer I/O error on dev loop0, logical block 3, lost async page write [ 226.457339] print_req_error: I/O error, dev loop0, sector 16 [ 226.463230] Buffer I/O error on dev loop0, logical block 4, lost async page write [ 226.471108] print_req_error: I/O error, dev loop0, sector 20 [ 226.476929] Buffer I/O error on dev loop0, logical block 5, lost async page write [ 226.484851] print_req_error: I/O error, dev loop0, sector 24 [ 226.490744] Buffer I/O error on dev loop0, logical block 6, lost async page write [ 226.498425] print_req_error: I/O error, dev loop0, sector 28 [ 226.504468] Buffer I/O error on dev loop0, logical block 7, lost async page write [ 226.512220] print_req_error: I/O error, dev loop0, sector 32 [ 226.518041] Buffer I/O error on dev loop0, logical block 8, lost async page write [ 226.526582] Buffer I/O error on dev loop0, logical block 9, lost async page write 05:08:29 executing program 2: clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) socket$inet6(0xa, 0x805, 0xffffffffa74bc543) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x0, &(0x7f0000000240)}) ioctl$EVIOCGREP(r1, 0x40107446, &(0x7f0000000000)=""/174) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@dev, @in6=@loopback}}, {{@in6=@dev}, 0x0, @in=@dev}}, &(0x7f0000000140)=0xffffffffffffffb3) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r2 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score_adj\x00') writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)='+', 0x1}], 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r4, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000040000)) 05:08:29 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer\x00', 0x101002, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="c3a1c0c2f619952b7c46382eae668120b68260f32ed3c26cc341b2095dba15695971df7ff0a7bab063bef40ca86452dff241f237c5fa2d08696d03f7458af437db06b558a0cbda4f6c4aa461854191b028d480b2dd0e6be6e23fd5fe14ee55f1231e73f119866d39645f352c0ccb016ada34b2bccd9044ef0b6cd50ce503e7f09323b21f555fe9b02724974dca35a78917e9c5bcd4ea7b618cf5872e1922bb0599c398b78325"]) fcntl$getown(r1, 0x9) 05:08:29 executing program 5: syz_mount_image$ntfs(&(0x7f0000000200)='ntfs\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, &(0x7f0000000680), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='mft_zone_multiplier=0x0000000000000004,utf8,fmask=00000000000000000000400,show_sys_files=yes,uid=', @ANYRESHEX=0x0, @ANYBLOB=',errors=recover,disable_sparse=yes,fmask=00000000000040000000001,uid=', @ANYRESHEX=0x0, @ANYBLOB]) r0 = openat$cgroup_type(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) r2 = inotify_init1(0x80000) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$kcm(0x29, 0x7, 0x0) r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000100)=0x141a, 0x4) ppoll(&(0x7f0000000040)=[{r0, 0x20}, {r1, 0x120c}, {r2, 0x58}, {r3, 0x2302}, {r4, 0x2000}, {r5, 0x20}], 0x6, &(0x7f0000000080)={0x0, 0x1c9c380}, &(0x7f00000000c0)={0x8}, 0x8) 05:08:29 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)) write$cgroup_int(r0, &(0x7f0000000040), 0xfd71) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0x1f}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000180)=@assoc_id=r1, &(0x7f00000001c0)=0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f00000007c0)) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) 05:08:29 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0xa0101, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) socket$inet6(0xa, 0x1000000000002, 0x0) r2 = memfd_create(&(0x7f00000004c0)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r2, &(0x7f0000000240)=0xa4, 0x20000102000007) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000040)="08017b890728e7e5c27607d7608d2efc", 0x10) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={0x0, 0x40}, &(0x7f0000000380)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000440)=ANY=[@ANYRES32=r3, @ANYBLOB="55f2050004000000080082ab91c3a97e13e80f20c3895933419bf6ac254eeee7bf70b76772542d9dcdbdd9558dbc4427cccf4b9c22d026ab9a116c5b77b75488c15203c519acf966225e149d0c1a760bf9c15d6a0302841684"], &(0x7f0000000400)=0x12) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) syslog(0x9, &(0x7f0000000280)=""/90, 0x5a) [ 226.811670] ntfs: (device loop5): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 226.837380] 9pnet: Insufficient options for proto=fd [ 226.864641] 9pnet: Insufficient options for proto=fd [ 226.913723] ntfs: (device loop5): ntfs_fill_super(): Unable to determine device size. 05:08:29 executing program 4: r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pwrite64(r0, &(0x7f0000000580)="7b5aa60acc88c08616733e70363856ede11e206a4b96d78ee276a11ae5e6f50ffcb759a388ffd05db6fd28f3ce796952fdf350273514743ff2c0ba06775532a146ebd4f4b5145717349e424c127d26a3facb75c7d0cab4585392597655f56cb9287374d2ae9d0c99d64dd24049cfd2e5329dc672bd78ba3ec3df635b6b148bb9dba456aef169352247503b247496c609af0d31a99db27980aa8de80480da12bf8720aca1e7e2ae0624a8ae60a33f7b4d7400b4ec5a17039439f0fb8f4af94a5b7dec6deb9f685384d0c81ea03f5a3b8e998671149a859b7859637504b283adc687006ef7118d619274c5dba11e81a1d2fb030533501904484e30ad1c57be7489dc4471aae0a8765e67a8b3e9bf1960f84c32c0da7437eb743a5e5f4ec7318f132e3992af170253c13e4d6fece04dd5bae1fef171796db16d566e47a4691ac13a75370ce8cc1370b7d6a4aee09d97a437fc4c7c2f341e3761d3db0ef4ec4d9c829a6e9bf2ae18e65f3163d5055f0f68f816f88ef27ccbd1c696c4d5b41528fe54bcdfeba85f7ea6d05691c6930a476ad4a9d7352ec2da80e52e716d7b3f61fc9fed452c9831b1b245ae6c6bdaa3ffaaae38950747ec6acf69175ead5c88931206ff941b9a829e6752b5ffe80cc1cf83eb33ecaee7298a45cbb1b6466f34edf1a1d7feb4d5180bf10eeafb60640b4ae8c02469ad00c69afda62824921e7095796a", 0x200, 0x0) fcntl$setstatus(r0, 0x4, 0x4401) io_setup(0x201, &(0x7f0000000000)=0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000780)=ANY=[@ANYBLOB="05000000000000000000000000000000060000003d1300000a00000000000000070000000000000001000000000000000000000000000000000000000000000000000000000000000430000000000000000000000000000008000000000000000000000001000000ff0f000000000000000000000000000000000000000000000412000000000000000000000000000000000000000000000900000000000000fc0e00000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000cd38000000000000000000800000000000000000000000000000000000000000040000000000000000000000000000007f000000000000000100000000000000ff0000000000000000000000000000000000000000000000041000000000000000000000000000000000000000000000afba000000000000010000000000000000000000000000000000000000000000890000000000000000000000000000000900000000000000400c0000000000000400000000000000000000000000000000000000000000000200000000000000000000000000000008000000000000004000000000000000ff03000000000000000000000000000000000000000000000202000000000000000000000000000004000000000000000300000000000000040000000000000000000000000000000000000000000000823900000000000000000000000000000700000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000"]) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000040)={0x9, 0x8}) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000140)={r1, 0x9, 0x38b, "aa82c398d2ea4f418a4603cc6fe05def29dbc411f1bc00ad9a005b43466fdc09d4567474533699e0a9db130ddcd42f72223d8e6bdfb2609bbfe735431abb7b812c7c3780210f53d5c7212096680a00e24c4089a6932fb57b217a7bc12ba18cd5b5b4c9609dee82d956598c521a65002c128c9bad794f6b2d79a1506721731caf7ae446b18decb02f93dbfc99f088afa1e24ca0d8d96008db6e76dc0daffc688519d581a9"}) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000240)) io_submit(r2, 0x33, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) [ 226.991503] ================================================================== [ 226.999052] BUG: KASAN: use-after-free in vhost_work_queue+0xc3/0xe0 [ 226.999071] Read of size 8 at addr ffff88018e480628 by task syz-executor2/7436 [ 226.999076] [ 226.999104] CPU: 1 PID: 7436 Comm: syz-executor2 Not tainted 4.19.0-rc4-next-20180921+ #77 [ 226.999116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.999123] Call Trace: [ 226.999147] dump_stack+0x1d3/0x2c4 [ 227.023164] ? dump_stack_print_info.cold.2+0x52/0x52 [ 227.023182] ? printk+0xa7/0xcf [ 227.023208] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 227.023235] print_address_description.cold.8+0x9/0x1ff [ 227.057408] kasan_report.cold.9+0x242/0x309 [ 227.061847] ? vhost_work_queue+0xc3/0xe0 [ 227.066033] __asan_report_load8_noabort+0x14/0x20 [ 227.070991] vhost_work_queue+0xc3/0xe0 [ 227.074996] vhost_transport_send_pkt+0x28a/0x380 [ 227.079869] ? vhost_vsock_dev_open+0x5a0/0x5a0 [ 227.084561] ? __local_bh_enable_ip+0x193/0x260 [ 227.089263] virtio_transport_send_pkt_info+0x31d/0x460 [ 227.094659] virtio_transport_connect+0x17c/0x220 [ 227.099527] ? virtio_transport_send_pkt_info+0x460/0x460 [ 227.105089] ? vsock_auto_bind+0xa9/0xe0 [ 227.109181] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 227.114754] vsock_stream_connect+0x4ed/0xe40 [ 227.119285] ? vsock_dgram_connect+0x500/0x500 [ 227.123887] ? __might_sleep+0x95/0x190 [ 227.127884] ? finish_wait+0x430/0x430 [ 227.131790] ? trace_hardirqs_on_caller+0x310/0x310 [ 227.131814] ? aa_af_perm+0x5a0/0x5a0 [ 227.131843] ? apparmor_socket_connect+0xb6/0x160 [ 227.145498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 227.151057] ? security_socket_connect+0x94/0xc0 [ 227.155838] __sys_connect+0x37d/0x4c0 [ 227.159749] ? __ia32_sys_accept+0xb0/0xb0 [ 227.164016] ? putname+0xf2/0x130 [ 227.165517] syz-executor1 (7426) used greatest stack depth: 15816 bytes left [ 227.167488] ? rcu_read_lock_sched_held+0x108/0x120 [ 227.167507] ? kmem_cache_free+0x24f/0x290 [ 227.167530] ? __x64_sys_futex+0x47f/0x6a0 [ 227.167553] ? do_syscall_64+0x9a/0x820 [ 227.179776] ? do_syscall_64+0x9a/0x820 [ 227.179798] ? lockdep_hardirqs_on+0x421/0x5c0 [ 227.179819] ? trace_hardirqs_on+0xbd/0x310 [ 227.179839] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.179857] ? trace_hardirqs_off_caller+0x300/0x300 [ 227.179879] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 227.179902] __x64_sys_connect+0x73/0xb0 [ 227.225280] do_syscall_64+0x1b9/0x820 [ 227.229212] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 227.234620] ? syscall_return_slowpath+0x5e0/0x5e0 [ 227.240028] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 227.244901] ? trace_hardirqs_off+0x310/0x310 [ 227.249428] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 227.254497] ? prepare_exit_to_usermode+0x291/0x3b0 [ 227.259545] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 227.264427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.269653] RIP: 0033:0x457679 [ 227.272864] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.291788] RSP: 002b:00007f8c673c0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 227.299525] RAX: ffffffffffffffda RBX: 00007f8c673c16d4 RCX: 0000000000457679 [ 227.306813] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000009 [ 227.314102] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 227.321392] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 227.328691] R13: 00000000004cc658 R14: 00000000004bdcb3 R15: 0000000000000000 [ 227.335995] [ 227.337643] Allocated by task 7436: [ 227.341289] save_stack+0x43/0xd0 [ 227.344761] kasan_kmalloc+0xc7/0xe0 [ 227.348491] __kmalloc_node+0x47/0x70 [ 227.352309] kvmalloc_node+0xb9/0xf0 [ 227.356047] vhost_vsock_dev_open+0xa2/0x5a0 [ 227.360482] misc_open+0x3ca/0x560 [ 227.364043] chrdev_open+0x25a/0x710 [ 227.367774] do_dentry_open+0x499/0x1250 [ 227.371854] vfs_open+0xa0/0xd0 [ 227.375152] path_openat+0x12bc/0x5160 [ 227.379065] do_filp_open+0x255/0x380 [ 227.382890] do_sys_open+0x568/0x700 [ 227.386629] __x64_sys_openat+0x9d/0x100 [ 227.390744] do_syscall_64+0x1b9/0x820 [ 227.394662] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.399862] [ 227.401505] Freed by task 7434: [ 227.404803] save_stack+0x43/0xd0 [ 227.408275] __kasan_slab_free+0x102/0x150 [ 227.412532] kasan_slab_free+0xe/0x10 [ 227.416353] kfree+0xcf/0x230 [ 227.419478] kvfree+0x61/0x70 [ 227.422602] vhost_vsock_dev_release+0x4f4/0x720 [ 227.427374] __fput+0x3bc/0xa70 [ 227.430671] ____fput+0x15/0x20 [ 227.433970] task_work_run+0x1e8/0x2a0 [ 227.437875] exit_to_usermode_loop+0x318/0x380 [ 227.442485] do_syscall_64+0x6be/0x820 [ 227.446395] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.451598] [ 227.453245] The buggy address belongs to the object at ffff88018e480580 [ 227.453245] which belongs to the cache kmalloc-64k of size 65536 [ 227.466105] The buggy address is located 168 bytes inside of [ 227.466105] 65536-byte region [ffff88018e480580, ffff88018e490580) [ 227.478168] The buggy address belongs to the page: [ 227.483127] page:ffffea0006392000 count:1 mapcount:0 mapping:ffff8801da802500 index:0x0 compound_mapcount: 0 [ 227.493130] flags: 0x2fffc0000010200(slab|head) [ 227.497828] raw: 02fffc0000010200 ffffea0006402808 ffffea00063b4808 ffff8801da802500 [ 227.505739] raw: 0000000000000000 ffff88018e480580 0000000100000001 0000000000000000 [ 227.513658] page dumped because: kasan: bad access detected [ 227.519408] [ 227.521047] Memory state around the buggy address: [ 227.525999] ffff88018e480500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 227.533408] ffff88018e480580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 05:08:29 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = geteuid() setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000040)={{{@in=@local, @in6, 0x4e22, 0x5, 0x4e22, 0x7f, 0xa, 0x20, 0xa0, 0x2f, 0x0, r1}, {0x401, 0x8, 0x8dc00000, 0xffffffff, 0x0, 0x6, 0x3, 0x8}, {0x3, 0x4, 0x3, 0x9}, 0x7fffffff, 0x6e6bc0, 0x3, 0x1, 0x1, 0x1}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d5, 0x2b}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0x10}, 0x3503, 0x2, 0x1, 0x7fff, 0x1, 0x3, 0x2}}, 0xe8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x5, &(0x7f0000e3dffc)=0x7, 0x4) getsockopt$inet6_tcp_int(r2, 0x6, 0x5, &(0x7f0000d11000), &(0x7f0000000000)=0x4) [ 227.540818] >ffff88018e480600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 227.548188] ^ [ 227.552881] ffff88018e480680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 227.560253] ffff88018e480700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 227.567622] ================================================================== [ 227.574982] Disabling lock debugging due to kernel taint 05:08:29 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x6, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000000), &(0x7f0000000080)=0x40) [ 227.644793] ntfs: (device loop5): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 227.669955] ntfs: (device loop5): ntfs_fill_super(): Unable to determine device size. [ 227.682154] Kernel panic - not syncing: panic_on_warn set ... [ 227.682154] 05:08:30 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) r1 = getpid() r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x4, 0x8000) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0xc) getgroups(0x9, &(0x7f00000002c0)=[0x0, 0xee00, 0x0, 0xffffffffffffffff, 0xee00, 0xee01, 0xee00, 0xffffffffffffffff, 0xee00]) write$P9_RGETATTR(r2, &(0x7f00000003c0)={0xa0, 0x19, 0x1, {0x800, {0x63, 0x2, 0x2}, 0x60, r3, r4, 0x5, 0x3, 0x8, 0x65, 0xfffffffffffffff9, 0xf4, 0x5, 0x0, 0x1, 0x0, 0x7f, 0xfff, 0x8, 0x1, 0x4}}, 0xa0) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="b75d46bdae792b4df56ce17de84b", @ANYRES16=r5, @ANYBLOB="01002abd7000fcdbdf250100000028000200140001007f000001000000000000000000000000080002004e2300000800080002000000080004000900000008000500080000000800060081000000080006003f0000000800040002000000080004000900000008000600010000000800060004000000"], 0x7c}, 0x1, 0x0, 0x0, 0x8050}, 0x20008000) sched_setscheduler(r1, 0x5, &(0x7f0000000200)) bpf$MAP_LOOKUP_ELEM(0x14, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000001240)=""/4096}, 0x18) 05:08:30 executing program 1: r0 = open(&(0x7f0000000440)='./file0\x00', 0x490000, 0x80) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000480)={0x0, 0x9}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000500)={r1, 0xe8, "11e733d57271956507e77e580dffe8aa099b67a01788ed69daa55886d2173557c09587d45dc8b11fda1e4c87a6bdf8c3136ef85f015c8d02137d3c753de27a720c39038350c2605a8eb265a728d0111caf5f8fac504471377f1a0a8f42e45db10d91373f26f554c9ada599a0c993f979f7e7ea9f3fd7cc212e226391883979eebd8d32d71d62c494cac387d90e7424e4f6fd807436326963b3bd7f4dc4a07e3f02fb4bbbe43dd6460017171dc36363e7f6e4092f38d10e807711cfdee3c1e6f89ac3cd204607d9bfde4470a806f85d32ea27726a939d5236609726c1bd867ca6cc4d585e1d4c3beb"}, &(0x7f0000000600)=0xf0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000000)) prctl$setmm(0x23, 0x6, &(0x7f0000ffc000/0x1000)=nil) [ 227.689552] CPU: 0 PID: 7436 Comm: syz-executor2 Tainted: G B 4.19.0-rc4-next-20180921+ #77 [ 227.699350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.707804] kobject: 'loop3' (00000000a60e7edb): kobject_uevent_env [ 227.708708] Call Trace: [ 227.708730] dump_stack+0x1d3/0x2c4 [ 227.708751] ? dump_stack_print_info.cold.2+0x52/0x52 [ 227.717726] kobject: 'loop3' (00000000a60e7edb): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 227.735991] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 227.740769] panic+0x238/0x4e7 05:08:30 executing program 3: syz_emit_ethernet(0x42, &(0x7f0000000440)={@link_local, @empty, [], {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x8, @broadcast, @remote, @remote, @local}}}}, &(0x7f00000001c0)={0xfffffffffffffffe, 0x2, [0x0, 0x36]}) [ 227.743977] ? add_taint.cold.5+0x16/0x16 [ 227.748135] ? preempt_schedule+0x4d/0x60 [ 227.752298] ? ___preempt_schedule+0x16/0x18 [ 227.756760] ? trace_hardirqs_on+0xb4/0x310 [ 227.761129] kasan_end_report+0x47/0x4f [ 227.765120] kasan_report.cold.9+0x76/0x309 [ 227.769466] ? vhost_work_queue+0xc3/0xe0 [ 227.773631] __asan_report_load8_noabort+0x14/0x20 [ 227.778575] vhost_work_queue+0xc3/0xe0 [ 227.782566] vhost_transport_send_pkt+0x28a/0x380 [ 227.787428] ? vhost_vsock_dev_open+0x5a0/0x5a0 05:08:30 executing program 0: r0 = eventfd(0x7fff) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f0000000100)={0x77359400}, &(0x7f0000000140), 0x8) write$eventfd(r0, &(0x7f00000000c0)=0xffffffffffffff90, 0x8) eventfd(0x2) read$eventfd(r0, &(0x7f0000000000), 0x8) [ 227.792117] ? __local_bh_enable_ip+0x193/0x260 [ 227.796799] virtio_transport_send_pkt_info+0x31d/0x460 [ 227.802162] virtio_transport_connect+0x17c/0x220 [ 227.806998] ? virtio_transport_send_pkt_info+0x460/0x460 [ 227.812526] ? vsock_auto_bind+0xa9/0xe0 [ 227.816580] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 227.822108] vsock_stream_connect+0x4ed/0xe40 [ 227.826614] ? vsock_dgram_connect+0x500/0x500 [ 227.831186] ? __might_sleep+0x95/0x190 [ 227.835152] ? finish_wait+0x430/0x430 [ 227.839030] ? trace_hardirqs_on_caller+0x310/0x310 [ 227.844034] ? aa_af_perm+0x5a0/0x5a0 [ 227.847827] ? apparmor_socket_connect+0xb6/0x160 [ 227.852661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 227.858186] ? security_socket_connect+0x94/0xc0 [ 227.862945] __sys_connect+0x37d/0x4c0 [ 227.866838] ? __ia32_sys_accept+0xb0/0xb0 [ 227.871060] ? putname+0xf2/0x130 [ 227.874505] ? rcu_read_lock_sched_held+0x108/0x120 [ 227.879509] ? kmem_cache_free+0x24f/0x290 [ 227.883785] ? __x64_sys_futex+0x47f/0x6a0 [ 227.888010] ? do_syscall_64+0x9a/0x820 [ 227.891975] ? do_syscall_64+0x9a/0x820 [ 227.895938] ? lockdep_hardirqs_on+0x421/0x5c0 [ 227.900529] ? trace_hardirqs_on+0xbd/0x310 [ 227.904842] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.910279] ? trace_hardirqs_off_caller+0x300/0x300 [ 227.915371] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 227.920901] __x64_sys_connect+0x73/0xb0 [ 227.924956] do_syscall_64+0x1b9/0x820 [ 227.928833] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 227.934187] ? syscall_return_slowpath+0x5e0/0x5e0 [ 227.939111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 227.943943] ? trace_hardirqs_off+0x310/0x310 [ 227.948427] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 227.953435] ? prepare_exit_to_usermode+0x291/0x3b0 [ 227.958454] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 227.963314] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.968492] RIP: 0033:0x457679 [ 227.971705] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.990596] RSP: 002b:00007f8c673c0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 227.998291] RAX: ffffffffffffffda RBX: 00007f8c673c16d4 RCX: 0000000000457679 [ 228.005545] RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000009 [ 228.012799] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 228.020054] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 228.027310] R13: 00000000004cc658 R14: 00000000004bdcb3 R15: 0000000000000000 [ 228.035480] Kernel Offset: disabled [ 228.039104] Rebooting in 86400 seconds..