[info] Using makefile-style concurrent boot in runlevel 2. [ 49.925957][ T25] audit: type=1800 audit(1574475903.905:21): pid=7501 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2452 res=0 [ 49.978064][ T25] audit: type=1800 audit(1574475903.905:22): pid=7501 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2480 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. 2019/11/23 02:25:16 fuzzer started 2019/11/23 02:25:18 dialing manager at 10.128.0.105:37257 2019/11/23 02:25:18 syscalls: 2566 2019/11/23 02:25:18 code coverage: enabled 2019/11/23 02:25:18 comparison tracing: enabled 2019/11/23 02:25:18 extra coverage: extra coverage is not supported by the kernel 2019/11/23 02:25:18 setuid sandbox: enabled 2019/11/23 02:25:18 namespace sandbox: enabled 2019/11/23 02:25:18 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/23 02:25:18 fault injection: enabled 2019/11/23 02:25:18 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/23 02:25:18 net packet injection: enabled 2019/11/23 02:25:18 net device setup: enabled 2019/11/23 02:25:18 concurrency sanitizer: enabled 2019/11/23 02:25:18 devlink PCI setup: PCI device 0000:00:10.0 is not available syzkaller login: [ 72.855775][ T7673] KCSAN: could not find function: 'poll_schedule_timeout' 2019/11/23 02:25:33 adding functions to KCSAN blacklist: 'vm_area_dup' 'tomoyo_supervisor' 'copy_process' 'process_srcu' 'ktime_get_real_seconds' 'find_get_pages_range_tag' 'pipe_wait' 'ext4_has_free_clusters' 'do_nanosleep' 'add_timer' 'tick_nohz_idle_stop_tick' 'kauditd_thread' 'wbt_issue' 'ip6_dst_gc' 'pcpu_alloc' 'sbitmap_queue_clear' 'rcu_gp_fqs_loop' 'virtqueue_disable_cb' 'generic_fillattr' 'generic_file_read_iter' 'ext4_writepages' 'snd_ctl_notify' 'echo_char' 'do_exit' 'shmem_getpage_gfp' 'ext4_mb_good_group' 'blk_mq_sched_dispatch_requests' 'wbc_detach_inode' 'wbt_wait' 'generic_permission' 'n_tty_receive_buf_common' 'wbt_done' 'taskstats_exit' 'tick_sched_do_timer' 'rcu_gp_fqs_check_wake' '__mark_inode_dirty' 'inet_sk_diag_fill' '__hrtimer_run_queues' '__splice_from_pipe' 'pipe_poll' 'tick_nohz_next_event' 'page_counter_try_charge' 'blk_mq_run_hw_queue' 'ext4_nonda_switch' 'audit_log_start' 'complete_signal' 'lruvec_lru_size' 'ext4_mb_find_by_goal' 'cma_comp_exch' 'wbc_attach_and_unlock_inode' 'blk_mq_get_request' 'flush_workqueue' 'blk_mq_dispatch_rq_list' '__snd_rawmidi_transmit_ack' 'do_syslog' 'inactive_list_is_low' 'ip_finish_output2' 'ksys_read' 'poll_schedule_timeout' 'timer_clear_idle' 'pid_update_inode' 'list_lru_count_one' 'sit_tunnel_xmit' 'enqueue_timer' 'yama_ptracer_del' 'unix_release_sock' '__ext4_new_inode' 'evict' 'tick_do_update_jiffies64' 'xas_find_marked' '__delete_from_page_cache' '__filemap_fdatawrite_range' 'futex_wait_queue_me' '__add_to_page_cache_locked' 'p9_poll_workfn' 'find_next_bit' 'ep_poll' 'generic_write_end' 'ext4_mark_iloc_dirty' 'ext4_free_inodes_count' 'ns_capable_common' 'netlink_getname' 'iput' '__writeback_single_inode' 'shmem_file_read_iter' '__process_echoes' 'ktime_get_seconds' 'run_timer_softirq' 'tcp_add_backlog' 'xas_clear_mark' 'ext4_free_inode' 'atime_needs_update' 'd_instantiate_new' 'ext4_da_write_end' 'dd_has_work' 'mem_cgroup_select_victim_node' 'virtqueue_enable_cb_delayed' 'snd_seq_check_queue' 'common_perm_cond' 02:30:06 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x2) write$vhci(r2, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) readv(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1) write$vhci(0xffffffffffffffff, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000240)=0x8) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 353.079403][ T7675] IPVS: ftp: loaded support on port[0] = 21 02:30:07 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) faccessat(r0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0xffffff87) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 353.166054][ T7675] chnl_net:caif_netlink_parms(): no params data found [ 353.199524][ T7675] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.207967][ T7675] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.217538][ T7675] device bridge_slave_0 entered promiscuous mode [ 353.225957][ T7675] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.234889][ T7675] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.243902][ T7675] device bridge_slave_1 entered promiscuous mode [ 353.264287][ T7675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 353.276620][ T7675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 353.299459][ T7675] team0: Port device team_slave_0 added [ 353.307294][ T7675] team0: Port device team_slave_1 added 02:30:07 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000001c0)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}, 0x1c}}, 0x0) [ 353.404252][ T7675] device hsr_slave_0 entered promiscuous mode [ 353.442345][ T7675] device hsr_slave_1 entered promiscuous mode [ 353.498590][ T7679] IPVS: ftp: loaded support on port[0] = 21 [ 353.596026][ T7675] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.606070][ T7675] bridge0: port 2(bridge_slave_1) entered forwarding state [ 353.616952][ T7675] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.624165][ T7675] bridge0: port 1(bridge_slave_0) entered forwarding state 02:30:07 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = eventfd(0x0) r3 = eventfd(0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000080)={r2, 0x0, 0x2, r6}) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000100)={r3, 0x20000000, 0x2, r2}) [ 353.776129][ T7701] IPVS: ftp: loaded support on port[0] = 21 [ 353.918616][ T7675] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.001028][ T7675] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.009060][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 354.033428][ T7678] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.072780][ T7678] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.103427][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 354.164263][ T7679] chnl_net:caif_netlink_parms(): no params data found [ 354.204183][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 354.232680][ T7678] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.240117][ T7678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.262600][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 354.271787][ T7678] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.280217][ T7678] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.323682][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 354.378553][ T7711] IPVS: ftp: loaded support on port[0] = 21 [ 354.386271][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 354.403001][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 354.432771][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 354.474065][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 354.513613][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 354.533741][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 354.562633][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 354.607375][ T7675] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 02:30:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$unix(0x1, 0x10004000000002, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mincore(&(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000140)=""/32) [ 354.733086][ T7709] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 354.741746][ T7709] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 354.818229][ T7701] chnl_net:caif_netlink_parms(): no params data found [ 354.846686][ T7675] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 354.857873][ T7679] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.872510][ T7679] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.919253][ T7679] device bridge_slave_0 entered promiscuous mode [ 354.973890][ T7679] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.012617][ T7679] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.042123][ T7679] device bridge_slave_1 entered promiscuous mode [ 355.149824][ T7701] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.162268][ T7701] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.171356][ T7701] device bridge_slave_0 entered promiscuous mode [ 355.195530][ T7718] IPVS: ftp: loaded support on port[0] = 21 [ 355.216245][ T7701] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.233355][ T7701] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.243413][ T7701] device bridge_slave_1 entered promiscuous mode [ 355.257094][ T7679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 355.318712][ T7679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 355.350001][ T7711] chnl_net:caif_netlink_parms(): no params data found [ 355.372771][ T7679] team0: Port device team_slave_0 added [ 355.383025][ T7701] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 02:30:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffdac) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 355.413911][ T7701] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 355.426457][ T7679] team0: Port device team_slave_1 added [ 355.490746][ T7701] team0: Port device team_slave_0 added [ 355.544537][ T7679] device hsr_slave_0 entered promiscuous mode [ 355.592478][ T7679] device hsr_slave_1 entered promiscuous mode [ 355.642110][ T7679] debugfs: Directory 'hsr0' with parent '/' already present! [ 355.661384][ T7701] team0: Port device team_slave_1 added [ 355.684192][ T7740] IPVS: ftp: loaded support on port[0] = 21 [ 355.715377][ T7711] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.725151][ T7711] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.736289][ T7711] device bridge_slave_0 entered promiscuous mode [ 355.750325][ T7718] chnl_net:caif_netlink_parms(): no params data found [ 355.804983][ T7701] device hsr_slave_0 entered promiscuous mode [ 355.844540][ T7701] device hsr_slave_1 entered promiscuous mode [ 355.882071][ T7701] debugfs: Directory 'hsr0' with parent '/' already present! [ 355.900741][ T7711] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.912189][ T7711] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.933787][ T7711] device bridge_slave_1 entered promiscuous mode [ 356.055551][ T7711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 356.091370][ T7711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 356.186684][ T7718] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.237307][ T7718] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.304601][ T7718] device bridge_slave_0 entered promiscuous mode [ 356.345884][ T7718] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.392101][ T7718] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.400491][ T7718] device bridge_slave_1 entered promiscuous mode [ 356.586012][ T7711] team0: Port device team_slave_0 added [ 356.618874][ T7711] team0: Port device team_slave_1 added [ 356.666699][ T7718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 356.697920][ T7740] chnl_net:caif_netlink_parms(): no params data found [ 356.755702][ T7718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 356.881828][ T7701] 8021q: adding VLAN 0 to HW filter on device bond0 [ 356.946766][ T7718] team0: Port device team_slave_0 added [ 356.973922][ T7718] team0: Port device team_slave_1 added [ 357.034196][ T7711] device hsr_slave_0 entered promiscuous mode [ 357.062300][ T7711] device hsr_slave_1 entered promiscuous mode [ 357.112160][ T7711] debugfs: Directory 'hsr0' with parent '/' already present! [ 357.138867][ T7679] 8021q: adding VLAN 0 to HW filter on device bond0 [ 357.285178][ T7701] 8021q: adding VLAN 0 to HW filter on device team0 [ 357.313823][ T7740] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.326699][ T7740] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.366414][ T7740] device bridge_slave_0 entered promiscuous mode [ 357.409456][ T7740] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.451641][ T7740] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.491403][ T7740] device bridge_slave_1 entered promiscuous mode [ 357.594602][ T7718] device hsr_slave_0 entered promiscuous mode [ 357.672309][ T7718] device hsr_slave_1 entered promiscuous mode [ 357.712056][ T7718] debugfs: Directory 'hsr0' with parent '/' already present! [ 357.729028][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 357.771166][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 357.833264][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 357.867869][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 357.927396][ T7679] 8021q: adding VLAN 0 to HW filter on device team0 [ 357.999117][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 358.048190][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 358.155534][ T7678] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.163108][ T7678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 358.275724][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 358.382833][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 358.475552][ T7678] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.483855][ T7678] bridge0: port 2(bridge_slave_1) entered forwarding state [ 358.596680][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 358.669166][ T7678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 358.808216][ T7740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 358.893951][ T7701] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 358.960698][ T7701] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 359.063546][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 359.094892][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 359.172790][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 359.181904][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 359.315908][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 359.368929][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 359.442556][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 359.457293][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 359.529222][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 359.595023][ T3016] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.602310][ T3016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 359.682649][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 359.735520][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 359.762514][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.770201][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 359.863119][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 359.915471][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 359.975601][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 360.015414][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 360.076664][ T7740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 360.125951][ T7679] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 360.182036][ T7679] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 360.234889][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 360.256551][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 360.295283][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 360.342642][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 360.395274][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 360.443143][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 360.482817][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 360.543037][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 360.582686][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 360.630809][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 360.667569][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 360.766093][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 360.786213][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 360.832583][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 360.840097][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 360.892212][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 360.899707][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 360.947837][ T7740] team0: Port device team_slave_0 added [ 360.981134][ T7701] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.015188][ T7679] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.039021][ T7740] team0: Port device team_slave_1 added [ 361.050296][ T7718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 361.119963][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 361.128993][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 361.151503][ T7718] 8021q: adding VLAN 0 to HW filter on device team0 [ 361.167235][ T7711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 361.217085][ T7740] device hsr_slave_0 entered promiscuous mode [ 361.263019][ T7740] device hsr_slave_1 entered promiscuous mode [ 361.312246][ T7740] debugfs: Directory 'hsr0' with parent '/' already present! [ 361.391767][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 361.420277][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 361.450542][ T3016] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.457672][ T3016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 361.494303][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 361.527387][ T7711] 8021q: adding VLAN 0 to HW filter on device team0 [ 361.613229][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 361.621048][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 361.662714][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 361.671791][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 361.703620][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state [ 361.710776][ T7783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 361.735634][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 361.756873][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 361.796311][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 361.815992][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 361.856158][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 361.877081][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 361.903292][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 361.922475][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 361.942516][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 361.975118][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 362.024665][ T7718] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 362.047565][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 362.085326][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 362.127342][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 362.152562][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.159692][ T7783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 362.186809][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 362.207114][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 362.228650][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.236322][ T7783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 362.262801][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 362.284385][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 362.326674][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 362.382511][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 362.391311][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 362.443226][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 362.444651][ T7897] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 362.451986][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 362.477909][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 362.522655][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 362.564140][ T7711] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 362.600412][ T7711] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 02:30:16 executing program 2: [ 362.637353][ T7740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 362.664603][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 362.678362][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 362.707110][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 362.742267][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 362.751151][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 02:30:16 executing program 2: [ 362.814602][ T7718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 362.829627][ T7711] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 362.858908][ T7740] 8021q: adding VLAN 0 to HW filter on device team0 [ 362.903240][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 362.911518][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 362.946908][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 362.976903][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 363.025341][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 363.042798][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 02:30:17 executing program 2: 02:30:17 executing program 1: [ 363.099215][ T7783] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.106440][ T7783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 363.168246][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 363.180218][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 363.208833][ T7783] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.216018][ T7783] bridge0: port 2(bridge_slave_1) entered forwarding state 02:30:17 executing program 2: [ 363.252293][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 363.265678][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 363.305630][ T7740] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 363.322830][ T7740] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 02:30:17 executing program 2: [ 363.366614][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 363.380263][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 363.438907][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 363.448233][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 363.460104][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 363.469463][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 363.479851][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 363.488856][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 363.497246][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 363.508346][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 363.518745][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 363.543816][ T7740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 363.552741][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 363.560233][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 02:30:19 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x10, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x2) write$vhci(r2, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) readv(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1) write$vhci(0xffffffffffffffff, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000240)=0x8) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 02:30:19 executing program 1: 02:30:19 executing program 2: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000140)='/dev/capi20\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000780)) 02:30:19 executing program 4: r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) shmdt(0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f00000001c0)={'ipvf\x00\x00\x00\x00\x94\x00'}, &(0x7f0000000280)=0x1e) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') ioctl$TIOCGPTPEER(r2, 0x5441, 0x6) ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000700)=0x20) pipe(&(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r4, &(0x7f00000000c0)=""/31, 0x77c) ioctl$DRM_IOCTL_AGP_BIND(r3, 0x40106436, &(0x7f00000006c0)) umount2(&(0x7f0000000540)='./file0\x00', 0x4) 02:30:19 executing program 3: 02:30:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffdac) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:30:19 executing program 1: 02:30:19 executing program 3: [ 365.797831][ C1] hrtimer: interrupt took 26313 ns 02:30:19 executing program 1: 02:30:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 02:30:19 executing program 3: lstat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xfffffe38) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x660c, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f00000000c0)={0x3, &(0x7f0000000040)=[{0x0, 0x0, 0xfa}, {0x1ff}, {0x0, 0x4, 0x1f, 0x100}]}) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000080)=0x400000000002127, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 02:30:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 366.259663][ T8003] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 02:30:30 executing program 0: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(0x0, 0x1040, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000001c00)=""/21, 0xfffffdf3) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000002c0)) execve(0x0, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) open$dir(0x0, 0x0, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000001c40)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f0000000300)) 02:30:30 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r0, r1, 0x33, &(0x7f0000000000)) socket$vsock_dgram(0x28, 0x2, 0x0) 02:30:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffdac) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:30:30 executing program 2: write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000340)={0x77359400}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) open_by_handle_at(r1, &(0x7f00000006c0)=ANY=[], 0x0) open(0x0, 0x0, 0x1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={0x0, 0x80000}) lookup_dcookie(0xfff, &(0x7f0000000440)=""/160, 0xa0) mknod(0x0, 0x0, 0x3) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/gro<#\xfbW\xdd.\xa5\xd4\xa3\x10\x1f3\x9dhc\xaf\xa4\x1b\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5', 0x2761, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) open(0x0, 0x141042, 0x0) ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000100)) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000380)) creat(0x0, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)={0x2000000, 0x3}, 0xfffffffffffffffb) 02:30:30 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='yeah\x00', 0x233) sendto$inet(r0, &(0x7f0000000640)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5536dbc0f309747cc199a7f9a20d01e04d55fb1c26504e3e4738aac76780b5c2363a6dc4d10fe9adc2b363abf6981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8dd89e727382318265acc85a4444869dfc22ba7fd79b455635a715fa1e705070e2857ef21a3076cdfc2c29b26547360add94ef9c349ae62f54e7a90e1aae762a11b2cc6bd720034fac41f1de628e2a3166ec21e03c68a60708328e1606a83211bc78be79097861ce52747ac474593d76f9ec5cdd91725cb16e62b4bb027fbb96eab344de0401076c6345a7d32e9fe9ba1e68ac07081a7d1e0ed1eb9e96b41214af554f1831dfd8bd2b466789", 0x12c, 0x0, 0x0, 0x0) ioctl$GIO_FONTX(0xffffffffffffffff, 0x4b6b, &(0x7f0000000200)=""/86) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1", 0x59, 0x4000002, 0x0, 0x0) 02:30:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x0, 0x0, 0x571], [0xc1]}) 02:30:30 executing program 1: symlink(&(0x7f00000001c0)='./file2\x00', &(0x7f0000000000)='./file2\x00') clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) r1 = creat(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10e) dup2(r0, r1) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000400)='./file2\x00', 0x0, 0x0) ioctl$TCGETS2(r0, 0x802c542a, 0x0) 02:30:30 executing program 5: clone(0x800083102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x1ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) open(&(0x7f0000000100)='./file0\x00', 0x4000, 0x95) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x3f553e5) link(&(0x7f0000000280)='./file0\x00', &(0x7f0000000340)='./file1\x00') openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_SIOCSIFBR(r0, 0x8941, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r2, &(0x7f0000002380)={0x0, 0x0, 0x0}, 0x0) fsetxattr$security_evm(r2, &(0x7f0000000080)='security.evm\x00', 0x0, 0x0, 0x0) 02:30:30 executing program 3: creat(&(0x7f0000000300)='./file0\x00', 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x0) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = socket$inet6(0xa, 0x2, 0x0) dup2(r2, r0) 02:30:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffdac) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 376.968316][ T25] kauditd_printk_skb: 8 callbacks suppressed [ 376.968335][ T25] audit: type=1804 audit(1574476230.945:31): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir791801803/syzkaller.DHKiIC/5/file0" dev="sda1" ino=16570 res=1 02:30:31 executing program 3: [ 377.105832][ T25] audit: type=1804 audit(1574476230.955:32): pid=8045 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir965311426/syzkaller.d2ypf9/4/file0" dev="sda1" ino=16568 res=1 [ 377.218756][ T25] audit: type=1800 audit(1574476230.955:33): pid=8045 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16568 res=0 02:30:31 executing program 0: [ 377.311906][ T25] audit: type=1804 audit(1574476231.025:34): pid=8050 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir791801803/syzkaller.DHKiIC/5/file0" dev="sda1" ino=16570 res=1 02:30:31 executing program 3: 02:30:31 executing program 1: [ 377.392646][ T25] audit: type=1804 audit(1574476231.025:35): pid=8058 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir791801803/syzkaller.DHKiIC/5/file0" dev="sda1" ino=16570 res=1 02:30:31 executing program 3: 02:30:31 executing program 2: write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000340)={0x77359400}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) open_by_handle_at(r1, &(0x7f00000006c0)=ANY=[], 0x0) open(0x0, 0x0, 0x1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={0x0, 0x80000}) lookup_dcookie(0xfff, &(0x7f0000000440)=""/160, 0xa0) mknod(0x0, 0x0, 0x3) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/gro<#\xfbW\xdd.\xa5\xd4\xa3\x10\x1f3\x9dhc\xaf\xa4\x1b\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5', 0x2761, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) open(0x0, 0x141042, 0x0) ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000100)) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000380)) creat(0x0, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)={0x2000000, 0x3}, 0xfffffffffffffffb) 02:30:31 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1e) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) clone(0xdf6b243e84d0a759, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x0, 0x0) tkill(r1, 0x25) 02:30:31 executing program 4: 02:30:31 executing program 1: [ 377.763921][ T25] audit: type=1804 audit(1574476231.745:36): pid=8074 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir965311426/syzkaller.d2ypf9/4/file0" dev="sda1" ino=16568 res=1 02:30:31 executing program 5: 02:30:31 executing program 3: write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000340)={0x77359400}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) open_by_handle_at(r1, &(0x7f00000006c0)=ANY=[], 0x0) open(0x0, 0x0, 0x1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={0x0, 0x80000}) lookup_dcookie(0xfff, &(0x7f0000000440)=""/160, 0xa0) mknod(0x0, 0x0, 0x3) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/gro<#\xfbW\xdd.\xa5\xd4\xa3\x10\x1f3\x9dhc\xaf\xa4\x1b\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5', 0x2761, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) open(0x0, 0x141042, 0x0) ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000100)) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000380)) creat(0x0, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)={0x2000000, 0x3}, 0xfffffffffffffffb) 02:30:31 executing program 1: write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000340)={0x77359400}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) open_by_handle_at(r1, &(0x7f00000006c0)=ANY=[], 0x0) open(0x0, 0x0, 0x1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={0x0, 0x80000}) lookup_dcookie(0xfff, &(0x7f0000000440)=""/160, 0xa0) mknod(0x0, 0x0, 0x3) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/gro<#\xfbW\xdd.\xa5\xd4\xa3\x10\x1f3\x9dhc\xaf\xa4\x1b\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5', 0x2761, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) open(0x0, 0x141042, 0x0) ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000100)) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000380)) creat(0x0, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)={0x2000000, 0x3}, 0xfffffffffffffffb) 02:30:31 executing program 4: write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000340)={0x77359400}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) open_by_handle_at(r1, &(0x7f00000006c0)=ANY=[], 0x0) open(0x0, 0x0, 0x1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={0x0, 0x80000}) lookup_dcookie(0xfff, &(0x7f0000000440)=""/160, 0xa0) mknod(0x0, 0x0, 0x3) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/gro<#\xfbW\xdd.\xa5\xd4\xa3\x10\x1f3\x9dhc\xaf\xa4\x1b\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5', 0x2761, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) open(0x0, 0x141042, 0x0) ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000100)) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000380)) creat(0x0, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)={0x2000000, 0x3}, 0xfffffffffffffffb) 02:30:31 executing program 0: [ 377.937998][ T25] audit: type=1804 audit(1574476231.915:37): pid=8099 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir965311426/syzkaller.d2ypf9/4/file0" dev="sda1" ino=16568 res=1 [ 378.077155][ T25] audit: type=1800 audit(1574476231.945:38): pid=8099 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16568 res=0 02:30:32 executing program 5: 02:30:32 executing program 0: 02:30:32 executing program 5: 02:30:32 executing program 2: 02:30:32 executing program 5: 02:30:32 executing program 0: 02:30:32 executing program 0: 02:30:32 executing program 5: 02:30:32 executing program 3: write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000340)={0x77359400}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) open_by_handle_at(r1, &(0x7f00000006c0)=ANY=[], 0x0) open(0x0, 0x0, 0x1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={0x0, 0x80000}) lookup_dcookie(0xfff, &(0x7f0000000440)=""/160, 0xa0) mknod(0x0, 0x0, 0x3) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x1) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/gro<#\xfbW\xdd.\xa5\xd4\xa3\x10\x1f3\x9dhc\xaf\xa4\x1b\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5', 0x2761, 0x0) write$cgroup_pid(r2, &(0x7f0000000080), 0xfffffe38) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) open(0x0, 0x141042, 0x0) ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000100)) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000380)) creat(0x0, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)={0x2000000, 0x3}, 0xfffffffffffffffb) 02:30:32 executing program 2: 02:30:32 executing program 0: 02:30:32 executing program 1: 02:30:32 executing program 5: 02:30:32 executing program 4: 02:30:33 executing program 2: 02:30:33 executing program 0: 02:30:33 executing program 5: 02:30:33 executing program 4: 02:30:33 executing program 1: 02:30:33 executing program 2: 02:30:33 executing program 3: 02:30:33 executing program 4: 02:30:33 executing program 5: 02:30:33 executing program 0: 02:30:33 executing program 1: 02:30:33 executing program 2: 02:30:34 executing program 4: 02:30:34 executing program 1: 02:30:34 executing program 5: 02:30:34 executing program 0: 02:30:34 executing program 2: 02:30:34 executing program 3: 02:30:34 executing program 3: 02:30:34 executing program 5: 02:30:34 executing program 4: 02:30:34 executing program 1: 02:30:34 executing program 2: 02:30:34 executing program 0: 02:30:34 executing program 2: 02:30:34 executing program 1: 02:30:34 executing program 5: 02:30:34 executing program 4: 02:30:34 executing program 3: 02:30:34 executing program 0: 02:30:34 executing program 2: 02:30:34 executing program 1: 02:30:34 executing program 5: 02:30:34 executing program 3: 02:30:34 executing program 1: 02:30:34 executing program 5: 02:30:35 executing program 3: 02:30:35 executing program 0: 02:30:35 executing program 2: 02:30:35 executing program 4: 02:30:35 executing program 5: 02:30:35 executing program 1: 02:30:35 executing program 3: 02:30:35 executing program 2: 02:30:35 executing program 5: 02:30:35 executing program 3: 02:30:35 executing program 4: 02:30:35 executing program 2: 02:30:35 executing program 1: 02:30:35 executing program 0: 02:30:35 executing program 5: 02:30:35 executing program 3: 02:30:35 executing program 4: 02:30:35 executing program 5: 02:30:35 executing program 1: 02:30:35 executing program 2: 02:30:35 executing program 3: 02:30:35 executing program 0: 02:30:36 executing program 5: 02:30:36 executing program 4: 02:30:36 executing program 0: 02:30:36 executing program 2: 02:30:36 executing program 1: 02:30:36 executing program 3: 02:30:36 executing program 5: 02:30:36 executing program 3: 02:30:36 executing program 0: 02:30:36 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x30, r1, 0x401, 0x0, 0x0, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x0, 0x0, 0x0, 0x3}}}}, 0x30}}, 0x0) 02:30:36 executing program 4: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0\x00', 0x0, 0x0) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/170, 0xaa}], 0x1, 0x0) 02:30:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x0, 0x0, 0xc0010113], [0xc1]}) 02:30:36 executing program 3: setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0xffffff87) perf_event_open(0x0, 0x0, 0xfdffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) faccessat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:30:36 executing program 5: 02:30:36 executing program 0: 02:30:36 executing program 4: 02:30:36 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x30, r1, 0x401, 0x0, 0x0, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x0, 0x0, 0x0, 0x3}}}}, 0x30}}, 0x0) 02:30:36 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = dup(r0) setsockopt$inet_int(r1, 0x0, 0x0, 0x0, 0x0) 02:30:36 executing program 5: lstat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000080)=0x400000000002127, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 02:30:36 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0xfffffe38) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 02:30:36 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='auxv\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x1be, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') 02:30:36 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) getpid() tkill(0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x5f5e0ff, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000180)=""/247, 0x1a, 0xf7, 0x4}, 0x20) [ 383.003771][ T8334] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 02:30:37 executing program 1: pipe(&(0x7f00000000c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') fchdir(r0) r1 = memfd_create(&(0x7f0000000780)='\x00', 0x0) write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) open(&(0x7f0000000040)='./file2\x00', 0x0, 0x0) 02:30:37 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x7e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) munlockall() [ 383.050063][ T8337] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 02:30:37 executing program 4: unshare(0x2040400) r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x0) 02:30:37 executing program 1: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000001c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 02:30:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffdac) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x10080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) ioprio_get$pid(0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 02:30:37 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$unix(0x1, 0x10004000000002, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_int(r3, 0x6, 0x1e, &(0x7f0000000100), 0x4) r4 = getpid() sched_setscheduler(r4, 0x5, &(0x7f0000000380)) r5 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xffdc, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, r5, 0x0, 0x1, &(0x7f00000003c0)='\x00', r6}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r4, 0xffffffffffffffff, 0x0, 0x12, &(0x7f00000001c0)='/dev/input/mouse#\x00'}, 0x30) stat(&(0x7f00000015c0)='./file0\x00', &(0x7f0000001600)) r7 = getpid() sched_setscheduler(r7, 0x5, &(0x7f0000000380)) r8 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r8, 0x9) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xffdc, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, r8, 0x0, 0x1, &(0x7f00000003c0)='\x00', r9}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r7, 0xffffffffffffffff, 0x0, 0x12, &(0x7f00000001c0)='/dev/input/mouse#\x00', r9}, 0x30) r10 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r11 = socket(0x0, 0x0, 0x81) bind(r11, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_aout(r11, 0x0, 0x0) r12 = socket(0x11, 0x800000003, 0x81) r13 = socket(0x11, 0x800000003, 0x81) bind(r13, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_aout(r13, &(0x7f0000007540)=ANY=[@ANYBLOB="0000000000000000008864000000000400005700"/32], 0xfdef) r14 = fcntl$getown(r10, 0x9) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r15, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r16, 0x0) r17 = getgid() getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f0000000440), 0x0) fstat(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r18) r19 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r20, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) accept4$rose(r11, &(0x7f00000005c0)=@short={0xb, @dev, @default, 0x1, @bcast}, 0x0, 0x800) sendmsg$unix(r13, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000280)="e0132a18608f5db7e76a5f5f1874b72028532d4524c57452a95f96f390317ac646fc7cf23b0b004c458e5a9f82bcf2a9520210164cce3c37882892964bd9dbd6919ec36079acc94eee56325ca73a3cc0e8673e3a249d24aed453b494272dd1fd06dabc1ea38276fe14d82e20eb991bfa476c03fb269c813284e0e3ec9502489ffa18004fbaf2a10a0e6e5661ca1b8c8391ec6e953e99c7239bcefe40b667970009d7c08177b5091fcca3f46a2387d506b19785cbbb83fae50351fbe005e7f0d138ebcd5d3dc7c3fce52a0759384dcf3c6c61ce71e0a1cd58189a9d77bafc44e3c9c8156d9e5a3969ec0796cef8ab7415a4", 0xf1}], 0x1, &(0x7f0000000640)=[@cred={{0x1c, 0x1, 0x2, {r14, 0x0, r17}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r18}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r19, r12, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r21}}}], 0x88, 0x1}, 0x40) r22 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r23 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xe200, 0x0) write(r22, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r22, r23, 0x0, 0x7fffffa7) r24 = open(&(0x7f0000000200)='./file0\x00', 0x200080, 0x1) fchdir(r24) syz_open_dev$char_usb(0xc, 0xb4, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000001680)='/dev/autofs\x00', 0x8100, 0x0) r25 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r26 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xe200, 0x0) write(r25, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r25, r26, 0x0, 0x7fffffa7) r27 = inotify_init() inotify_add_watch(r27, &(0x7f00000002c0)='./file0\x00', 0x2000203) socket$inet_udplite(0x2, 0x2, 0x88) r28 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r29 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xe200, 0x0) write(r28, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r28, r29, 0x0, 0x7fffffa7) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001980)={{{@in=@local, @in6=@ipv4={[], [], @initdev}}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @dev}}}, &(0x7f0000001a80)=0xe8) r30 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r31 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xe200, 0x0) write(r30, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r30, r31, 0x0, 0x7fffffa7) r32 = inotify_init() inotify_add_watch(r32, &(0x7f00000002c0)='./file0\x00', 0x2000203) socket$caif_seqpacket(0x25, 0x5, 0x3) stat(&(0x7f0000001ac0)='./file0\x00', &(0x7f0000001b00)) r33 = open(&(0x7f0000000200)='./file0\x00', 0x200080, 0x1) fchdir(r33) fstat(0xffffffffffffffff, &(0x7f0000001b80)) stat(&(0x7f0000001e80)='./file0\x00', &(0x7f0000001ec0)) r34 = open(&(0x7f0000000200)='./file0\x00', 0x200080, 0x1) fchdir(r34) r35 = getpid() sched_setscheduler(r35, 0x5, &(0x7f0000000380)) r36 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r36, 0x9) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000003c0)='\x00', r37}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r35, 0xffffffffffffffff, 0x0, 0x12, &(0x7f00000001c0)='/dev/input/mouse#\x00', r37}, 0x30) getpgrp(r35) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r38) ioprio_set$uid(0x3, r38, 0x0) getgroups(0x1, &(0x7f0000001f40)=[0xffffffffffffffff]) r39 = getpid() sched_setscheduler(r39, 0x5, &(0x7f0000000380)) r40 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r40, 0x9) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, r40, 0x0, 0x1, &(0x7f00000003c0)='\x00'}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r39, 0xffffffffffffffff, 0x0, 0x12, &(0x7f00000001c0)='/dev/input/mouse#\x00'}, 0x30) 02:30:37 executing program 4: 02:30:37 executing program 0: 02:30:37 executing program 0: 02:30:37 executing program 4: 02:30:37 executing program 1: [ 383.706377][ T25] audit: type=1800 audit(1574476237.685:39): pid=8384 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16592 res=0 02:30:37 executing program 3: 02:30:37 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x80c5, 0x3ce47c9a4b8a4c9e) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) lsetxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000100)='y\x00', 0x2, 0x1) write$9p(r0, &(0x7f0000001400)=';\'', 0x2) r2 = open(&(0x7f0000000040)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(0x0, 0x0, 0x0) write(r2, &(0x7f0000000a00)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497ec9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1b0900012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c6e3b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a73605002202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21370956f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942c6b05ed7954f631bbd12a5c9a5cfa5965e737ede608b04ebe02b3fcbf3a756b4b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f68f944c1de821785f670124a1c6ed18335d63412000000000000000000004d9d58bee56c93c239c56a44f6fa1b60904fc0918cff33e6bcd8c3d62212bb4193f386edc9997e668700a61c2a460df0ceadfa4f9597c88e5375b2372b39d282e6c158192cd4e3ea07e1c69ed8be7c2793610d7f776c9298d917dd3fc2b5f8c5b1446deb5ee6b4bafa65e34fbcbd11869c3f29c8689bacaf386c4850fa2e60a06a0c6f1dab", 0x288) sendfile(r2, r3, 0x0, 0xfffc) r4 = open(&(0x7f0000000040)='./file0\x00', 0x40c2, 0x0) r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xfffc) dup2(r2, r4) r6 = open(&(0x7f0000000040)='./file0\x00', 0x40c2, 0x0) r7 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r6, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d634", 0x1ff) sendfile(r6, r7, 0x0, 0xfffc) open(0x0, 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000180)='unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00', 0x2e, 0x0) sendfile(r0, r1, 0x0, 0x10000) creat(&(0x7f00000001c0)='./file0\x00', 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000780)='/dev/full\x00', 0x96e4355e0a744c2b, 0x0) open(0x0, 0x0, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) open(0x0, 0x0, 0x0) 02:30:37 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000080)=0x400000000002127, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 02:30:37 executing program 4: 02:30:37 executing program 1: 02:30:37 executing program 5: [ 384.034969][ T25] audit: type=1804 audit(1574476238.015:40): pid=8400 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/25/file0" dev="sda1" ino=16609 res=1 02:30:38 executing program 4: 02:30:38 executing program 5: 02:30:38 executing program 1: [ 384.133237][ T25] audit: type=1804 audit(1574476238.015:41): pid=8400 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/25/file0" dev="sda1" ino=16609 res=1 02:30:38 executing program 3: [ 384.299109][ T25] audit: type=1804 audit(1574476238.025:42): pid=8400 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/25/file0" dev="sda1" ino=16609 res=1 02:30:38 executing program 2: 02:30:38 executing program 1: 02:30:38 executing program 4: [ 384.421454][ T25] audit: type=1804 audit(1574476238.095:43): pid=8404 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/25/file0" dev="sda1" ino=16609 res=1 [ 384.801256][ T25] audit: type=1804 audit(1574476238.775:44): pid=8425 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/25/file0" dev="sda1" ino=16609 res=1 02:30:38 executing program 0: 02:30:38 executing program 5: 02:30:38 executing program 3: 02:30:38 executing program 1: 02:30:38 executing program 4: 02:30:38 executing program 2: [ 384.832543][ T25] audit: type=1804 audit(1574476238.805:45): pid=8426 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/25/file0" dev="sda1" ino=16609 res=1 [ 384.857969][ T25] audit: type=1804 audit(1574476238.805:46): pid=8426 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/25/file0" dev="sda1" ino=16609 res=1 02:30:38 executing program 1: 02:30:39 executing program 3: 02:30:39 executing program 4: [ 384.990819][ T25] audit: type=1804 audit(1574476238.805:47): pid=8425 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/25/file0" dev="sda1" ino=16609 res=1 02:30:39 executing program 5: 02:30:39 executing program 2: 02:30:39 executing program 0: 02:30:39 executing program 1: 02:30:39 executing program 3: 02:30:39 executing program 5: 02:30:39 executing program 4: 02:30:39 executing program 1: 02:30:39 executing program 2: 02:30:39 executing program 3: 02:30:39 executing program 0: 02:30:39 executing program 1: 02:30:39 executing program 4: 02:30:39 executing program 5: 02:30:39 executing program 2: 02:30:39 executing program 3: 02:30:39 executing program 5: 02:30:39 executing program 0: 02:30:39 executing program 4: 02:30:39 executing program 1: 02:30:39 executing program 2: 02:30:39 executing program 3: 02:30:39 executing program 0: 02:30:40 executing program 5: 02:30:40 executing program 4: 02:30:40 executing program 1: 02:30:40 executing program 0: 02:30:40 executing program 5: 02:30:40 executing program 3: 02:30:40 executing program 2: 02:30:40 executing program 4: 02:30:40 executing program 0: 02:30:40 executing program 1: 02:30:40 executing program 5: 02:30:40 executing program 3: 02:30:40 executing program 2: 02:30:40 executing program 5: 02:30:40 executing program 0: 02:30:40 executing program 4: 02:30:40 executing program 1: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050000002300290000068900ac14140de00000013c31b47d0510c147885b6e765e30637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 02:30:40 executing program 3: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050000002300400000068900ac14140de00000013c31b47d0910c147885b6e765e30637ec921f605", 0x28}], 0x1, 0x0, 0x0, 0x50}, 0x0) 02:30:40 executing program 2: connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffff7b}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r2}]]}}}]}, 0x38}}, 0x0) 02:30:40 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='setgroups\x00') pread64(r0, 0x0, 0x0, 0x1) 02:30:40 executing program 0: 02:30:41 executing program 4: 02:30:41 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:41 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)="2e00000052008102a00f80854a36b8ab000020000200000040d819a9ffe200"/46, 0x2e}], 0x1}, 0x0) 02:30:41 executing program 1: r0 = socket$kcm(0x2b, 0x1, 0x0) close(r0) r1 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000640)="f4001100002b3c25fe8000000000000005baa68754ba00e8c1344f3e62d76c27e800004102ffffff8480", 0x5dc}], 0x1}, 0x0) 02:30:41 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003a00)=[{&(0x7f0000000100)="39000000140081ae00002c000500018701546fabcae5e5741af20fee100000000000007e0592616675e285af71583c7d06a6580e883795c0c5", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0) 02:30:41 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="2e0000001e000503ed0080637e6394f20100d2000500fcb711407f480f0005000300000002000000f88000f01700", 0x2e}], 0x1}, 0x0) 02:30:41 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="2e0000001e000503ed0080637e6394f26700d2000500fcb711407f480f0001000300000002000000f88000f01700", 0x2e}], 0x1}, 0x0) 02:30:41 executing program 2: syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x90a, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000240)=@usbdevfs_driver={0x0, 0x80805513, 0x0}) 02:30:41 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:41 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000ffe000/0x1000)=nil) 02:30:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x81}]}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 387.432776][ T8554] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 387.480729][ T8554] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.0'. 02:30:41 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) [ 387.562294][ T8556] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 387.574301][ T8556] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.4'. 02:30:41 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getrusage(0x0, &(0x7f00000001c0)) 02:30:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfd}]}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:30:41 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:41 executing program 4: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="2e0000001e000503ed0080637e6394f26700d2000500fcb711407f480f0001000300000002000000f88000f01700", 0x2e}], 0x1}, 0x0) 02:30:41 executing program 1: syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x90a, 0x0) 02:30:41 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:41 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x13, 0x10, 0x3}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0xb, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018100000", @ANYRES32=r0, @ANYBLOB='\x00'/16], &(0x7f0000000440)='syzkaller\x00', 0x5, 0x270, &(0x7f0000000200)=""/144}, 0x48) [ 387.924820][ T8588] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 388.004160][ T8588] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.4'. 02:30:42 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000b00)=ANY=[@ANYBLOB="0203000311000000000000000000000005000600016000000a00000000000003fe8000000000000000000000000000aa000000000000000003000900000000000200e253f4770001000000000000000002000100000000000000020b0000000005000500000000000a00000000000000ff020000040000000000000000000001000000000000000096a618d524a878c692c203b844cf08ba68fc492db2721ce2ebbb9824613e9052903b8c20fbf52ae3a59ccc5898aae878a3a5d09b732719b6385ec10c6f313516f42a9161a13eb99ae2393304ae35ee419d18c985e4babd8e16410e6371400385b8f97c24889c4467016eb2db42df3cb183d582e9042e72f49d7105f00de5907fc1892e82562802cc510d4ae5c0ba9b7e1b0a9368b9497066590ef7234b8947274102466da81acf6c66f526a26b2b7e0e355aaa6579fd6e59e9d072ad04b202955e1874baaf6f0c715c0ac6352773f5e9abefae419f64f26b77b416a5e86cd3236c0ea3407d8b7b8557baa34e3289f9ed69a52736825036b5a65d93f6cea49246d07f456c87f669c27b8dbd28a596e203e650a15f99f103a9d1bc7b845e4e7b26d8ff8cb98285dba6159a71ad5afbdaba4d545c43d6908d5f78084e8f482e7494dd4e3af03a77dc9f7a4f1332d74b0296715ec3be40709ab627a32a89e8b5e60d1a"], 0x88}}, 0x4) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x400024c, 0x0) 02:30:42 executing program 5: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:42 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0) 02:30:42 executing program 0: syz_emit_ethernet(0x66, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x4888, 0x5800f000}, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "000500", 0x30, 0x0, 0x0, @loopback, @mcast2, {[], @icmpv6=@time_exceed={0xffffff80, 0x0, 0x0, 0x0, [0x9, 0x4], {0x0, 0x6, '\x00', 0x0, 0x0, 0x0, @dev, @ipv4={[], [], @broadcast}}}}}}}}, 0x0) [ 388.108612][ T8595] netlink: 'syz-executor.3': attribute type 11 has an invalid length. 02:30:42 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getrusage(0x1, &(0x7f0000000100)) 02:30:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:42 executing program 5: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:42 executing program 1: syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x90a, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x1) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, 0x0) 02:30:42 executing program 4: syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x90a, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x1) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000240)=@usbdevfs_driver={0x0, 0x80805513, &(0x7f0000001280)}) 02:30:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae71, &(0x7f0000000240)) [ 388.496533][ T8633] netlink: 'syz-executor.3': attribute type 11 has an invalid length. 02:30:42 executing program 5: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:42 executing program 2: mkdir(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) getitimer(0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x8000) ioctl$BLKPG(0xffffffffffffffff, 0x1269, 0x0) r1 = getegid() ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f00000001c0)={[], 0x4, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, [], 0x9}) keyctl$chown(0x4, 0x0, 0x0, r1) r2 = getegid() keyctl$chown(0x4, 0x0, 0x0, r2) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x8000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000040)={0x1e000, 0x0, 0x0, r5}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x0, r5, 0x4}) 02:30:42 executing program 5: r0 = socket$kcm(0x11, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) [ 388.754611][ T8658] netlink: 'syz-executor.3': attribute type 11 has an invalid length. 02:30:42 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') 02:30:42 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x24) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000001001000001000000770000f200000000a6e217b91c3b0d873722b41afb8ed58f2109e448e6cc4bd0f11a26f4233e3ba1ff40e062a43f80b1bae2728316e63e58afdf284732bd1e1970881ddd3c9f310f827c195f3c5d57c67a08466517ba1300000000858003ffffffffffffffff3e26b5ca26bb434dbd0e4885c214e577bb081876e63e7c2834573925db8b54b33da7b9c7aefca1f9c49c6400000000000000000000000061e2448f23a7e49736a335440c5b7681c58dc647494f0dbc811becd7c407d283b2d0574510c4fdbb54c61ba9e635c0b3a3df610d9975d1d9570b38026b259815dba598ffa069c01b3d386c15d34a5918d6909192ec97032c320044fa934bf944d6d5ce621d91c17f1c4377a54c7febb46f83a7847a97259b8f1fca2c2816023b60417388196a22091c9f82e8e0291f4082d92d0ae76b94a18647bb44cbe9366a08fb3f0502644307c51085f7215fd44635e5967f21e8f59bd021f309d910cb5d37cb16450a44ef261a37255a06c97f19fa0e68836543174745684037cc7bba99aa1cbefcdd62f799a5fb35abc5af3ab43a5fc40eb352e6ff078fad68182845f1f6b7ff6c200c103b64608404b41fce73186e55193d3d96faab587448349b35e431914bfde3c07f1419dac11995aded30b44ead7142a7b397a913f6bac2eac41c32d10863c3e6dd9e88d44842951e15d6d631995f0714346d28f133ad2dc6ba28ce2e2ff421b6e122b9162b95adff10adbc32609c7d8a11f4f4f7b9e4ab8580a3513e7de6cfdeef2038a17d0e9008572f3e8842dcdef485e5a2951dc1240e4a28b6030aac10ddf4219e3a3ff772c67fe8262175b758ac4a6468e78e8b9316d727381baaf9d66dc21c709b6a4a3bf798a218b96286ab4734a457"], 0x18}}], 0x1, 0x4048000) recvmmsg(r1, &(0x7f0000001f40)=[{{0x0, 0x3e3, 0x0}}], 0x4000213, 0x0, 0x0) tkill(r0, 0x1000000000013) 02:30:42 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x19, &(0x7f0000000040)={0x0, 'vlan0\x00'}, 0x18) 02:30:42 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:43 executing program 5: r0 = socket$kcm(0x11, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:43 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='batadv0\x00', 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @multicast1}, 0x10) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @multicast1}, 0xc) setsockopt$inet_mreqn(r0, 0x0, 0x17, &(0x7f00000000c0)={@broadcast, @local}, 0x94) [ 389.087604][ T8680] netlink: 'syz-executor.3': attribute type 11 has an invalid length. 02:30:43 executing program 2: mkdir(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) getitimer(0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x8000) ioctl$BLKPG(0xffffffffffffffff, 0x1269, 0x0) r1 = getegid() ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f00000001c0)={[], 0x4, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, [], 0x9}) keyctl$chown(0x4, 0x0, 0x0, r1) r2 = getegid() keyctl$chown(0x4, 0x0, 0x0, r2) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x8000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd(0x0) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000040)={0x1e000, 0x0, 0x0, r5}) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x0, r5, 0x4}) 02:30:43 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x21, 0x0, 0x0) 02:30:43 executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:43 executing program 5: r0 = socket$kcm(0x11, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:43 executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:43 executing program 1: mkdir(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000380)) getitimer(0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x8000) ioctl$BLKPG(0xffffffffffffffff, 0x1269, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) keyctl$chown(0x4, 0x0, 0x0, 0x0) keyctl$chown(0x4, 0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd(0x0) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000040)={0x1e000, 0x0, 0x0, r3}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x0, r3, 0x4}) 02:30:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:43 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x24) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000001001000001000000770000f200000000a6e217b91c3b0d873722b41afb8ed58f2109e448e6cc4bd0f11a26f4233e3ba1ff40e062a43f80b1bae2728316e63e58afdf284732bd1e1970881ddd3c9f310f827c195f3c5d57c67a08466517ba1300000000858003ffffffffffffffff3e26b5ca26bb434dbd0e4885c214e577bb081876e63e7c2834573925db8b54b33da7b9c7aefca1f9c49c6400000000000000000000000061e2448f23a7e49736a335440c5b7681c58dc647494f0dbc811becd7c407d283b2d0574510c4fdbb54c61ba9e635c0b3a3df610d9975d1d9570b38026b259815dba598ffa069c01b3d386c15d34a5918d6909192ec97032c320044fa934bf944d6d5ce621d91c17f1c4377a54c7febb46f83a7847a97259b8f1fca2c2816023b60417388196a22091c9f82e8e0291f4082d92d0ae76b94a18647bb44cbe9366a08fb3f0502644307c51085f7215fd44635e5967f21e8f59bd021f309d910cb5d37cb16450a44ef261a37255a06c97f19fa0e68836543174745684037cc7bba99aa1cbefcdd62f799a5fb35abc5af3ab43a5fc40eb352e6ff078fad68182845f1f6b7ff6c200c103b64608404b41fce73186e55193d3d96faab587448349b35e431914bfde3c07f1419dac11995aded30b44ead7142a7b397a913f6bac2eac41c32d10863c3e6dd9e88d44842951e15d6d631995f0714346d28f133ad2dc6ba28ce2e2ff421b6e122b9162b95adff10adbc32609c7d8a11f4f4f7b9e4ab8580a3513e7de6cfdeef2038a17d0e9008572f3e8842dcdef485e5a2951dc1240e4a28b6030aac10ddf4219e3a3ff772c67fe8262175b758ac4a6468e78e8b9316d727381baaf9d66dc21c709b6a4a3bf798a218b96286ab4734a457"], 0x18}}], 0x1, 0x4048000) recvmmsg(r1, &(0x7f0000001f40)=[{{0x0, 0x3e3, 0x0}}], 0x4000213, 0x0, 0x0) tkill(r0, 0x1000000000013) 02:30:43 executing program 5: socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) dup(0xffffffffffffffff) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0xffffffffffffffa0}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000080)={0x0, 0x9}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:30:43 executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:43 executing program 1: 02:30:43 executing program 3: socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:44 executing program 5: socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:44 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:44 executing program 1: 02:30:44 executing program 3: socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:44 executing program 1: 02:30:44 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_genetlink_get_family_id$ipvs(0x0) 02:30:44 executing program 5: socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0xa}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:44 executing program 3: socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0x8048ae66, &(0x7f0000000240)) 02:30:44 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:44 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r3, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x24) sendmmsg(r3, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000001001000001000000770000f200000000a6e217b91c3b0d873722b41afb8ed58f2109e448e6cc4bd0f11a26f4233e3ba1ff40e062a43f80b1bae2728316e63e58afdf284732bd1e1970881ddd3c9f310f827c195f3c5d57c67a08466517ba1300000000858003ffffffffffffffff3e26b5ca26bb434dbd0e4885c214e577bb081876e63e7c2834573925db8b54b33da7b9c7aefca1f9c4a06400000000000000000000000061e2448f23a7e49736a335440c5b7681c58dc647494f0dbc811becd7c487d283b2d0574510c4fdbb54c61ba9e635c0b3a3df610d9975d1d9570b38026b259815dba598ffa069c01b3d386c15d34a5918d6909192ec97032c320044fa934bf944d6d5ce621d91c17f1c4377a54c7febb46f83a7847a97259b8f1fca2c2816023b60417388196a22091c9f82e9e0291f4082d92d0ae76b94a18647bb44cbe9366a08fb3f0502644307c51085f7215fd44635e5967f21e8f59bd021f337cb16450244ef261a37255a06c97f19fa0e68836543174745684037cc7bba99aa1cbefcdd62f799a5fb35abc5af3ab43a5fc40eb352e6ff078fad68182845f1f6b7ff6c200c103b64608404b41fce73186e55193d3d96faab587448349b35e431914bfde3c07f1419dac11995aded30b44ead7142a7b397a913f6bac2eac41c32d10863c3e6dd9e88d44842951e15d6d631995f07143473a54b"], 0x18}}], 0x1, 0x4048000) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r4, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x24) sendmmsg(r4, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000001001000001000000770000f200000000a6e217b91c3b0d873722b41afb8ed58f2109e448e6cc4bd0f11a26f4233e3ba1ff40e062a43f80b1bae2728316e63e58afdf284732bd1e1970881ddd3c9f310f827c195f3c5d57c67a08466517ba1300000000858003ffffffffffffffff3e26b5ca26bb434dbd0e4885c214e577bb081876e63e7c2834573925db8b54b33da7b9c7aefca1f9c49c6400000000000000000000000061e2448f23a7e49736a335440c5b7681c58dc647494f0dbc811becd7c407d283b2d0574510c4fdbb54c61ba9e635c0b3a3df610d9975d1d9570b38026b259815dba598ffa069c01b3d386c15d34a5918d6909192ec97032c320044fa934bf944d6d5ce621d91c17f1c4377a54c7febb46f83a7847a97259b8f1fca2c2816023b60417388196a22091c9f82e8e0291f4082d92d0ae76b94a18647bb44cbe9366a08fb3f0502644307c51085f7215fd44635e5967f21e8f59bd021f309d910cb5d37cb16450a44ef261a37255a06c97f19fa0e68836543174745684037cc7bba99aa1cbefcdd62f799a5fb35abc5af3ab43a5fc40eb352e6ff078fad68182845f1f6b7ff6c200c103b64608404b41fce73186e55193d3d96faab587448349b35e431914bfde3c07f1419dac11995aded30b44ead7142a7b397a913f6bac2eac41c32d10863c3e6dd9e88d44842951e15d6d631995f0714346d28f133ad2dc6ba28ce2e2ff421b6e122b9162b95adff10adbc32609c7d8a11f4f4f7b9e4ab8580a3513e7de6cfdeef2038a17d0e9008572f3e8842dcdef485e5a2951dc1240e4a28b6030aac10ddf4219e3a3ff772c67fe8262175b758ac4a6468e78e8b9316d727381baaf9d66dc21c709b6a4a3bf798a218b96286ab4734a457"], 0x18}}], 0x1, 0x4048000) recvmmsg(r4, &(0x7f0000001f40)=[{{0x0, 0x3e3, 0x0}}], 0x4000213, 0x0, 0x0) dup2(r3, r4) tkill(r2, 0x1000000000013) 02:30:44 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 02:30:44 executing program 0: 02:30:44 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0xae64, 0x0) 02:30:45 executing program 1: 02:30:45 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, 0x0, 0x0) 02:30:45 executing program 2: 02:30:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 02:30:45 executing program 0: 02:30:45 executing program 2: 02:30:45 executing program 1: 02:30:45 executing program 2: 02:30:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0xae64, 0x0) 02:30:45 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, 0x0, 0x0) 02:30:45 executing program 0: 02:30:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 02:30:45 executing program 2: 02:30:45 executing program 1: 02:30:45 executing program 0: 02:30:45 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, 0x0, 0x0) 02:30:45 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 02:30:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0xae64, 0x0) 02:30:45 executing program 0: 02:30:45 executing program 2: 02:30:45 executing program 1: 02:30:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 02:30:46 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:46 executing program 0: 02:30:46 executing program 2: 02:30:46 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:46 executing program 1: 02:30:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 02:30:46 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:46 executing program 0: 02:30:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 02:30:46 executing program 1: 02:30:46 executing program 2: 02:30:46 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:46 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:46 executing program 0: 02:30:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 02:30:46 executing program 2: 02:30:46 executing program 1: 02:30:46 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:46 executing program 0: 02:30:46 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:47 executing program 2: 02:30:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 02:30:47 executing program 1: 02:30:47 executing program 0: 02:30:47 executing program 1: 02:30:47 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) r0 = dup(0xffffffffffffffff) ioctl$KVM_SET_PIT2(r0, 0xae64, 0x0) 02:30:47 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:47 executing program 2: 02:30:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:47 executing program 0: 02:30:47 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) r0 = dup(0xffffffffffffffff) ioctl$KVM_SET_PIT2(r0, 0xae64, 0x0) 02:30:47 executing program 1: 02:30:47 executing program 5: r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc, 0x80, 0x0, 0x0, 0x0, 0x0, 0x50}, 0x0) 02:30:47 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) r0 = dup(0xffffffffffffffff) ioctl$KVM_SET_PIT2(r0, 0xae64, 0x0) 02:30:47 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:47 executing program 2: 02:30:47 executing program 0: 02:30:47 executing program 5: 02:30:48 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = dup(r0) ioctl$KVM_SET_PIT2(r1, 0xae64, 0x0) 02:30:48 executing program 0: 02:30:48 executing program 5: 02:30:48 executing program 1: 02:30:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:30:48 executing program 2: 02:30:48 executing program 1: 02:30:48 executing program 2: 02:30:48 executing program 5: 02:30:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x20, 0x10, 0x501}, 0x20}}, 0x0) 02:30:48 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = dup(r0) ioctl$KVM_SET_PIT2(r1, 0xae64, 0x0) 02:30:48 executing program 0: 02:30:48 executing program 1: 02:30:48 executing program 2: 02:30:48 executing program 0: 02:30:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x20, 0x10, 0x501}, 0x20}}, 0x0) 02:30:48 executing program 5: 02:30:48 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = dup(r0) ioctl$KVM_SET_PIT2(r1, 0xae64, 0x0) 02:30:48 executing program 1: 02:30:48 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x20, 0x10, 0x501}, 0x20}}, 0x0) 02:30:49 executing program 5: open(&(0x7f0000000080)='./file0\x00', 0x80c5, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x7e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.origin\x00', 0x0, 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000180)='unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00', 0x2e, 0x0) 02:30:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0x4}}}]}, 0x34}}, 0x0) 02:30:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:49 executing program 0: 02:30:49 executing program 2: 02:30:49 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0}) 02:30:49 executing program 0: 02:30:49 executing program 2: 02:30:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0x4}}}]}, 0x34}}, 0x0) 02:30:49 executing program 1: 02:30:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:49 executing program 0: 02:30:49 executing program 2: 02:30:49 executing program 1: 02:30:49 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0x4}}}]}, 0x34}}, 0x0) 02:30:49 executing program 5: 02:30:49 executing program 5: 02:30:49 executing program 2: 02:30:49 executing program 0: 02:30:49 executing program 1: 02:30:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:50 executing program 5: 02:30:50 executing program 0: 02:30:50 executing program 1: 02:30:50 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = dup(r0) ioctl$KVM_SET_PIT2(r1, 0xae64, 0x0) 02:30:50 executing program 2: 02:30:50 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0x4, 0x2, [@gre_common_policy]}}}]}, 0x34}}, 0x0) 02:30:50 executing program 0: 02:30:50 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = dup(r0) ioctl$KVM_SET_PIT2(r1, 0xae64, 0x0) 02:30:50 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0x8, 0x4, 0x4, 0x234, 0x0, 0xffffffffffffffff, 0x0, [0x305f, 0x2e, 0x32e, 0x182e, 0x600005f, 0x80ffff, 0x5f, 0x2e], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) 02:30:50 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x10, 0xffffffffffffffff, 0x0) ptrace$getregset(0x4204, 0x0, 0x0, &(0x7f0000000180)={0x0}) ioprio_get$uid(0x3, 0x0) 02:30:50 executing program 2: pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000002c0)=[{&(0x7f0000000340)="b3", 0x1}], 0x1, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$alg(r2, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-512-generic\x00'}, 0x58) r5 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r5, 0x0, 0x80000001, 0x0) 02:30:50 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0x4, 0x2, [@gre_common_policy]}}}]}, 0x34}}, 0x0) 02:30:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:30:50 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000062ffff0180000008003950323030302e75"], 0x15) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = dup(r1) write$FUSE_BMAP(r5, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x26f) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access'}}]}}) 02:30:50 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = dup(r0) ioctl$KVM_SET_PIT2(r1, 0xae64, 0x0) 02:30:50 executing program 2: 02:30:50 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0x4, 0x2, [@gre_common_policy]}}}]}, 0x34}}, 0x0) 02:30:50 executing program 1: 02:30:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:30:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:51 executing program 2: socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="2400000033001901000000000000000002000000ffd38db90c00010008000318f7b9333229859f0a474fed380004f3810d9786736f93aa2f4d1eb7000f4c"], 0x24}}, 0x0) 02:30:51 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f00000001c0)={{0x77359400}, {0x77359400}}, 0x0) 02:30:51 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00P\x00\x00\x00'], 0x8) sendmmsg(r0, &(0x7f0000007e00), 0x800000000000197, 0x0) r1 = dup2(r0, r0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) socketpair$unix(0x1, 0x5, 0x0, 0x0) 02:30:51 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket(0x20000000000000a, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1, 0xa}, 0x1c) getsockopt$sock_buf(r1, 0x1, 0x1a, 0x0, &(0x7f0000000000)) 02:30:51 executing program 3: syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000300)={0x7b, 0x5, [0x40000006], [0xc1]}) 02:30:51 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x0, 0x0) r1 = dup(r0) timerfd_settime(r1, 0x3, &(0x7f00000001c0)={{0x77359400}, {0x77359400}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0x40085400, &(0x7f0000000000)={0x0, 0x10000}) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) 02:30:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:30:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) unshare(0x400) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fallocate(r3, 0x48, 0x0, 0x0) 02:30:51 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00P\x00\x00\x00'], 0x8) sendmmsg(r0, &(0x7f0000007e00), 0x800000000000197, 0x0) r1 = dup2(r0, r0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) socketpair$unix(0x1, 0x5, 0x0, 0x0) 02:30:51 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00P\x00\x00\x00'], 0x8) sendmmsg(r0, &(0x7f0000007e00), 0x800000000000197, 0x0) r1 = dup2(r0, r0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) socketpair$unix(0x1, 0x5, 0x0, 0x0) 02:30:51 executing program 2: r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000080)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:30:52 executing program 1: unshare(0x400) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x11, &(0x7f0000000000)=@assoc_value, 0x8) 02:30:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:52 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:30:52 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$unix(0x1, 0x10004000000002, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) unshare(0x400) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) connect(r4, &(0x7f0000000000)=@nl=@proc, 0x3fe) 02:30:52 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$unix(0x1, 0x10004000000002, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) unshare(0x400) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_int(r3, 0x6, 0x17, &(0x7f0000000100), 0x4) 02:30:52 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:52 executing program 0: socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:30:52 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$unix(0x1, 0x10004000000002, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="2400000033001901000000000000000002000000ffd38db90c00010008000318f7b9333229859f0a474fed380004f3810d9786736f93aa2f4d1eb7000f4c"], 0x24}}, 0x0) creat(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 02:30:52 executing program 3: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f00000000c0)={0x81, 0x0, [0x4, 0x6f1974f3, 0x918, 0x1f]}) r1 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000200)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x2, 0x0, 0xfffffdac) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x58, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x10080, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000180)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 398.752034][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 398.757843][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:30:52 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00P\x00\x00\x00'], 0x8) sendmmsg(r0, &(0x7f0000007e00), 0x800000000000197, 0x0) r1 = dup2(r0, r0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) socketpair$unix(0x1, 0x5, 0x0, 0x0) [ 398.884443][ T9247] openvswitch: netlink: Key type 6147 is out of range max 29 [ 398.932505][ T9247] openvswitch: netlink: Key type 6147 is out of range max 29 02:30:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(0xffffffffffffffff) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:53 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fstat(0xffffffffffffffff, &(0x7f0000000000)) bind(0xffffffffffffffff, 0x0, 0x0) bind$xdp(0xffffffffffffffff, 0x0, 0x0) 02:30:53 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100), &(0x7f0000000140)=0x14) 02:30:53 executing program 0: socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:30:53 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000080)='trusted.overlay.redirect\x00', 0x0, 0x0, 0x1) 02:30:53 executing program 3: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f00000000c0)={0x81, 0x0, [0x4, 0x6f1974f3, 0x918, 0x1f]}) r1 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000200)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x2, 0x0, 0xfffffdac) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x58, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x10080, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000180)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 02:30:53 executing program 1: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, &(0x7f0000000080)=0xffffffffffffff48) 02:30:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(0xffffffffffffffff) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:53 executing program 0: socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:30:53 executing program 1: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001e00010000000000000000000a000000080000002834306f95fb55f89bda5d877fa10486235cc4d3aab0a894e527d913f7f78e942a42efc36740a40a235c3fb7ab46d4720b5b25388dd99b918a211b366049c4a7dfa4838cec53b2207297a1b6d06d61414bdbbb6de083b702cc107e408ddf", @ANYRES32=0x0], 0x1c}}, 0x0) 02:30:53 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) close(r0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x40000000806, 0x0) ioctl$int_in(r1, 0x800000c0045006, &(0x7f0000000000)=0x7b) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x21, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x800000141042, 0x0) ftruncate(r2, 0x200006) sendfile(r0, r2, 0x0, 0x8000fffffffe) 02:30:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 02:30:53 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r2, 0x6) r3 = socket$inet(0x10, 0x3, 0x0) r4 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r4, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r4, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) dup3(r3, r2, 0x0) 02:30:53 executing program 2: syz_open_dev$dmmidi(&(0x7f0000000900)='/dev/dmmidi#\x00', 0x2, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000380)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) sendfile(r0, r1, 0x0, 0x2000010200000f) 02:30:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 02:30:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(0xffffffffffffffff) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:30:53 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x7e, 0x1, 0x3}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0xc, 0x4, 0x4, 0x234, 0x0, r0, 0x0, [0x305f, 0x2e, 0x32e, 0x182e, 0x600005f, 0x80ffff, 0x2e, 0x2e]}, 0x2c) 02:30:54 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) close(r0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x40000000806, 0x0) ioctl$int_in(r1, 0x800000c0045006, &(0x7f0000000000)=0x7b) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x21, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x800000141042, 0x0) ftruncate(r2, 0x200006) sendfile(r0, r2, 0x0, 0x8000fffffffe) 02:30:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 02:30:54 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r2, 0x6) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) 02:30:54 executing program 3: syz_open_dev$dmmidi(&(0x7f0000000900)='/dev/dmmidi#\x00', 0x2, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000380)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) sendfile(r0, r1, 0x0, 0x2000010200000f) 02:30:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) dup(r1) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0xae64, 0x0) 02:30:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 02:30:54 executing program 2: syz_open_dev$dmmidi(&(0x7f0000000900)='/dev/dmmidi#\x00', 0x2, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000380)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) sendfile(r0, r1, 0x0, 0x2000010200000f) 02:30:54 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x28001) write$evdev(r0, &(0x7f0000000040)=[{}], 0x18) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1000000000000003, 0x0) 02:30:54 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r0, r1) 02:30:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 02:30:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x7e, 0x1, 0x3}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0xc, 0x4, 0x4, 0x234, 0x0, r0, 0x0, [0x305f, 0x2e, 0x32e, 0x182e, 0x600005f, 0x80ffff, 0x5f, 0x2e, 0x2]}, 0x2c) 02:30:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) dup(r1) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0xae64, 0x0) 02:30:54 executing program 2: syz_open_dev$dmmidi(&(0x7f0000000900)='/dev/dmmidi#\x00', 0x2, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000380)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) sendfile(r0, r1, 0x0, 0x2000010200000f) 02:30:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 02:30:54 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x28001) write$evdev(r0, &(0x7f0000000040)=[{}], 0x18) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1000000000000003, 0x0) 02:30:54 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x7e, 0x1, 0x3}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0xc, 0x4, 0x4, 0x234, 0x0, r0, 0x0, [0x305f, 0x2e, 0x32e, 0x5f, 0x600005f, 0x80ffff, 0x5f, 0x2e]}, 0x2c) 02:30:54 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x1c) getpeername(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f00000003c0)='hfsplus\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000040)) 02:30:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) dup(r1) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0xae64, 0x0) 02:30:55 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$netlink(0x10, 0x3, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000000)) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) bind$xdp(0xffffffffffffffff, 0x0, 0x0) 02:30:55 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x304}, "f0f3c23db58cbd48", "4a80970c81539622b93494f5266177be2f653d878723c5509f129ac6b5d7f2a9", "43d5f174", "ef770a7deeb0ad10"}, 0x38) sendmsg$inet(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @broadcast}}}], 0x20}, 0x0) 02:30:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 02:30:55 executing program 1: unshare(0x2000400) r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r0) tee(r0, 0xffffffffffffffff, 0x4, 0x0) [ 401.276124][ T9391] hfsplus: unable to find HFS+ superblock 02:30:55 executing program 4: unshare(0x2000400) r0 = memfd_create(&(0x7f0000000300)='#\x00', 0x0) write(r0, &(0x7f0000000080)=')', 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) ftruncate(r0, 0xa00002) sendfile(r0, r0, &(0x7f0000000040), 0xff8) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, 0x0, &(0x7f0000000200)) 02:30:55 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/dev\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x351, 0x0) 02:30:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 02:30:55 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) shmdt(0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f00000001c0)={'ipvf\x00\x00\x00\x00\x94\x00'}, 0x0) r1 = syz_open_procfs(0x0, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) ioctl$EVIOCRMFF(r1, 0x40044581, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x4) 02:30:55 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f00000003c0)='hfsplus\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) [ 401.469603][ T9398] hfsplus: unable to find HFS+ superblock 02:30:55 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x7e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, 0x0) 02:30:55 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x1c) getpeername(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f00000003c0)='hfsplus\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000040)) 02:30:55 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020b000312000000000000000000000005000600000000000a0000000000000000000000000000000000ffffac1e0001000000000000000004000900a000000000000000020d6bfded234227b716fbaa28f7be830000000002000100000000000000000d0000000005000500000000000a00000000000000fe8000"/144], 0x90}}, 0x0) 02:30:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 02:30:55 executing program 4: socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x68, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(r2, r3, 0x0, 0x10081478) dup(r3) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x100, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000000140)={0xa, 0x2}, 0x1c) socket(0x0, 0x800, 0x8) splice(r1, 0x0, r0, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x0) alarm(0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040)) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYRES16=0x0], 0x1}, 0x1, 0x0, 0x0, 0x8000000}, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r1, &(0x7f00000000c0), 0xfffffffffffffd4d, 0x0, 0x0, 0x44) [ 401.884407][ T9434] hfsplus: unable to find HFS+ superblock 02:30:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) [ 402.016629][ T9444] hfsplus: unable to find HFS+ superblock 02:30:56 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr="00000000a000000000000000000400"}, 0x1c) [ 402.117574][ T9460] hfsplus: unable to find HFS+ superblock 02:30:56 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$hfsplus(&(0x7f00000003c0)='hfsplus\x00', &(0x7f0000000480)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 02:30:56 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) shmdt(0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f00000001c0)={'ipvf\x00\x00\x00\x00\x94\x00'}, 0x0) r1 = syz_open_procfs(0x0, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) ioctl$EVIOCRMFF(r1, 0x40044581, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x4) 02:30:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:30:56 executing program 5: r0 = socket$inet6(0xa, 0x100000003, 0x7f) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet6(r0, &(0x7f0000000000), 0xffa7, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141403}}, 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x4000000028}, {0x80000006}]}, 0x10) 02:30:56 executing program 2: socket$inet6(0xa, 0x80003, 0xff) r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) dup2(r2, r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000700)=[@release], 0x0, 0x0, 0x0}) [ 402.456320][ T9485] hfsplus: unable to find HFS+ superblock [ 402.576071][ T9496] debugfs: File '9494' in directory 'proc' already present! [ 402.602049][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 402.607896][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:30:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1}) 02:30:56 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/tcp6\x00') open(0x0, 0x0, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f00000002c0)) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, 0x1c) getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) getpeername(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) getrlimit(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x80003) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000200)='io\x00') preadv(0xffffffffffffffff, &(0x7f0000001300)=[{0x0}], 0x1, 0x0) syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/169, 0x2aa}], 0x1, 0x0) [ 402.667326][ T9496] debugfs: File '9494' in directory 'proc' already present! 02:30:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:30:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) 02:30:57 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) shmdt(0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, &(0x7f00000001c0)={'ipvf\x00\x00\x00\x00\x94\x00'}, 0x0) r1 = syz_open_procfs(0x0, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x0) ioctl$EVIOCRMFF(r1, 0x40044581, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x4) 02:30:57 executing program 2: r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) prctl$PR_SET_TSC(0x1a, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r2 = shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000003640)=[{{&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f00000002c0)=""/14, 0xe}, 0x9}, {{&(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000880)=""/103, 0x67}], 0x1}, 0x485}, {{&(0x7f0000000780)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, 0x0}, 0x1}], 0x3, 0x40, 0x0) getsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, 0x0, 0x0) shmdt(r2) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, 0x0, &(0x7f0000000280)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r4, &(0x7f00000000c0)=""/31, 0x77c) ioctl$TIOCGPTPEER(r4, 0x5441, 0x6) ioctl$EVIOCRMFF(r4, 0x40044581, &(0x7f0000000700)=0x20) preadv(0xffffffffffffffff, &(0x7f0000000380), 0xcd, 0x400000000004) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, 0x0}, 0x20000004) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0x0, 0x6, {0x0, 0x4, 0x62, 0x7f}}, 0x20) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r5, &(0x7f00000000c0)=""/31, 0x77c) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000006c0)={0x0, 0x5}) umount2(&(0x7f0000000540)='./file0\x00', 0x4) syz_emit_ethernet(0xf7, &(0x7f0000000940)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000010800450400e90000000000009078ac0714aaac1e00004e24000004e19078024489b608ec23226d9e63ad67b726be7104a5e5e4c61f42f7f23e77807119b33a50a9ac30e58be9688df572a2d2b244f2031cddecae7d0dac3cbabed33b22b0818f2338f02dea99fe6d01eb3d997ed6171f3c7fb0b098139905ee79fb80f916020000003002f835833bd993d59a065ab29286b08d2c83aae79c1c645a350053a79a82c2117ac3fc242effba4e58af73ece80d3398f3540e53773481934470e2f73557efda1d4844c106b2ffc61450e66459e8a06b638982df217800000000000000"], 0x0) 02:30:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 02:30:57 executing program 4: socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x68, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(r2, r3, 0x0, 0x10081478) dup(r3) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x100, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000000140)={0xa, 0x2}, 0x1c) socket(0x0, 0x800, 0x8) splice(r1, 0x0, r0, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x0) alarm(0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040)) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYRES16=0x0], 0x1}, 0x1, 0x0, 0x0, 0x8000000}, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r1, &(0x7f00000000c0), 0xfffffffffffffd4d, 0x0, 0x0, 0x44) 02:30:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) 02:30:57 executing program 3: socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x68, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(r2, r3, 0x0, 0x10081478) dup(r3) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x100, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000000140)={0xa, 0x2}, 0x1c) socket(0x0, 0x800, 0x8) splice(r1, 0x0, r0, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x0) alarm(0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040)) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYRES16=0x0], 0x1}, 0x1, 0x0, 0x0, 0x8000000}, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r1, &(0x7f00000000c0), 0xfffffffffffffd4d, 0x0, 0x0, 0x44) 02:30:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) 02:30:57 executing program 5: lstat(0x0, 0x0) r0 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup(r0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x660c, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x660c, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, 0x0) syz_genetlink_get_family_id$SEG6(0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000080)=0x400000000002127, 0x4) 02:30:57 executing program 2: r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) prctl$PR_SET_TSC(0x1a, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r2 = shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000003640)=[{{&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f00000002c0)=""/14, 0xe}, 0x9}, {{&(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000880)=""/103, 0x67}], 0x1}, 0x485}, {{&(0x7f0000000780)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, 0x0}, 0x1}], 0x3, 0x40, 0x0) getsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, 0x0, 0x0) shmdt(r2) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, 0x0, &(0x7f0000000280)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r4, &(0x7f00000000c0)=""/31, 0x77c) ioctl$TIOCGPTPEER(r4, 0x5441, 0x6) ioctl$EVIOCRMFF(r4, 0x40044581, &(0x7f0000000700)=0x20) preadv(0xffffffffffffffff, &(0x7f0000000380), 0xcd, 0x400000000004) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, 0x0}, 0x20000004) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0x0, 0x6, {0x0, 0x4, 0x62, 0x7f}}, 0x20) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r5, &(0x7f00000000c0)=""/31, 0x77c) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000006c0)={0x0, 0x5}) umount2(&(0x7f0000000540)='./file0\x00', 0x4) syz_emit_ethernet(0xf7, &(0x7f0000000940)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000010800450400e90000000000009078ac0714aaac1e00004e24000004e19078024489b608ec23226d9e63ad67b726be7104a5e5e4c61f42f7f23e77807119b33a50a9ac30e58be9688df572a2d2b244f2031cddecae7d0dac3cbabed33b22b0818f2338f02dea99fe6d01eb3d997ed6171f3c7fb0b098139905ee79fb80f916020000003002f835833bd993d59a065ab29286b08d2c83aae79c1c645a350053a79a82c2117ac3fc242effba4e58af73ece80d3398f3540e53773481934470e2f73557efda1d4844c106b2ffc61450e66459e8a06b638982df217800000000000000"], 0x0) 02:30:57 executing program 1: r0 = eventfd(0xb887) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r0}) 02:30:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x4}}}]}, 0x38}}, 0x0) 02:30:57 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000700)=[{&(0x7f0000000240)="f0", 0x1}, {&(0x7f0000000340)='b', 0x1}, {&(0x7f00000003c0)="a1", 0x1}], 0x3, 0x0) 02:30:58 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x0, @rand_addr="000000000000000000000000008000"}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x40) fcntl$setstatus(r0, 0x4, 0x2000) 02:30:58 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x6) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) sendmmsg(r1, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0) 02:30:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x4}}}]}, 0x38}}, 0x0) 02:30:58 executing program 5: syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) prctl$PR_SET_TSC(0x1a, 0x0) fchdir(r0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000003640)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}}], 0x2, 0x40, 0x0) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x0, 0x0, 0x0) shmdt(0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0x6) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, &(0x7f0000000700)) preadv(0xffffffffffffffff, &(0x7f0000000380), 0xcd, 0x400000000004) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0x0, 0x0, {0x0, 0x4, 0x62, 0x7f}}, 0x20) r3 = syz_open_procfs(0x0, 0x0) getdents(r3, &(0x7f00000000c0)=""/31, 0x77c) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000006c0)={0x0, 0x5}) umount2(&(0x7f0000000540)='./file0\x00', 0x4) syz_emit_ethernet(0x1, &(0x7f0000000940)=ANY=[@ANYBLOB], 0x0) 02:30:58 executing program 2: r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) prctl$PR_SET_TSC(0x1a, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r2 = shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000003640)=[{{&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f00000002c0)=""/14, 0xe}, 0x9}, {{&(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000880)=""/103, 0x67}], 0x1}, 0x485}, {{&(0x7f0000000780)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, 0x0}, 0x1}], 0x3, 0x40, 0x0) getsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, 0x0, 0x0) shmdt(r2) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, 0x0, &(0x7f0000000280)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r4, &(0x7f00000000c0)=""/31, 0x77c) ioctl$TIOCGPTPEER(r4, 0x5441, 0x6) ioctl$EVIOCRMFF(r4, 0x40044581, &(0x7f0000000700)=0x20) preadv(0xffffffffffffffff, &(0x7f0000000380), 0xcd, 0x400000000004) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, 0x0}, 0x20000004) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0x0, 0x6, {0x0, 0x4, 0x62, 0x7f}}, 0x20) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r5, &(0x7f00000000c0)=""/31, 0x77c) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000006c0)={0x0, 0x5}) umount2(&(0x7f0000000540)='./file0\x00', 0x4) syz_emit_ethernet(0xf7, &(0x7f0000000940)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000010800450400e90000000000009078ac0714aaac1e00004e24000004e19078024489b608ec23226d9e63ad67b726be7104a5e5e4c61f42f7f23e77807119b33a50a9ac30e58be9688df572a2d2b244f2031cddecae7d0dac3cbabed33b22b0818f2338f02dea99fe6d01eb3d997ed6171f3c7fb0b098139905ee79fb80f916020000003002f835833bd993d59a065ab29286b08d2c83aae79c1c645a350053a79a82c2117ac3fc242effba4e58af73ece80d3398f3540e53773481934470e2f73557efda1d4844c106b2ffc61450e66459e8a06b638982df217800000000000000"], 0x0) 02:30:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000180)={{}, 'port0\x00'}) 02:30:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x4}}}]}, 0x38}}, 0x0) 02:30:58 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r0, 0x6) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) sendmmsg(r1, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0) 02:30:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x3c}}, 0x0) 02:30:58 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x0, @rand_addr="000000000000000000000000008000"}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) 02:30:58 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f00000004c0)=0x210, 0x4) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000140)=0x73, 0x221) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffffefffc, &(0x7f000006ffe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 02:30:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x3c}}, 0x0) 02:31:01 executing program 4: openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xbc}, 0x8000000200036158, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 02:31:01 executing program 1: syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x18dc00) 02:31:01 executing program 2: r0 = syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) prctl$PR_SET_TSC(0x1a, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r2 = shmat(0x0, &(0x7f0000ffd000/0x2000)=nil, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000003640)=[{{&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f00000002c0)=""/14, 0xe}, 0x9}, {{&(0x7f0000000300)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000880)=""/103, 0x67}], 0x1}, 0x485}, {{&(0x7f0000000780)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, 0x0}, 0x1}], 0x3, 0x40, 0x0) getsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, 0x0, 0x0) shmdt(r2) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, 0x0, &(0x7f0000000280)) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r4, &(0x7f00000000c0)=""/31, 0x77c) ioctl$TIOCGPTPEER(r4, 0x5441, 0x6) ioctl$EVIOCRMFF(r4, 0x40044581, &(0x7f0000000700)=0x20) preadv(0xffffffffffffffff, &(0x7f0000000380), 0xcd, 0x400000000004) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, 0x0}, 0x20000004) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0x0, 0x6, {0x0, 0x4, 0x62, 0x7f}}, 0x20) r5 = syz_open_procfs(0x0, &(0x7f0000000140)='fd\x00') getdents(r5, &(0x7f00000000c0)=""/31, 0x77c) ioctl$DRM_IOCTL_AGP_BIND(0xffffffffffffffff, 0x40106436, &(0x7f00000006c0)={0x0, 0x5}) umount2(&(0x7f0000000540)='./file0\x00', 0x4) syz_emit_ethernet(0xf7, &(0x7f0000000940)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000010800450400e90000000000009078ac0714aaac1e00004e24000004e19078024489b608ec23226d9e63ad67b726be7104a5e5e4c61f42f7f23e77807119b33a50a9ac30e58be9688df572a2d2b244f2031cddecae7d0dac3cbabed33b22b0818f2338f02dea99fe6d01eb3d997ed6171f3c7fb0b098139905ee79fb80f916020000003002f835833bd993d59a065ab29286b08d2c83aae79c1c645a350053a79a82c2117ac3fc242effba4e58af73ece80d3398f3540e53773481934470e2f73557efda1d4844c106b2ffc61450e66459e8a06b638982df217800000000000000"], 0x0) 02:31:01 executing program 3: r0 = syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) read(r0, 0x0, 0x30f) 02:31:01 executing program 5: mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8000000200036158, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) lseek(0xffffffffffffffff, 0x0, 0x4) 02:31:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x3c}}, 0x0) 02:31:01 executing program 4: r0 = socket$inet6(0xa, 0x400000000001, 0x0) fsync(0xffffffffffffffff) fsetxattr$trusted_overlay_opaque(r0, 0x0, &(0x7f0000000100)='y\x00', 0x2, 0x2) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() tkill(r1, 0x9) r2 = socket$netlink(0x10, 0x3, 0xc) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="6400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000440012000c00010069703667726500003400020014000600868e978f8b43608044482d6a89c913259a000700b0c7828d68f59b032d09e02eeb03e3620800010fbb72a2959a3ebf49802e691c26459f295ce61bd271ab190faef02c34677cbc878742d535281916dad3d11037e6819cf026", @ANYRES32], 0x64}}, 0x0) 02:31:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x40}}, 0x0) 02:31:01 executing program 5: 02:31:01 executing program 1: [ 407.548781][ T9675] netlink: 'syz-executor.0': attribute type 22 has an invalid length. 02:31:01 executing program 4: 02:31:01 executing program 2: 02:31:01 executing program 5: 02:31:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x40}}, 0x0) 02:31:01 executing program 1: [ 407.869874][ T9690] netlink: 'syz-executor.0': attribute type 22 has an invalid length. 02:31:02 executing program 3: 02:31:02 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'vet\x00\x00\x00\x00\x00D\x00\x00\x00\xbdhOs', 0x43732e5398416f1a}) lstat(&(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r0, 0x400454ce, r1) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000004c0)="fa", 0x1}], 0x1}, 0x0) setgroups(0xe3, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0]) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'vet\x00\x00\x00\x00\x00D\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) 02:31:02 executing program 4: r0 = memfd_create(&(0x7f0000000000)='fou\x00', 0x4) ftruncate(r0, 0x40001) 02:31:02 executing program 5: 02:31:02 executing program 1: 02:31:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x40}}, 0x0) 02:31:02 executing program 1: 02:31:02 executing program 5: [ 408.159181][ T9703] netlink: 'syz-executor.0': attribute type 22 has an invalid length. 02:31:02 executing program 4: 02:31:02 executing program 3: 02:31:02 executing program 0: 02:31:02 executing program 1: 02:31:02 executing program 2: 02:31:02 executing program 5: 02:31:02 executing program 3: 02:31:02 executing program 4: 02:31:02 executing program 1: 02:31:02 executing program 0: 02:31:02 executing program 2: 02:31:02 executing program 3: 02:31:02 executing program 5: 02:31:02 executing program 4: 02:31:02 executing program 1: 02:31:02 executing program 0: 02:31:02 executing program 2: 02:31:03 executing program 3: 02:31:03 executing program 4: 02:31:03 executing program 1: 02:31:03 executing program 5: 02:31:03 executing program 2: 02:31:03 executing program 0: 02:31:03 executing program 4: 02:31:03 executing program 1: 02:31:03 executing program 3: 02:31:03 executing program 2: 02:31:03 executing program 4: 02:31:03 executing program 0: 02:31:03 executing program 1: 02:31:03 executing program 5: 02:31:03 executing program 3: 02:31:03 executing program 2: 02:31:03 executing program 4: 02:31:03 executing program 5: 02:31:03 executing program 0: 02:31:03 executing program 1: 02:31:03 executing program 2: 02:31:03 executing program 3: 02:31:03 executing program 4: 02:31:04 executing program 5: 02:31:04 executing program 1: 02:31:04 executing program 0: 02:31:04 executing program 2: 02:31:04 executing program 3: 02:31:04 executing program 4: 02:31:04 executing program 5: 02:31:04 executing program 1: socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key$user(&(0x7f0000000cc0)='user\x00', &(0x7f0000000d00)={'syz', 0x1}, &(0x7f0000000d40)="05", 0x1, 0xffffffffffffffff) pipe(0x0) syz_open_dev$loop(0x0, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x81805) 02:31:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000300)) 02:31:04 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x800000003, 0xff) connect$inet6(r1, &(0x7f0000000000), 0x1c) r2 = dup(r1) r3 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0x29, 0x4, 0x22, "33c9f067d7b69ab21c4cfb7de5198a29", "6407f1905776e6dcf7c7012ec6cc9c52995a39cd"}, 0x29, 0x0) sendfile(r2, r3, 0x0, 0x8000fffffffe) setsockopt$packet_int(r2, 0x107, 0x5745218fb545206f, &(0x7f0000000240), 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 02:31:04 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r1, &(0x7f0000000080)='keyring\x00', &(0x7f0000000600)={'syz', 0x3}, 0xfffffffffffffffe) request_key(0x0, 0x0, 0x0, 0x0) add_key$user(&(0x7f0000000cc0)='user\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) ioctl$TCGETX(0xffffffffffffffff, 0x5432, 0x0) 02:31:04 executing program 4: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x0, &(0x7f0000000480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) mount(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x4020, 0x0) 02:31:04 executing program 5: 02:31:04 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x4) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, 0x0) syz_open_procfs(0x0, &(0x7f0000000340)='loginuid\x00') r1 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) syz_open_procfs(0x0, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000100)='configfs\x00\xbd\xacg>\xe5\xeb\x8eU\xa4\x95>\x17\xcfh\x86\xb7\xa2\x80\xd3}\xc9\xce#_l\x875\xa6\xd9\xb3$/\xc9\x94\x165\xb0t\xf8;H\xee\xb9\x84f\xf9|\x83\f\xe1\xa9\xda\xe9K#V,\x18\xd8D9\x89\xb8\xfd\xd6\x99\a\xf0\xd6\xdf', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 02:31:04 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x200000, 0x8) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x4) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, 0x0) syz_open_procfs(0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x0) syz_open_procfs(0x0, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB]) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) 02:31:04 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0xfffffffffffffece, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 02:31:04 executing program 4: connect$netlink(0xffffffffffffffff, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0xc1800) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000240)='.^\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$inet(0x10, 0x2, 0x0) sendmsg(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="24000000210007041dfffd946f610500020000e8fe0208010001080008000c000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x2ab}], 0x1}, 0x0) 02:31:05 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) r1 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r1, &(0x7f0000002d80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000340)={0x0, 0xffffffffffffff0e, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000004200053127d8010080000000000400000072e6c04000016ed7b2063c2e5df444b1d69598368135e22adfff66954ea956b60300000000000000dd7ea2921c1e3b35e6b8407c13389947b2ea420101dfee3122981b471b674ba2b8e6e58022891fb9b85a2216fccf0762a3d1bc29cff0bca99a238de20800000000000000bba6dd6509737d65b5e909451f20f3c68aaa68fe2553ef76e41f03abb15ca57dc93b4d7078cbea1416f8a8cba8bb3835ca4ab6cfbcad4a44fbb22821f5a2d706ffea6c7aa57bb236837541cb54c1eb28777d19638d9411195e1e4787775926ce432fe23b9ac29e5d87d253d74eca3f58048e26af3878788efe9c89c7c9e509b66243e6218907cba3bf34d571a3908bcaf3bdde23d10fc60a83903242de26a2ae2a0b55361e8122000000004d473cf341fe44f6947420d8399066a4efd865a48174d5a7e8050ce5d625038ae7d9027be5fc27fac7282566055964bfcab74197503f2c02edb4b00cbf06000000e756df553f135660d6c9acf462b3da3fb544f9a631a35c34dd30f35b604d32aa389b46f29183ddcbbd87d9df16810000c431a870f7743c2931b907e4c693a42204a98f1296c162e31b14fbd0b474d83e521118f018dc44a505ec46559cd841bfdd4a8063dc63392017e24624b89d8df25cbd86ac939229c2f18c5fe8df0fcb0000cdd6d83c981b0c31410d0000000000c8df0041a1976599e6fad41d6a334d827c7feb88319bf7e269958501645d3e720b0f2fc465211f86c5c809ea8ec3f79f716031f2cbb56418aab49fbf0000000000000000009371000000000000000000aeb7ccdabd6cb90000000000000000000081e75564c55d6e3e"], 0x14}}, 0x0) 02:31:05 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x200000, 0x8) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x4) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, 0x0) syz_open_procfs(0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x0) syz_open_procfs(0x0, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB]) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) 02:31:05 executing program 4: mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000b30000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000e84000/0x4000)=nil) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 412.056241][ T9819] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.064960][ T9819] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.311390][ T9853] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 02:31:07 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x800000003, 0xff) connect$inet6(r1, &(0x7f0000000000), 0x1c) r2 = dup(r1) r3 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0x29, 0x4, 0x22, "33c9f067d7b69ab21c4cfb7de5198a29", "6407f1905776e6dcf7c7012ec6cc9c52995a39cd"}, 0x29, 0x0) sendfile(r2, r3, 0x0, 0x8000fffffffe) setsockopt$packet_int(r2, 0x107, 0x5745218fb545206f, &(0x7f0000000240), 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 02:31:07 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001}) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) write$tun(r0, &(0x7f00000022c0)={@void, @val={0x1, 0x0, 0x0, 0x0, 0x2d}, @mpls={[], @ipv6={0x0, 0x6, "314092", 0x44, 0x3a, 0x0, @dev, @mcast2, {[], @gre}}}}, 0x76) 02:31:07 executing program 0: clone(0x802102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x4, 0x28}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 02:31:07 executing program 4: mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000b30000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000e84000/0x4000)=nil) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 02:31:07 executing program 1: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x8000000000000200) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x04\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x7f661c809883cd25}) io_setup(0x2, &(0x7f0000000240)=0x0) io_submit(r2, 0x1, &(0x7f00000006c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000340)="81", 0x1}]) dup3(r0, r1, 0x0) r3 = socket(0xa, 0x3, 0x9) ioctl$sock_ifreq(r3, 0x8914, &(0x7f0000000200)={'eql\x00`\x00\xa9[,\x00\x14\x01\x03\x03\xf0\x00', @ifru_map={0x7}}) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$int_in(r4, 0x5452, &(0x7f0000000080)=0x9) 02:31:07 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000780)={0xa0000, 0x5, 0x1}) ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1}) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f00000004c0)="f21d", 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:31:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0x8004ae98, 0x0) [ 413.606914][ T9891] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 413.689431][ T9891] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 413.742601][ T9891] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 02:31:07 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x800000003, 0xff) connect$inet6(r1, &(0x7f0000000000), 0x1c) r2 = dup(r1) r3 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0x29, 0x4, 0x22, "33c9f067d7b69ab21c4cfb7de5198a29", "6407f1905776e6dcf7c7012ec6cc9c52995a39cd"}, 0x29, 0x0) sendfile(r2, r3, 0x0, 0x8000fffffffe) setsockopt$packet_int(r2, 0x107, 0x5745218fb545206f, &(0x7f0000000240), 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') 02:31:07 executing program 4: syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigqueueinfo(r0, 0x0, &(0x7f0000000300)) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x89a2, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) 02:31:07 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffa7) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) 02:31:07 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffc}]}) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff}, 0x0) socket$inet6(0xa, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0xe3b) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000f56000)={0x0, 0x0, &(0x7f0000f36000)={&(0x7f0000000240)=ANY=[@ANYBLOB="020200090c000000ffffffffffffffff02001300020000000000000000000000030006000000000002004e20e0000001000000000000002402000100f8beffff0000000200010000030005000000000002004e20e00000010000000000000000e8ee2a20c81e5bcd20f26da342882e4189da06030000000000000005cae91e7d8c9c211c7ddba5ded1f6ecb3d3654daff905f6cb9be0b6b530ce576d07b940a5b7d67140393890b8fc08803e4b5fc2a44da4fa31288a64e950a95978cf0fa0f4515e45acf64c63e23822a493d878dac5c8fa2f78ded4414b622a5446fe934559b7a9635df6c786cbd0a2705cf98318da11f787bc3c290caa2c3f22be876f8838ea59e3a87f10159efd4bfb825f8c412ffafdb4f4a685b020a9e96fc4020000004c55712ce2063af46c6f9dfe41944e2a0c248b43d5c4720c1d78e800"], 0x60}}, 0x0) [ 413.924219][ T9921] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 413.945620][ T25] audit: type=1326 audit(1574476267.925:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9922 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45d47a code=0xffff0000 02:31:08 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x800000003, 0xff) connect$inet6(r1, &(0x7f0000000000), 0x1c) r2 = dup(r1) r3 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0x29, 0x4, 0x22, "33c9f067d7b69ab21c4cfb7de5198a29", "6407f1905776e6dcf7c7012ec6cc9c52995a39cd"}, 0x29, 0x0) sendfile(r2, r3, 0x0, 0x8000fffffffe) setsockopt$packet_int(r2, 0x107, 0x5745218fb545206f, &(0x7f0000000240), 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') [ 413.992184][ T9921] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 414.028715][ T25] audit: type=1800 audit(1574476268.005:49): pid=9931 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16767 res=0 [ 414.079062][ T25] audit: type=1804 audit(1574476268.035:50): pid=9931 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir965311426/syzkaller.d2ypf9/103/file0" dev="sda1" ino=16767 res=1 02:31:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pwritev(r0, &(0x7f0000000200)=[{0x0}], 0x1, 0x0) recvfrom$inet(r0, 0x0, 0x800e7e90, 0x0, 0x0, 0x800e0073f) shutdown(r0, 0x0) [ 414.136449][ T25] audit: type=1804 audit(1574476268.095:51): pid=9935 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir965311426/syzkaller.d2ypf9/103/file0" dev="sda1" ino=16767 res=1 02:31:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pwritev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="8a2192c76f686ed259cada5bdbe53746fa3b3e5a22a9ae8f051141ddac4921de913a6504e29d34f42ab404d7efc83ad9d0fad1484f99d62d54019f23d561d04f26284c4db8838d6bcb396b69747f12c7bb36186e5c71bf4c5403913c1c122f13fe9266aa50"}, {&(0x7f0000000140)="bec49e23d67530d29907a58df17997870759e1181c55d1d0ca12cad4018cb36a820e526288c6fcef9733ea877f9129757030b790912ef09b01a67a93049125a251cfcf26f33806eb0168377ac56d25d548d7939d7b081b155031b815f8fbe4fa206647f24b3cba1758bd235e45c2c8ff96690ef7d153ce924b7154331f0bdc870f380a8e90eeaa58577407e09559794fd78d22f93e991dc51a585166d86ca38b6ce7d9af76c0e05176c7eddb8bd7abe5c72b32cdfbdf377e3ffda39a5f6f15"}], 0x5, 0x7) recvfrom$inet(r0, 0x0, 0x800e7e90, 0x0, 0x0, 0x800e0073f) shutdown(r0, 0x0) 02:31:08 executing program 1: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000b00)=ANY=[@ANYBLOB="0203000311000000000000000000000005000600016000000a00000000000003fe8000000000000000000000000000aa0000000000000000030009000000000002004e1c7f000001000000000000000002000100000000000000020b0000000005000500000000000a00000000000000ff020000000000000000000000000001000000000000000096a618d524a878c692c203b844cf08ba68fc492db2721ce2ebbb9824613e9052903b8c20fbf52ae3a59ccc5898aae878a3a5d09b732719b6385ec10c6f313516f42a9161a13eb99ae2393304ae35ee419d18c985e4babd8e16410e6371400385b8f97c24889c4467016eb2db42df3cb183d582e9042e72f49d7105f00de5907fc1892e82562802cc510d4ae5c0ba9b7e1b0a9368b9497066590ef7234b8947274102466da81acf6c66f526a26b2b7e0e355aaa6579fd6e59e9d072ad04b202955e1874baaf6f0c715c0ac614f673f5e9abefae419f64f26b77b416a5e86cd3236c0ea3407d8b7b8557baa34e3289f9ed69a52736825036b5a65d93f6cea49246d07f456c87f669c27b8dbd28a596e203e650a15f99f103a9d1bc7b845e4e7b26d8ff8cb98285dba6159a71ad5afbdaba4d545c43d6908d5f78084e8f482e7494dd4e3af03a77dc9f7a4f1332d74b0296715ec3be40709ab627a32a89e8b5e60d1a"], 0x88}}, 0x4) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x400024c, 0x0) 02:31:08 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000480)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000500)='sysfs\x00', 0x0, 0x0) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) [ 414.522621][ T7680] device bridge_slave_1 left promiscuous mode [ 414.535675][ T7680] bridge0: port 2(bridge_slave_1) entered disabled state 02:31:08 executing program 2: prlimit64(0x0, 0x0, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getpid() r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffa7) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) [ 414.577444][ T25] audit: type=1800 audit(1574476268.555:52): pid=9953 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file0" dev="sda1" ino=16740 res=0 [ 414.612632][ T7680] device bridge_slave_0 left promiscuous mode [ 414.619643][ T7680] bridge0: port 1(bridge_slave_0) entered disabled state 02:31:08 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x6c00000000000000) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0)='SEG6\x00') [ 414.748702][ T25] audit: type=1804 audit(1574476268.575:53): pid=9953 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir662940688/syzkaller.MF2KPt/98/file0" dev="sda1" ino=16740 res=1 [ 414.842619][ T7680] device hsr_slave_0 left promiscuous mode [ 414.882419][ T7680] device hsr_slave_1 left promiscuous mode 02:31:08 executing program 2: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000010000001809"], 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$nV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\xc6\x96Y\xf7\xd3`\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/376) write$apparmor_exec(r1, &(0x7f0000000600)={'\\C\x1b]P\x0e\x06C\xc3MY\x1d\x9b9%\a\x16\xb1\x9b=cy\xeaU\x0e3\\C6\x9bmwH_\xcb\xaa\xc7\xa6\x10&\xb0A\tim\x9bB\xd21\xd2\xbe\xddEf \xa0\xa6v\xf7\xe7\x89\xec\xbf\xc8\x97\xb37\xf0\x10\xcd\xd9\xaf;\xec\xccT\x9e\xe0\xbaw3\xc4K\v\x0e\xca\xdb\xa5\xe6\x91\xdc\x8d3\xf8\xec/\xa4U\x87\x02g\x06k\x9fW[.c\xb1\xd4y\xd4\xca=\f\xd8Q[\xacb\xa3f4\x9el\x90\x878[\x00\xd9\x04\x1a\xa6\xa4\x17\xa6(\x05tl\x17\xef\x1bU\xfbD\xec\x88\xd4\xa0&\xdb\x95wp\xfb\x01[\x8c\xc4(\xbb)\xf3\xa9\x1b\tt\xd3W\x11t\x1f\xa4n\xfd:\x90${\xc5\x16\xa5\x96\x88\xc78\xc0g\xb9\xbe\xbd1\x11}\x8d\'\x15+\xfe\x91\xed\x1e\xeb]\xfa\x9dS\xe6\x12\x9f\r\xc8\x81\xca\xd9\f\xfd\xc8/\xb99\xaa\x1a\r\x92\xae\xb6\xd2\xb8\xb7\f[\xd8y\xc6O\xcfE\xb4\xe6\x16\x1fT\x1e\x9b\x9c\f\x8d\xed1\x96\"\x83\x98\xb1S`\xc7\'\xc2\xbf\xb7', 'fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x9b\x0fJ\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'}, 0x50f) 02:31:08 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0) [ 414.936512][ T7680] team0 (unregistering): Port device team_slave_1 removed [ 414.996260][ T25] audit: type=1804 audit(1574476268.635:54): pid=9956 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir662940688/syzkaller.MF2KPt/98/file0" dev="sda1" ino=16740 res=1 [ 415.024394][ T7680] team0 (unregistering): Port device team_slave_0 removed 02:31:09 executing program 5: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000010000001809"], 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$nV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\xc6\x96Y\xf7\xd3`\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/376) write$apparmor_exec(r1, &(0x7f0000000600)={'\\C\x1b]P\x0e\x06C\xc3MY\x1d\x9b9%\a\x16\xb1\x9b=cy\xeaU\x0e3\\C6\x9bmwH_\xcb\xaa\xc7\xa6\x10&\xb0A\tim\x9bB\xd21\xd2\xbe\xddEf \xa0\xa6v\xf7\xe7\x89\xec\xbf\xc8\x97\xb37\xf0\x10\xcd\xd9\xaf;\xec\xccT\x9e\xe0\xbaw3\xc4K\v\x0e\xca\xdb\xa5\xe6\x91\xdc\x8d3\xf8\xec/\xa4U\x87\x02g\x06k\x9fW[.c\xb1\xd4y\xd4\xca=\f\xd8Q[\xacb\xa3f4\x9el\x90\x878[\x00\xd9\x04\x1a\xa6\xa4\x17\xa6(\x05tl\x17\xef\x1bU\xfbD\xec\x88\xd4\xa0&\xdb\x95wp\xfb\x01[\x8c\xc4(\xbb)\xf3\xa9\x1b\tt\xd3W\x11t\x1f\xa4n\xfd:\x90${\xc5\x16\xa5\x96\x88\xc78\xc0g\xb9\xbe\xbd1\x11}\x8d\'\x15+\xfe\x91\xed\x1e\xeb]\xfa\x9dS\xe6\x12\x9f\r\xc8\x81\xca\xd9\f\xfd\xc8/\xb99\xaa\x1a\r\x92\xae\xb6\xd2\xb8\xb7\f[\xd8y\xc6O\xcfE\xb4\xe6\x16\x1fT\x1e\x9b\x9c\f\x8d\xed1\x96\"\x83\x98\xb1S`\xc7\'\xc2\xbf\xb7', 'fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x9b\x0fJ\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'}, 0x50f) [ 415.062738][ T25] audit: type=1804 audit(1574476268.675:55): pid=9957 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir662940688/syzkaller.MF2KPt/98/file0" dev="sda1" ino=16740 res=1 [ 415.091987][ T7680] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 415.185611][ T7680] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 415.211791][ T25] audit: type=1800 audit(1574476268.725:56): pid=9960 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16741 res=0 02:31:09 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffa7) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) [ 415.305473][ T25] audit: type=1326 audit(1574476268.765:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9922 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45d47a code=0xffff0000 [ 415.355938][ T7680] bond0 (unregistering): Released all slaves 02:31:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000480)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000500)='sysfs\x00', 0x0, 0x0) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) [ 417.484106][T10000] IPVS: ftp: loaded support on port[0] = 21 [ 417.533840][T10000] chnl_net:caif_netlink_parms(): no params data found [ 417.558884][T10000] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.566150][T10000] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.573960][T10000] device bridge_slave_0 entered promiscuous mode [ 417.581525][T10000] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.589006][T10000] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.596878][T10000] device bridge_slave_1 entered promiscuous mode [ 417.612859][T10000] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 417.623975][T10000] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 417.641440][T10000] team0: Port device team_slave_0 added [ 417.648115][T10000] team0: Port device team_slave_1 added [ 417.744074][T10000] device hsr_slave_0 entered promiscuous mode [ 417.782387][T10000] device hsr_slave_1 entered promiscuous mode [ 417.822139][T10000] debugfs: Directory 'hsr0' with parent '/' already present! [ 417.836829][T10000] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.844093][T10000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 417.851472][T10000] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.858700][T10000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 417.888593][T10000] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.899755][ T7709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 417.908073][ T7709] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.916243][ T7709] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.925099][ T7709] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 417.937195][T10000] 8021q: adding VLAN 0 to HW filter on device team0 [ 417.948066][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 417.956815][ T7687] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.964169][ T7687] bridge0: port 1(bridge_slave_0) entered forwarding state [ 417.984125][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 417.992879][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.999939][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 418.008809][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 418.018073][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 418.027345][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 418.040891][T10000] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 418.051632][T10000] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 418.063861][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 418.072497][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 418.080971][ T7783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 418.095003][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 418.102691][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 418.113835][T10000] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.987177][T10011] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.994646][T10011] bridge0: port 1(bridge_slave_0) entered disabled state 02:31:14 executing program 0: syz_emit_ethernet(0x83, &(0x7f0000000240)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "1b00", 0x4d, 0xffffff11, 0x0, @dev, @local, {[], @gre={{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x1}, {}, {}, {}, {}, {0x8, 0x6558, 0x0, "aff4b01865dc0507e7"}}}}}}}, 0x0) 02:31:14 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0)='SEG6\x00') 02:31:14 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0)='SEG6\x00') 02:31:14 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffa7) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) mkdir(0x0, 0x0) 02:31:14 executing program 4: openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x0) syz_open_procfs(0x0, 0x0) ioctl$TCSETX(0xffffffffffffffff, 0x5433, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000001c0)=0x8000) 02:31:14 executing program 2: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000010000001809"], 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$nV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\xc6\x96Y\xf7\xd3`\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/376) write$apparmor_exec(r1, &(0x7f0000000600)={'\\C\x1b]P\x0e\x06C\xc3MY\x1d\x9b9%\a\x16\xb1\x9b=cy\xeaU\x0e3\\C6\x9bmwH_\xcb\xaa\xc7\xa6\x10&\xb0A\tim\x9bB\xd21\xd2\xbe\xddEf \xa0\xa6v\xf7\xe7\x89\xec\xbf\xc8\x97\xb37\xf0\x10\xcd\xd9\xaf;\xec\xccT\x9e\xe0\xbaw3\xc4K\v\x0e\xca\xdb\xa5\xe6\x91\xdc\x8d3\xf8\xec/\xa4U\x87\x02g\x06k\x9fW[.c\xb1\xd4y\xd4\xca=\f\xd8Q[\xacb\xa3f4\x9el\x90\x878[\x00\xd9\x04\x1a\xa6\xa4\x17\xa6(\x05tl\x17\xef\x1bU\xfbD\xec\x88\xd4\xa0&\xdb\x95wp\xfb\x01[\x8c\xc4(\xbb)\xf3\xa9\x1b\tt\xd3W\x11t\x1f\xa4n\xfd:\x90${\xc5\x16\xa5\x96\x88\xc78\xc0g\xb9\xbe\xbd1\x11}\x8d\'\x15+\xfe\x91\xed\x1e\xeb]\xfa\x9dS\xe6\x12\x9f\r\xc8\x81\xca\xd9\f\xfd\xc8/\xb99\xaa\x1a\r\x92\xae\xb6\xd2\xb8\xb7\f[\xd8y\xc6O\xcfE\xb4\xe6\x16\x1fT\x1e\x9b\x9c\f\x8d\xed1\x96\"\x83\x98\xb1S`\xc7\'\xc2\xbf\xb7', 'fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x9b\x0fJ\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'}, 0x50f) 02:31:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)}}, 0x20) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000200)="b805000000b9510000000f01c10f46a78900000066ba2100b07bee66ba4100edb9800000830f32b9800000c00f3235000100000f300f304f215c66b808008ed0660f38806f000f011c268ee0", 0xfffffffffffffdfd}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000004cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 420.221642][ T25] kauditd_printk_skb: 19 callbacks suppressed [ 420.221737][ T25] audit: type=1800 audit(1574476274.195:77): pid=10020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16795 res=0 02:31:14 executing program 4: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x1b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x4) [ 420.301356][ T25] audit: type=1804 audit(1574476274.215:78): pid=10020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/113/file0" dev="sda1" ino=16795 res=1 [ 420.339453][ T25] audit: type=1804 audit(1574476274.275:79): pid=10023 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/113/file0" dev="sda1" ino=16795 res=1 [ 420.376332][ T25] audit: type=1804 audit(1574476274.345:80): pid=10022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/" dev="sda1" ino=2328 res=1 02:31:14 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000500)='./file2\x00', 0x0) ioctl$FS_IOC_RESVSP(r1, 0x402c5828, &(0x7f0000000080)={0x0, 0x0, 0x100000000000000a}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) socket$nl_route(0x10, 0x3, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 02:31:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, 0x0, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000003ec0)=ANY=[@ANYBLOB="d00800002400ffffff7f00000005ffffa6fffff7", @ANYRES32=r2, @ANYBLOB="00000000f1ffffff000e00000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff080000000180000003000000090000000200000000800000d00d337d05000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040000000600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001000080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009230000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b3000000060000004b0d00000500000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a00000020000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f0000000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f0000bd52c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e03189000001040000000800000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000800000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000080ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000000d9c3ffffee0000000100000000000000001000006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f0000100005001f02df00e5b9fb0007000000100003001f00030007000000010100001800010005010400090000000400000001040000000000000152d50f6365daeb9c99d09b44785c38ea0d1bcf51e44751de5a729eb37c5c10ce8b3da395baebea9fcdcba6a096515f9de8bb86fa5639e5abc7e282c2d89d6f019fe17ba6806fce8d21e78e20320e2bda8991ecfd0f06dbabd031b574b18d39c91514e2a8e10c11c133f37f713cc7ba213f0b431efd846bf8c97994e0809e66d6856cd0ffa6b821fae98fcc8c0f5f829312d5f6053f844fac4070e23dbc54361d6e1c3fca4dff868987651fe102a3079500129cf4f33b5f993e235d198f7a08967342bbd69384f9a0de7dac23efc25f4276516e09ab16ec84f1f2"], 0x8d0}}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) getpeername$packet(0xffffffffffffffff, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x800000003, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) 02:31:14 executing program 3: gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-0\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8922, &(0x7f0000000000)='nr0\x01:\xf2%\xa3\'>\xf8]\x81\n?\xfa\xffS\x00\x00\xbf\xef\xa9\xac\x03x\xf4D3A}?\a\x8b\x9c[\xdd\x06\xa4\n\xf4\x94\xa8>\xb1\xb1\xa2_&') 02:31:14 executing program 5: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup2(r4, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) close(r2) socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4f21, 0x0) 02:31:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x5}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 02:31:15 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='debugfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) [ 421.042232][ T25] audit: type=1804 audit(1574476275.025:81): pid=10030 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/113/file0" dev="sda1" ino=16795 res=1 [ 421.075628][ T7894] device bridge_slave_1 left promiscuous mode [ 421.101617][ T7894] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.163242][ T7894] device bridge_slave_0 left promiscuous mode [ 421.175327][ T7894] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.187120][ T25] audit: type=1804 audit(1574476275.045:82): pid=10030 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/113/file0" dev="sda1" ino=16795 res=1 02:31:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffa7) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) mkdir(0x0, 0x0) [ 421.314100][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 421.320452][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 421.332859][ T7894] device hsr_slave_0 left promiscuous mode [ 421.382161][ T7894] device hsr_slave_1 left promiscuous mode [ 421.396351][ T25] audit: type=1800 audit(1574476275.375:83): pid=10058 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16795 res=0 02:31:15 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='debugfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000240)=""/192, 0xc0) [ 421.449876][ T7894] team0 (unregistering): Port device team_slave_1 removed [ 421.471696][ T25] audit: type=1804 audit(1574476275.435:84): pid=10058 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/114/file0" dev="sda1" ino=16795 res=1 [ 421.521636][ T7894] team0 (unregistering): Port device team_slave_0 removed 02:31:15 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='maps\x00') pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) [ 421.595166][ T7894] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 421.648190][ T25] audit: type=1804 audit(1574476275.515:85): pid=10059 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/114/file0" dev="sda1" ino=16795 res=1 [ 421.726778][ T7894] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface 02:31:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x5}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 02:31:15 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='debugfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000440)=""/168, 0x148a0dd058264027) [ 421.930227][ T7894] bond0 (unregistering): Released all slaves [ 422.112039][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 422.117834][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 422.272048][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 422.277859][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:31:16 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='debugfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000440)=""/168, 0x148a0dd058264027) 02:31:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffff7b}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r2}]]}}}]}, 0x38}}, 0x0) 02:31:16 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) [ 423.718575][T10098] IPVS: ftp: loaded support on port[0] = 21 [ 423.769420][T10098] chnl_net:caif_netlink_parms(): no params data found [ 423.795585][T10098] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.803059][T10098] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.810884][T10098] device bridge_slave_0 entered promiscuous mode [ 423.818664][T10098] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.825818][T10098] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.833933][T10098] device bridge_slave_1 entered promiscuous mode [ 423.850805][T10098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 423.861967][T10098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 423.881468][T10098] team0: Port device team_slave_0 added [ 423.888359][T10098] team0: Port device team_slave_1 added [ 423.974616][T10098] device hsr_slave_0 entered promiscuous mode [ 424.022539][T10098] device hsr_slave_1 entered promiscuous mode [ 424.062159][T10098] debugfs: Directory 'hsr0' with parent '/' already present! [ 424.076969][T10098] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.084216][T10098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 424.091570][T10098] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.098621][T10098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.129691][T10098] 8021q: adding VLAN 0 to HW filter on device bond0 [ 424.141855][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 424.150406][ T3016] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.159014][ T3016] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.168107][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 424.180577][T10098] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.192143][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 424.200678][ T7784] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.207754][ T7784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.218664][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 424.227275][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.234478][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 424.253379][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 424.262702][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 424.279231][T10098] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 424.290041][T10098] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 424.303509][ T7709] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 424.312493][ T7709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 424.321115][ T7709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 424.330265][ T7709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 424.345243][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 424.352922][ T7784] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 424.365280][T10098] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.526078][T10109] device nr0 entered promiscuous mode [ 424.693655][T10109] device nr0 entered promiscuous mode 02:31:19 executing program 3: gettid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-0\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8922, &(0x7f0000000000)='nr0\x01:\xf2%\xa3\'>\xf8]\x81\n?\xfa\xffS\x00\x00\xbf\xef\xa9\xac\x03x\xf4D3A}?\a\x8b\x9c[\xdd\x06\xa4\n\xf4\x94\xa8>\xb1\xb1\xa2_&') 02:31:19 executing program 0: sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8923, &(0x7f0000000040)='nr0\x01:\xf2%\xa3\'>\xf8]\x81$?\xfa\xff-\x00\x00\xbf\xef\xa9\xac\x03x\xf4D3A}?\a\x8b\x9c[\xdd\x06\xa4\n\xf4\x94\xa8>\xb1\xb1\xa2_&') 02:31:19 executing program 4: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x1b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x4) 02:31:19 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='vboxnet0bdev\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) close(r2) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='memory.stat\x00', 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x70, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0x1}, 0x20801, 0x0, 0x0, 0x5, 0x4, 0x0, 0x7}, r3, 0xb, 0xffffffffffffffff, 0x5) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000003a40)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x9, 0x1}, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0xffff1fa4}, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0xfffffff5) write$cgroup_pid(r4, &(0x7f0000000100), 0xda4fff08) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000240)='hugetlb.2MB.max_usage_in_bytes\x00') write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0), 0x161) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(r2, &(0x7f0000000140)={&(0x7f00000003c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000640)=""/128, 0x80}], 0x1}, 0x20000100) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x660c, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) 02:31:19 executing program 2: pipe(&(0x7f0000000200)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='attr/keycreate\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000005c0)=[{{&(0x7f0000000040)=@ipx, 0xfffffffffffffe44, &(0x7f0000000440)=[{0x0}, {0x0}, {0x0}, {0x0, 0xfc}, {&(0x7f0000000400)=""/28, 0x1c}], 0x5}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/igmp6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) clone(0x7f8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) socket$inet(0x2, 0x2, 0x0) epoll_create(0x40) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="40342bbb015c09200f341757"], 0xc}}, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x40) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000000c0)={0x0, 0x0, 0x0, r2}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 02:31:19 executing program 1: memfd_create(0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffff7b}, 0x1, 0x0, 0x0, 0x8015}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r2}]]}}}]}, 0x38}}, 0x0) 02:31:19 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000500)='attr\x00') fchdir(r0) quotactl(0x0, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) 02:31:19 executing program 1: memfd_create(0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffff7b}, 0x1, 0x0, 0x0, 0x8015}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r2}]]}}}]}, 0x38}}, 0x0) [ 425.186142][T10125] ptrace attach of "/root/syz-executor.2"[10119] was attempted by "/root/syz-executor.2"[10125] [ 425.215675][T10127] ÿ-: renamed from nr0 02:31:19 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cpu.stat\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='vboxnet0bdev\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) close(r2) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='memory.stat\x00', 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x70, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0x1}, 0x20801, 0x0, 0x0, 0x5, 0x4, 0x0, 0x7}, r3, 0xb, 0xffffffffffffffff, 0x5) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000003a40)) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xc0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x9, 0x1}, 0x0, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0xffff1fa4}, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0xfffffff5) write$cgroup_pid(r4, &(0x7f0000000100), 0xda4fff08) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000240)='hugetlb.2MB.max_usage_in_bytes\x00') write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0), 0x161) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(r2, &(0x7f0000000140)={&(0x7f00000003c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000640)=""/128, 0x80}], 0x1}, 0x20000100) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r4, 0x660c, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) 02:31:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f0000000240)) [ 425.365214][T10128] device nr0 entered promiscuous mode 02:31:19 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0x6, 0x0, @buffer={0xce, 0xb8, &(0x7f00000001c0)=""/184}, &(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) 02:31:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) flock(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) mkdir(0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300), 0x12) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x0, 0x70, 0x0, 0x0, 0x2, 0x8, 0x0, 0x84, 0x40, 0x0, 0x0, 0x95b2, 0x0, 0x7ff, 0x0, 0x0, 0x2, 0x7, 0x7, 0x1f, 0x1da, 0x974, 0xbce, 0x80, 0x0, 0x35, 0x0, 0x71e, 0x0, 0xffff, 0x0, 0x3, 0x0, 0x0, 0xc919, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10001}, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x2) r1 = getpgrp(0x0) setpriority(0x0, r1, 0xffff) setpriority(0x0, 0x0, 0xffff) perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0x2) ptrace(0x11, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 02:31:20 executing program 3: 02:31:20 executing program 0: sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8923, &(0x7f0000000040)='nr0\x01:\xf2%\xa3\'>\xf8]\x81$?\xfa\xff-\x00\x00\xbf\xef\xa9\xac\x03x\xf4D3A}?\a\x8b\x9c[\xdd\x06\xa4\n\xf4\x94\xa8>\xb1\xb1\xa2_&') 02:31:20 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000100)={0x53, 0x0, 0x6, 0x0, @buffer={0xce, 0xb8, &(0x7f00000001c0)=""/184}, &(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) 02:31:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f0000000240)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) 02:31:20 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) 02:31:20 executing program 2: syz_open_procfs(0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0x13f1b0a2) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) getpgrp(0xffffffffffffffff) ptrace$setregset(0x4205, 0x0, 0x4, &(0x7f00000001c0)={&(0x7f0000001400)}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) socket$inet6(0xa, 0x2, 0x0) socket(0xb0e688d64f88d05f, 0x0, 0x40) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0xfffffffffffffffd}, 0x2}, 0x1c) connect$inet6(r3, &(0x7f0000000380)={0xa, 0x4e24, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0208000008000000000000000000000005011100000000000a004e240000100000000000000001ffffff0b00000000000014008000005a68866841fa2fc48b0b64ca2ef8a14c33e948c90936e423f4850aae7f9cb24bea1b9a2c90727c91c40b0dc2a50ee28083f285683ca5bcb19895a4f4730faad8ea600ea9eed671318fe46ba644c3e89384bbd370001ffcfe1cef9936e3e8f9eac81f4bd13ec2a95082c12cd902ccbdc371ba04083a7a7f57983471cad30685f7cec0d52cab51c5d683f10ea9dea39c15b42aa83a66eaa5b106509341f244cf2ad88eae0ecb2cc64b30250c535ab0ee6cbe3cac02bc7cec4e665783a5"], 0xf2}}, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socket$key(0xf, 0x3, 0x2) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x800006, 0x1}]}, 0xffffffffffffff15) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x0, 'veth0_to_team\x00'}, 0x18) socket$netlink(0x10, 0x3, 0x2) r5 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r5, &(0x7f000000bfc8)={&(0x7f0000000000)=@nl=@proc, 0x80, 0x0}, 0x0) connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4e23, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x2}, 0x1c) socket(0x1b, 0xb, 0x7) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) 02:31:20 executing program 3: 02:31:20 executing program 5: [ 426.832037][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 426.837881][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:31:20 executing program 4: 02:31:20 executing program 3: 02:31:20 executing program 1: [ 426.912057][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 426.917878][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 426.937762][T10184] ÿ-: renamed from nr0 02:31:21 executing program 5: 02:31:21 executing program 4: 02:31:21 executing program 0: sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8923, &(0x7f0000000040)='nr0\x01:\xf2%\xa3\'>\xf8]\x81$?\xfa\xff-\x00\x00\xbf\xef\xa9\xac\x03x\xf4D3A}?\a\x8b\x9c[\xdd\x06\xa4\n\xf4\x94\xa8>\xb1\xb1\xa2_&') 02:31:21 executing program 1: 02:31:21 executing program 3: 02:31:21 executing program 4: [ 427.417298][T10209] ÿ-: renamed from nr0 02:31:21 executing program 2: 02:31:21 executing program 5: 02:31:21 executing program 1: 02:31:21 executing program 4: 02:31:21 executing program 3: 02:31:21 executing program 0: 02:31:22 executing program 5: 02:31:22 executing program 1: 02:31:22 executing program 0: 02:31:22 executing program 3: 02:31:22 executing program 2: 02:31:22 executing program 4: 02:31:22 executing program 5: 02:31:22 executing program 2: 02:31:22 executing program 0: 02:31:22 executing program 1: 02:31:22 executing program 4: 02:31:22 executing program 3: 02:31:22 executing program 5: 02:31:22 executing program 0: 02:31:22 executing program 4: 02:31:22 executing program 3: 02:31:22 executing program 2: 02:31:22 executing program 5: 02:31:22 executing program 0: 02:31:22 executing program 1: 02:31:22 executing program 4: 02:31:22 executing program 3: 02:31:22 executing program 2: 02:31:23 executing program 5: 02:31:23 executing program 1: 02:31:23 executing program 0: 02:31:23 executing program 4: 02:31:23 executing program 2: 02:31:23 executing program 3: 02:31:23 executing program 5: 02:31:23 executing program 1: 02:31:23 executing program 2: 02:31:23 executing program 4: 02:31:23 executing program 0: 02:31:23 executing program 5: 02:31:23 executing program 1: 02:31:23 executing program 3: 02:31:23 executing program 2: 02:31:23 executing program 4: 02:31:23 executing program 5: 02:31:23 executing program 0: 02:31:23 executing program 1: 02:31:23 executing program 2: 02:31:23 executing program 3: 02:31:23 executing program 4: 02:31:23 executing program 1: 02:31:24 executing program 5: 02:31:24 executing program 0: 02:31:24 executing program 2: 02:31:24 executing program 3: 02:31:24 executing program 4: 02:31:24 executing program 5: 02:31:24 executing program 1: 02:31:24 executing program 2: 02:31:24 executing program 3: 02:31:24 executing program 0: 02:31:24 executing program 3: 02:31:24 executing program 4: 02:31:24 executing program 5: 02:31:24 executing program 2: 02:31:24 executing program 1: 02:31:24 executing program 0: 02:31:24 executing program 2: 02:31:24 executing program 4: 02:31:24 executing program 1: 02:31:24 executing program 3: 02:31:24 executing program 5: 02:31:24 executing program 0: 02:31:24 executing program 2: 02:31:24 executing program 4: 02:31:25 executing program 3: 02:31:25 executing program 5: 02:31:25 executing program 1: 02:31:25 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r0, r1, &(0x7f0000000240)=0x202, 0x4000000000dc) syz_genetlink_get_family_id$nbd(0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) 02:31:25 executing program 0: rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000100), 0x8) 02:31:25 executing program 4: 02:31:25 executing program 5: 02:31:25 executing program 3: 02:31:25 executing program 1: 02:31:25 executing program 2: 02:31:25 executing program 0: 02:31:25 executing program 4: 02:31:25 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockname(r0, 0x0, &(0x7f0000000180)) recvfrom$inet(r0, 0x0, 0xe6161173, 0x2, 0x0, 0x800e0061d) shutdown(r0, 0x0) 02:31:25 executing program 2 (fault-call:1 fault-nth:0): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:25 executing program 1 (fault-call:4 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:31:25 executing program 4 (fault-call:1 fault-nth:0): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:25 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000002400e577a885ddb05cc582f24186cf0d", @ANYRES32=r2, @ANYBLOB="00000000ffffffff0000000008000100687462001c00020018000200030000ac8c5598000000000036a5212827b0e3aef08b97ffd66fdb3929c21b137432acc84bbdcd7764eb9ca07255f3e69b90ef25059da6d7fec2ad1d9443d9309d000db46286be0781875a0c137ff1b82b0b57d2a8452004db8ccb45489e95aafedd78ad6fdff47488f4350e968f6115a806875d2329ac570cb240d7d7d231a01c6140d59935cf02046c127f95935fe0d08e39826236ae2aaf9ab84aaef8e52a00"/202], 0x48}}, 0x0) 02:31:25 executing program 5: creat(&(0x7f0000000040)='./file1\x00', 0x60) clone(0x100000203, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000400)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000300)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x8864c3bc6f0d976a) close(r0) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200800000000013, &(0x7f0000000100)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000440)='./file1\x00', 0x0, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000000)) 02:31:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x3c}}, 0x0) [ 431.859675][T10402] FAULT_INJECTION: forcing a failure. [ 431.859675][T10402] name failslab, interval 1, probability 0, space 0, times 1 [ 431.899522][T10402] CPU: 0 PID: 10402 Comm: syz-executor.4 Not tainted 5.4.0-rc7+ #0 [ 431.907546][T10402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.915075][T10409] FAULT_INJECTION: forcing a failure. [ 431.915075][T10409] name failslab, interval 1, probability 0, space 0, times 1 [ 431.918150][T10402] Call Trace: [ 431.918178][T10402] dump_stack+0x11d/0x181 [ 431.918241][T10402] should_fail.cold+0xa/0x1a [ 431.943191][T10402] __should_failslab+0xee/0x130 [ 431.948045][T10402] should_failslab+0x9/0x14 [ 431.953057][T10402] kmem_cache_alloc_node+0x39/0x660 [ 431.958332][T10402] ? __netlink_lookup+0x24e/0x300 [ 431.963401][T10402] __alloc_skb+0x8e/0x360 [ 431.967743][T10402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 431.974100][T10402] ? netlink_autobind.isra.0+0x135/0x170 [ 431.979774][T10402] netlink_sendmsg+0x5bc/0x770 [ 431.984563][T10402] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 431.990115][T10402] ? netlink_unicast+0x430/0x430 [ 431.995048][T10402] sock_sendmsg+0x9f/0xc0 [ 431.999371][T10402] ___sys_sendmsg+0x59d/0x5d0 [ 432.004149][T10402] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 432.010097][T10402] ? __fget+0xb8/0x1d0 [ 432.014171][T10402] ? __fget_light+0xaf/0x190 [ 432.018803][T10402] ? __fdget+0x2c/0x40 [ 432.022871][T10402] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 432.029314][T10402] __sys_sendmsg+0xa0/0x160 [ 432.033834][T10402] __x64_sys_sendmsg+0x51/0x70 [ 432.038698][T10402] do_syscall_64+0xcc/0x370 [ 432.043249][T10402] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 432.049136][T10402] RIP: 0033:0x45a639 [ 432.053298][T10402] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 432.072936][T10402] RSP: 002b:00007f8fe3174c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.081364][T10402] RAX: ffffffffffffffda RBX: 00007f8fe3174c90 RCX: 000000000045a639 [ 432.089346][T10402] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 432.097350][T10402] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 432.105414][T10402] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe31756d4 [ 432.113449][T10402] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 432.160806][T10409] CPU: 1 PID: 10409 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 432.168756][T10409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.178827][T10409] Call Trace: [ 432.182129][T10409] dump_stack+0x11d/0x181 [ 432.186462][T10409] should_fail.cold+0xa/0x1a [ 432.191090][T10409] __should_failslab+0xee/0x130 [ 432.196001][T10409] should_failslab+0x9/0x14 [ 432.200522][T10409] kmem_cache_alloc_node+0x39/0x660 [ 432.205739][T10409] __alloc_skb+0x8e/0x360 [ 432.210289][T10409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 432.216561][T10409] ? netlink_autobind.isra.0+0x135/0x170 [ 432.222299][T10409] netlink_sendmsg+0x5bc/0x770 [ 432.227317][T10409] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 432.232921][T10409] ? netlink_unicast+0x430/0x430 [ 432.237967][T10409] sock_sendmsg+0x9f/0xc0 [ 432.242312][T10409] ___sys_sendmsg+0x59d/0x5d0 [ 432.247120][T10409] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 432.253106][T10409] ? __fget+0xb8/0x1d0 [ 432.257229][T10409] ? __fget_light+0xaf/0x190 [ 432.261859][T10409] ? __fdget+0x2c/0x40 [ 432.266017][T10409] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 432.272462][T10409] __sys_sendmsg+0xa0/0x160 [ 432.277074][T10409] __x64_sys_sendmsg+0x51/0x70 [ 432.281861][T10409] do_syscall_64+0xcc/0x370 [ 432.286384][T10409] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 432.292306][T10409] RIP: 0033:0x45a639 [ 432.296228][T10409] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 432.304889][T10420] FAULT_INJECTION: forcing a failure. [ 432.304889][T10420] name failslab, interval 1, probability 0, space 0, times 0 [ 432.316202][T10409] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.316285][T10409] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 [ 432.316295][T10409] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 432.316306][T10409] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 02:31:26 executing program 4 (fault-call:1 fault-nth:1): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) [ 432.316315][T10409] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 432.316336][T10409] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 432.378003][T10420] CPU: 0 PID: 10420 Comm: syz-executor.4 Not tainted 5.4.0-rc7+ #0 [ 432.386013][T10420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.396562][T10420] Call Trace: [ 432.399888][T10420] dump_stack+0x11d/0x181 [ 432.404358][T10420] should_fail.cold+0xa/0x1a [ 432.409047][T10420] __should_failslab+0xee/0x130 [ 432.413952][T10420] should_failslab+0x9/0x14 [ 432.418461][T10420] kmem_cache_alloc_node_trace+0x3b/0x670 [ 432.424194][T10420] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 432.430454][T10420] ? memcg_kmem_put_cache+0x91/0xe0 [ 432.435698][T10420] __kmalloc_node_track_caller+0x38/0x50 [ 432.441467][T10420] __kmalloc_reserve.isra.0+0x49/0xd0 [ 432.446887][T10420] __alloc_skb+0xc2/0x360 [ 432.451229][T10420] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 432.457478][T10420] ? netlink_autobind.isra.0+0x135/0x170 [ 432.463110][T10420] netlink_sendmsg+0x5bc/0x770 [ 432.467884][T10420] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 432.473448][T10420] ? netlink_unicast+0x430/0x430 [ 432.478401][T10420] sock_sendmsg+0x9f/0xc0 [ 432.482767][T10420] ___sys_sendmsg+0x59d/0x5d0 [ 432.487462][T10420] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 432.493364][T10420] ? __fget+0xb8/0x1d0 [ 432.497619][T10420] ? __fget_light+0xaf/0x190 [ 432.502226][T10420] ? __fdget+0x2c/0x40 [ 432.506306][T10420] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 432.512564][T10420] __sys_sendmsg+0xa0/0x160 [ 432.517280][T10420] __x64_sys_sendmsg+0x51/0x70 [ 432.522063][T10420] do_syscall_64+0xcc/0x370 [ 432.526579][T10420] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 432.532474][T10420] RIP: 0033:0x45a639 [ 432.536449][T10420] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:31:26 executing program 2 (fault-call:1 fault-nth:1): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x3c}}, 0x0) [ 432.556062][T10420] RSP: 002b:00007f8fe3174c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.564490][T10420] RAX: ffffffffffffffda RBX: 00007f8fe3174c90 RCX: 000000000045a639 [ 432.572680][T10420] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 432.580763][T10420] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 432.588836][T10420] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe31756d4 [ 432.596914][T10420] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 432.603175][T10431] FAULT_INJECTION: forcing a failure. [ 432.603175][T10431] name failslab, interval 1, probability 0, space 0, times 0 [ 432.627157][T10431] CPU: 0 PID: 10431 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 432.635188][T10431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.645359][T10431] Call Trace: [ 432.648642][T10431] dump_stack+0x11d/0x181 [ 432.653186][T10431] should_fail.cold+0xa/0x1a [ 432.657924][T10431] __should_failslab+0xee/0x130 [ 432.662831][T10431] should_failslab+0x9/0x14 [ 432.667357][T10431] kmem_cache_alloc_node_trace+0x3b/0x670 [ 432.673076][T10431] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 432.679318][T10431] ? memcg_kmem_put_cache+0x91/0xe0 [ 432.684546][T10431] __kmalloc_node_track_caller+0x38/0x50 [ 432.690209][T10431] __kmalloc_reserve.isra.0+0x49/0xd0 [ 432.695587][T10431] __alloc_skb+0xc2/0x360 [ 432.700371][T10431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 432.706804][T10431] ? netlink_autobind.isra.0+0x135/0x170 [ 432.712618][T10431] netlink_sendmsg+0x5bc/0x770 [ 432.717379][T10431] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 432.722960][T10431] ? netlink_unicast+0x430/0x430 [ 432.727886][T10431] sock_sendmsg+0x9f/0xc0 [ 432.732298][T10431] ___sys_sendmsg+0x59d/0x5d0 [ 432.737039][T10431] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 432.743419][T10431] ? __fget+0xb8/0x1d0 [ 432.747476][T10431] ? __fget_light+0xaf/0x190 [ 432.752103][T10431] ? __fdget+0x2c/0x40 [ 432.756237][T10431] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 432.762571][T10431] __sys_sendmsg+0xa0/0x160 [ 432.767119][T10431] __x64_sys_sendmsg+0x51/0x70 [ 432.771916][T10431] do_syscall_64+0xcc/0x370 [ 432.776491][T10431] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 432.782378][T10431] RIP: 0033:0x45a639 [ 432.786379][T10431] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 432.806168][T10431] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.814568][T10431] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 [ 432.822532][T10431] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 432.830545][T10431] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 432.838521][T10431] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 432.846494][T10431] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 02:31:26 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000440)={0x1, [0x0]}, &(0x7f0000000480)=0x8) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:31:26 executing program 4 (fault-call:1 fault-nth:2): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:27 executing program 0: r0 = socket$rxrpc(0x21, 0x2, 0x2) r1 = memfd_create(&(0x7f00000002c0)='\x00', 0x0) write(r1, &(0x7f0000000240)='i', 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x110, 0x6, 0x0, &(0x7f0000000200)=0xffffffffffffff1e) 02:31:27 executing program 2 (fault-call:1 fault-nth:2): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) [ 433.116618][T10447] FAULT_INJECTION: forcing a failure. [ 433.116618][T10447] name failslab, interval 1, probability 0, space 0, times 0 02:31:27 executing program 5: creat(&(0x7f0000000040)='./file1\x00', 0x60) clone(0x100000203, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000400)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000300)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x8864c3bc6f0d976a) close(r0) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200800000000013, &(0x7f0000000100)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000440)='./file1\x00', 0x0, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000000)) [ 433.198018][T10447] CPU: 1 PID: 10447 Comm: syz-executor.4 Not tainted 5.4.0-rc7+ #0 [ 433.205977][T10447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.216031][T10447] Call Trace: [ 433.219351][T10447] dump_stack+0x11d/0x181 [ 433.223691][T10447] should_fail.cold+0xa/0x1a [ 433.228302][T10447] __should_failslab+0xee/0x130 [ 433.233299][T10447] should_failslab+0x9/0x14 [ 433.237915][T10447] kmem_cache_alloc+0x29/0x5d0 [ 433.242766][T10447] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 433.249105][T10447] ? __rcu_read_unlock+0x66/0x3c0 [ 433.254295][T10447] skb_clone+0xf9/0x290 [ 433.258468][T10447] netlink_deliver_tap+0x428/0x4a0 [ 433.263608][T10447] netlink_unicast+0x3af/0x430 [ 433.268389][T10447] netlink_sendmsg+0x456/0x770 [ 433.273235][T10447] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 433.278790][T10447] ? netlink_unicast+0x430/0x430 [ 433.283869][T10447] sock_sendmsg+0x9f/0xc0 [ 433.288210][T10447] ___sys_sendmsg+0x59d/0x5d0 [ 433.292944][T10447] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 433.298919][T10447] ? __fget+0xb8/0x1d0 [ 433.303011][T10447] ? __fget_light+0xaf/0x190 [ 433.307608][T10447] ? __fdget+0x2c/0x40 [ 433.311687][T10447] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 433.317970][T10447] __sys_sendmsg+0xa0/0x160 [ 433.322486][T10447] __x64_sys_sendmsg+0x51/0x70 [ 433.327267][T10447] do_syscall_64+0xcc/0x370 [ 433.331846][T10447] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.337739][T10447] RIP: 0033:0x45a639 02:31:27 executing program 3: write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x22, 0x2, 0x4) ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000480)) socket$netlink(0x10, 0x3, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SG_SET_DEBUG(0xffffffffffffffff, 0x227e, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) [ 433.341644][T10447] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 433.361341][T10447] RSP: 002b:00007f8fe3174c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 433.369799][T10447] RAX: ffffffffffffffda RBX: 00007f8fe3174c90 RCX: 000000000045a639 [ 433.378067][T10447] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 433.386046][T10447] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 02:31:27 executing program 0: r0 = socket$rxrpc(0x21, 0x2, 0x2) r1 = memfd_create(&(0x7f00000002c0)='\x00', 0x0) write(r1, &(0x7f0000000240)='i', 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x110, 0x6, 0x0, &(0x7f0000000200)=0xffffffffffffff1e) [ 433.394152][T10447] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe31756d4 [ 433.405280][T10447] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 433.476969][T10465] FAULT_INJECTION: forcing a failure. [ 433.476969][T10465] name failslab, interval 1, probability 0, space 0, times 0 [ 433.509294][T10465] CPU: 1 PID: 10465 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 433.517237][T10465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.527401][T10465] Call Trace: [ 433.530709][T10465] dump_stack+0x11d/0x181 [ 433.535064][T10465] should_fail.cold+0xa/0x1a [ 433.539699][T10465] __should_failslab+0xee/0x130 [ 433.544563][T10465] should_failslab+0x9/0x14 [ 433.549075][T10465] kmem_cache_alloc+0x29/0x5d0 [ 433.553869][T10465] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 433.560125][T10465] ? __rcu_read_unlock+0x66/0x3c0 [ 433.565162][T10465] skb_clone+0xf9/0x290 [ 433.569327][T10465] netlink_deliver_tap+0x428/0x4a0 [ 433.574491][T10465] netlink_unicast+0x3af/0x430 [ 433.579305][T10465] netlink_sendmsg+0x456/0x770 [ 433.584116][T10465] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 433.589745][T10465] ? netlink_unicast+0x430/0x430 [ 433.594726][T10465] sock_sendmsg+0x9f/0xc0 [ 433.599075][T10465] ___sys_sendmsg+0x59d/0x5d0 [ 433.603761][T10465] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 433.609675][T10465] ? __fget+0xb8/0x1d0 [ 433.613784][T10465] ? __fget_light+0xaf/0x190 [ 433.618394][T10465] ? __fdget+0x2c/0x40 [ 433.622482][T10465] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 433.628736][T10465] __sys_sendmsg+0xa0/0x160 [ 433.633264][T10465] __x64_sys_sendmsg+0x51/0x70 [ 433.638132][T10465] do_syscall_64+0xcc/0x370 [ 433.642745][T10465] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 433.648685][T10465] RIP: 0033:0x45a639 [ 433.652600][T10465] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:31:27 executing program 3: syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x80000000, 0x0) 02:31:27 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)) r1 = dup(r0) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0800b5055e0bcfe87b0071") r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @rand_addr="6e31bfd72c89323c0c80b5167329292c"}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r6, 0x84, 0x74, &(0x7f0000000040)={r7, 0x0, 0x30}, &(0x7f0000000140)=0xff66) accept$unix(r1, &(0x7f0000000180), &(0x7f0000000200)=0x6e) sendmsg$TIPC_NL_NET_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x14, r4, 0x303}, 0x14}}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x0, 0x70bd25, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80000000}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x0) ioctl$KVM_SET_PIT2(r1, 0xae64, 0x0) [ 433.672287][T10465] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 433.680725][T10465] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 [ 433.688713][T10465] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 433.696701][T10465] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 433.704681][T10465] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 433.712720][T10465] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 02:31:27 executing program 0: socket(0x0, 0x80002, 0x0) connect$netlink(0xffffffffffffffff, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x0, 0xc1800) dup2(0xffffffffffffffff, 0xffffffffffffffff) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000240)='.^\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa9 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 434.285140][T10497] RSP: 002b:00007f8fe3174c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 02:31:28 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x488580, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='quencer2\x00', 0x8000, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'team0\x00', 0x2}, 0x18) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, 0x0, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000240)='/dev/vbi#\x00', 0x1, 0x2) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = creat(&(0x7f0000000080)='./file0\x00', 0x200) write$cgroup_type(r6, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r6, 0x3, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r6, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa, 0x6}) r7 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x51454, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x9f}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r7, 0x4, 0x42000) r8 = eventfd(0x5) r9 = socket$l2tp(0x18, 0x1, 0x1) r10 = creat(&(0x7f0000000080)='./file0\x00', 0x200) ioctl$FS_IOC_SETFLAGS(r10, 0x40086602, &(0x7f0000000000)) write$cgroup_type(r10, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r10, 0x0, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r10, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa}) r11 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r11, 0x0, 0x2, 0x0) io_submit(0x0, 0x6, &(0x7f0000000700)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x8001, r3, &(0x7f0000000140)="94e9344f9a4458d32b3fa90f1d2f3c937d560bf9c453320a3c848ebeb5240e7c3949c14af7c6c5a6f6383ad54347a5bb7f47f0383c31a96dc705db970839a4d2ce34a4c202e64eda810d038f99ba37cd762c3c784ecbc8144ba637ed5289e1ebfb3e8bf9ddeb66553b21150dad198666b178ca6557e8c3776f48906f44ccf83454fa34188e657af9d705698785b279d2912a296ac4663beb0e9b7c2f54f779bc17122799d1aab86fe2c0cfdfc6ef3cec8e18389ba1e2acbd7168dba7d48e0025483f7420bc280a1d690254ca3bee77af57db2e3929ca25020a8ab817906279d1dbbd529a125b99d560bbc34fe404826670953b78bd4ac42ad24aae9cc0", 0xfd, 0x0, 0x0, 0x2, r4}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x8001, r5, &(0x7f00000002c0)="a6b48276", 0x4, 0x40, 0x0, 0x0, r6}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x7, 0x0, r7, &(0x7f0000000340)="757647922a6a3c1becbe554387ff4bb8005a2080307f4650641638d84a7c90beb7d6a8c0c20a29b358b1ede1c4bbd5810a5defd45da1f7a153aeafc53b53ddba53e6969c45f75b603e842f53112f0c4d066c73f90a35dcc68a39c5e70b8d547a3496a298eeac617206342646b82de9b2c478b5ad003e8f5f430ed6e0d8bb253089c89ea4bb47511415d0039ed5af364976ac463893c8801cc336be78ba704fb435b6693c3eb283646ac941e9bfd9162ed58c2157c4ce054dad47eb1e86056d394e03088054d2479d965766c003e88387041d9a08f93756143adaf193cfab2699307885c5764eaa83954b736f8a77dd2c9fdb484c4f503cef", 0xf8, 0x6, 0x0, 0x2, r8}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x7, r9, &(0x7f0000000480)="b66e783dc3bae4fbb5b0649931cd794b8cee0f90bf80ea4aef4c38b895b1a474e3ac748dc877fd7bd7e566c93e4c65167e521052", 0x34, 0x0, 0x0, 0x1, r10}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3f, r1, 0x0, 0x0, 0x0, 0x0, 0x7b5b95f78afd6518}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x5, 0x0, r2, &(0x7f0000000640)="dbd983f8c2586f143549f91949f26a5555cad83579bedf2e398a324873af740a2d6e6b4006", 0x25, 0x8001, 0x0, 0x3, r11}]) ioctl$SIOCAX25ADDFWD(r4, 0x89ea, &(0x7f0000000100)={@null, @null}) fsmount(r0, 0x0, 0x2) r12 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x80100, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r13, 0x4040ae77, &(0x7f0000000000)) r14 = dup(r13) ioctl$KVM_SET_PIT2(r14, 0xae64, 0x0) 02:31:28 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000200)="b805000000b9510000000f01c10f46a78900000066ba2100b07bee66ba4100edb9800000830f32b9800000c00f3235000100000f300f304f215c66b808008ed0660f38806f000f011c268ee0", 0xfffffffffffffdfd}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000004cb, 0x0, 0x7, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 434.293787][T10497] RAX: ffffffffffffffda RBX: 00007f8fe3174c90 RCX: 000000000045a639 [ 434.301764][T10497] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 434.309754][T10497] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 434.309794][T10497] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe31756d4 [ 434.309805][T10497] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 434.312405][ T25] audit: type=1804 audit(1574476288.075:86): pid=10514 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/140/file0" dev="sda1" ino=16577 res=1 [ 434.367851][T10486] blk_update_request: I/O error, dev loop0, sector 256 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 434.379583][T10518] IPVS: sync thread started: state = BACKUP, mcast_ifn = team0, syncid = 2, id = 0 [ 434.379644][T10517] FAULT_INJECTION: forcing a failure. [ 434.379644][T10517] name failslab, interval 1, probability 0, space 0, times 0 [ 434.452307][T10517] CPU: 1 PID: 10517 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 434.462814][T10517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.473587][T10517] Call Trace: [ 434.476984][T10517] dump_stack+0x11d/0x181 [ 434.481324][T10517] should_fail.cold+0xa/0x1a [ 434.485967][T10517] __should_failslab+0xee/0x130 [ 434.490830][T10517] should_failslab+0x9/0x14 [ 434.495344][T10517] kmem_cache_alloc_trace+0x2a/0x5d0 [ 434.500643][T10517] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 434.506605][T10517] ? __rtnl_newlink+0x1010/0x1010 [ 434.511791][T10517] rtnl_newlink+0x45/0x90 [ 434.516121][T10517] rtnetlink_rcv_msg+0x1d3/0x500 [ 434.521062][T10517] ? __rcu_read_unlock+0x66/0x3c0 [ 434.526212][T10517] netlink_rcv_skb+0xb0/0x260 [ 434.531247][T10517] ? rtnl_calcit.isra.0+0x220/0x220 [ 434.536513][T10517] rtnetlink_rcv+0x26/0x30 [ 434.543369][T10517] netlink_unicast+0x354/0x430 [ 434.548151][T10517] netlink_sendmsg+0x456/0x770 02:31:28 executing program 4 (fault-call:1 fault-nth:4): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) [ 434.552963][T10517] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 434.558582][T10517] ? netlink_unicast+0x430/0x430 [ 434.563546][T10517] sock_sendmsg+0x9f/0xc0 [ 434.567887][T10517] ___sys_sendmsg+0x59d/0x5d0 [ 434.572579][T10517] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 434.578552][T10517] ? __fget+0xb8/0x1d0 [ 434.582636][T10517] ? __fget_light+0xaf/0x190 [ 434.587232][T10517] ? __fdget+0x2c/0x40 [ 434.591398][T10517] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 434.597709][T10517] __sys_sendmsg+0xa0/0x160 02:31:28 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x389}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = socket(0xa, 0x40000000002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000140)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_open_procfs(0x0, &(0x7f0000000340)='net/anycast6\x00') preadv(r4, &(0x7f00000017c0), 0x3a8, 0x0) [ 434.602265][T10517] __x64_sys_sendmsg+0x51/0x70 [ 434.607032][T10517] do_syscall_64+0xcc/0x370 [ 434.611571][T10517] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 434.617484][T10517] RIP: 0033:0x45a639 [ 434.621388][T10517] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 434.640998][T10517] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 434.649468][T10517] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 [ 434.657572][T10517] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 434.665553][T10517] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 434.673725][T10517] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 434.681743][T10517] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 434.692770][ T25] audit: type=1804 audit(1574476288.675:87): pid=10525 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/140/file0" dev="sda1" ino=16577 res=1 [ 434.740431][T10531] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 434.752113][T10531] FAULT_INJECTION: forcing a failure. [ 434.752113][T10531] name failslab, interval 1, probability 0, space 0, times 0 [ 434.765282][T10531] CPU: 0 PID: 10531 Comm: syz-executor.4 Not tainted 5.4.0-rc7+ #0 [ 434.773542][T10531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.773548][T10531] Call Trace: [ 434.773626][T10531] dump_stack+0x11d/0x181 [ 434.773655][T10531] should_fail.cold+0xa/0x1a [ 434.796207][T10531] __should_failslab+0xee/0x130 [ 434.801128][T10531] should_failslab+0x9/0x14 [ 434.805646][T10531] kmem_cache_alloc_node_trace+0x3b/0x670 [ 434.811443][T10531] ? refcount_dec_and_test_checked+0x2c/0x40 [ 434.817452][T10531] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 434.823878][T10531] ? apparmor_capable+0x1c3/0x300 [ 434.828927][T10531] __kmalloc_node+0x38/0x50 [ 434.833640][T10531] kvmalloc_node+0x71/0x100 [ 434.838155][T10531] alloc_netdev_mqs+0xb0/0x890 [ 434.842939][T10531] ? ip6erspan_tap_init+0x360/0x360 [ 434.848330][T10531] ? ip6erspan_tap_init+0x360/0x360 [ 434.853539][T10531] rtnl_create_link+0x181/0x4f0 [ 434.858475][T10531] __rtnl_newlink+0xbe9/0x1010 [ 434.863443][T10531] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 434.869705][T10531] ? debug_smp_processor_id+0x4c/0x172 [ 434.875171][T10531] ? delay_tsc+0x8f/0xc0 [ 434.879423][T10531] ? cgroup_rstat_updated+0xbe/0x1e0 [ 434.884806][T10531] ? __rcu_read_unlock+0x66/0x3c0 [ 434.890026][T10531] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 434.896272][T10531] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 434.909383][T10531] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 434.915703][T10531] ? __this_cpu_preempt_check+0x4a/0x170 [ 434.921454][T10531] ? __rtnl_newlink+0x1010/0x1010 [ 434.926547][T10531] rtnl_newlink+0x63/0x90 [ 434.930987][T10531] rtnetlink_rcv_msg+0x1d3/0x500 [ 434.936029][T10531] ? __rcu_read_unlock+0x66/0x3c0 [ 434.941098][T10531] netlink_rcv_skb+0xb0/0x260 [ 434.945777][T10531] ? rtnl_calcit.isra.0+0x220/0x220 [ 434.951000][T10531] rtnetlink_rcv+0x26/0x30 [ 434.955420][T10531] netlink_unicast+0x354/0x430 [ 434.960261][T10531] netlink_sendmsg+0x456/0x770 [ 434.965105][T10531] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 434.970677][T10531] ? netlink_unicast+0x430/0x430 [ 434.975621][T10531] sock_sendmsg+0x9f/0xc0 [ 434.980207][T10531] ___sys_sendmsg+0x59d/0x5d0 [ 434.984904][T10531] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 434.991091][T10531] ? __fget+0xb8/0x1d0 [ 434.995269][T10531] ? __fget_light+0xaf/0x190 [ 434.999903][T10531] ? __fdget+0x2c/0x40 [ 435.003990][T10531] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 435.010328][T10531] __sys_sendmsg+0xa0/0x160 [ 435.014902][T10531] __x64_sys_sendmsg+0x51/0x70 [ 435.019874][T10531] do_syscall_64+0xcc/0x370 [ 435.025779][T10531] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 435.031671][T10531] RIP: 0033:0x45a639 [ 435.036184][T10531] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 435.055997][T10531] RSP: 002b:00007f8fe3174c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 435.064520][T10531] RAX: ffffffffffffffda RBX: 00007f8fe3174c90 RCX: 000000000045a639 [ 435.072606][T10531] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 435.080778][T10531] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 435.089206][T10531] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe31756d4 [ 435.097180][T10531] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 02:31:29 executing program 2 (fault-call:1 fault-nth:4): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:29 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xd07, 0x0, 0x0, {}, [@IFLA_OPERSTATE={0x8}, @IFLA_LINKINFO={0x10, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x4}}}, @IFLA_TXQLEN={0x8}]}, 0x40}}, 0x0) 02:31:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='^\x0f\xaf\x1d/\x15\xf5\x80&', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$vsock_dgram(0x28, 0x2, 0x0) sendto(r2, &(0x7f0000000080)="7c52aba7a00c3f96ddfd33cd07e248e188a08e8baab0a75198ca2f6a95a4645bee95aae83bf077ca2c524546e3b85eb9501eaaa15d63a599892d", 0x3a, 0x54, &(0x7f00000000c0)=@ethernet={0x1, @link_local}, 0x80) r3 = dup(r1) ioctl$KVM_SET_PIT2(r3, 0xae64, 0x0) ioctl$TIOCCONS(r3, 0x541d) 02:31:29 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_void(r0, 0x1, 0xd, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') preadv(r1, 0x0, 0x0, 0x0) ioctl$NBD_CLEAR_SOCK(r1, 0xab04) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400a, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = dup(r1) write$P9_RLOPEN(r2, &(0x7f0000000280)={0x18, 0xd, 0x2, {{0x183, 0x1, 0x6}, 0x20}}, 0x18) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f00000000c0), &(0x7f0000000140)=0x4) r3 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x6, 0x0, 0x0, 0x60}, 0x8, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000180)=""/207, 0xcf}], 0x1, 0x0) 02:31:29 executing program 4 (fault-call:1 fault-nth:5): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) [ 435.282812][T10545] FAULT_INJECTION: forcing a failure. [ 435.282812][T10545] name failslab, interval 1, probability 0, space 0, times 0 [ 435.326270][T10545] CPU: 1 PID: 10545 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 435.334227][T10545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 435.344287][T10545] Call Trace: [ 435.347647][T10545] dump_stack+0x11d/0x181 [ 435.351996][T10545] should_fail.cold+0xa/0x1a [ 435.356627][T10545] __should_failslab+0xee/0x130 [ 435.361662][T10545] should_failslab+0x9/0x14 [ 435.366170][T10545] kmem_cache_alloc_node_trace+0x3b/0x670 [ 435.371987][T10545] ? refcount_dec_and_test_checked+0x2c/0x40 [ 435.378261][T10545] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 435.384606][T10545] ? apparmor_capable+0x1c3/0x300 [ 435.389660][T10545] __kmalloc_node+0x38/0x50 [ 435.394219][T10545] kvmalloc_node+0x71/0x100 [ 435.398909][T10545] alloc_netdev_mqs+0xb0/0x890 [ 435.403685][T10545] ? ip6gre_tap_validate+0x1f0/0x1f0 [ 435.411019][T10545] ? ip6gre_tap_validate+0x1f0/0x1f0 [ 435.416315][T10545] rtnl_create_link+0x181/0x4f0 [ 435.421178][T10545] __rtnl_newlink+0xbe9/0x1010 02:31:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{}]}) [ 435.425984][T10545] ? finish_task_switch+0x7b/0x260 [ 435.431116][T10545] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 435.437490][T10545] ? debug_smp_processor_id+0x4c/0x172 [ 435.442965][T10545] ? delay_tsc+0x8f/0xc0 [ 435.447221][T10545] ? __const_udelay+0x36/0x40 [ 435.451918][T10545] ? __udelay+0x10/0x20 [ 435.456089][T10545] ? tomoyo_profile+0x42/0x50 [ 435.460817][T10545] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 435.467085][T10545] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 435.472965][T10545] ? __rtnl_newlink+0x1010/0x1010 [ 435.478008][T10545] rtnl_newlink+0x63/0x90 [ 435.482394][T10545] rtnetlink_rcv_msg+0x1d3/0x500 [ 435.487352][T10545] ? __rcu_read_unlock+0x66/0x3c0 [ 435.492404][T10545] netlink_rcv_skb+0xb0/0x260 [ 435.497134][T10545] ? rtnl_calcit.isra.0+0x220/0x220 [ 435.502346][T10545] rtnetlink_rcv+0x26/0x30 [ 435.506774][T10545] netlink_unicast+0x354/0x430 [ 435.511559][T10545] netlink_sendmsg+0x456/0x770 [ 435.516324][T10545] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 435.521928][T10545] ? netlink_unicast+0x430/0x430 [ 435.526888][T10545] sock_sendmsg+0x9f/0xc0 [ 435.531233][T10545] ___sys_sendmsg+0x59d/0x5d0 [ 435.535947][T10545] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 435.541848][T10545] ? __fget+0xb8/0x1d0 [ 435.545990][T10545] ? __fget_light+0xaf/0x190 [ 435.550672][T10545] ? __fdget+0x2c/0x40 [ 435.554749][T10545] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 435.560999][T10545] __sys_sendmsg+0xa0/0x160 [ 435.565690][T10545] __x64_sys_sendmsg+0x51/0x70 [ 435.572114][T10545] do_syscall_64+0xcc/0x370 [ 435.576626][T10545] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 435.582536][T10545] RIP: 0033:0x45a639 [ 435.586545][T10545] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 435.606261][T10545] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 435.614882][T10545] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 [ 435.623202][T10545] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 435.631617][T10545] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 435.639702][T10545] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 435.647818][T10545] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 02:31:29 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$f2fs(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x4, &(0x7f0000000700)=[{&(0x7f0000000440)="27057404e5ea7c824616e5d77f61d1aca02f8b961d342c32b0518ee82dea6d76a243d25c6e56e2b9aa6f01a7349ff0bbaf3f793d0002dbfd5c9ceacea9a1334f1cb8a703ba5bff8525b451607cd52e0fbc714100969878d46d1b388a871117dd5b6d", 0x62, 0x2}, {0x0, 0x0, 0x5}, {&(0x7f00000005c0)="e6d7225eda1bec1862d32d58f9076f13cb6d8f747ebabcdc7820b6457fc9c7b6d96273bf80cb02c428c3c254f57e740c55b9125e319328abc755b4f166c00d92e9f9cafa0b56400e87d49a60b72fc6a7889db0e2df35b97a03", 0x59, 0x7ff}, {&(0x7f0000000640)}], 0x20000, &(0x7f0000000780)={[], [{@defcontext={'defcontext', 0x3d, 'root'}}, {@euid_eq={'euid'}}]}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 435.716931][T10549] netlink: 'syz-executor.3': attribute type 16 has an invalid length. [ 435.725698][T10559] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 435.736135][T10559] FAULT_INJECTION: forcing a failure. [ 435.736135][T10559] name failslab, interval 1, probability 0, space 0, times 0 [ 435.757330][T10559] CPU: 1 PID: 10559 Comm: syz-executor.4 Not tainted 5.4.0-rc7+ #0 [ 435.765283][T10559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 435.775448][T10559] Call Trace: [ 435.778766][T10559] dump_stack+0x11d/0x181 [ 435.783183][T10559] should_fail.cold+0xa/0x1a [ 435.787804][T10559] __should_failslab+0xee/0x130 [ 435.792695][T10559] should_failslab+0x9/0x14 [ 435.797316][T10559] kmem_cache_alloc_trace+0x2a/0x5d0 [ 435.802697][T10559] ? pcpu_alloc_area+0x387/0x510 [ 435.807886][T10559] __hw_addr_create_ex+0x63/0x1b0 [ 435.813002][T10559] __hw_addr_add_ex+0x1a3/0x210 [ 435.817900][T10559] dev_addr_init+0xb4/0x120 [ 435.822436][T10559] alloc_netdev_mqs+0x12d/0x890 [ 435.827752][T10559] ? ip6erspan_tap_init+0x360/0x360 [ 435.832974][T10559] ? ip6erspan_tap_init+0x360/0x360 [ 435.838179][T10559] rtnl_create_link+0x181/0x4f0 [ 435.843058][T10559] __rtnl_newlink+0xbe9/0x1010 [ 435.847856][T10559] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 435.854169][T10559] ? debug_smp_processor_id+0x4c/0x172 [ 435.859699][T10559] ? delay_tsc+0x8f/0xc0 02:31:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f0000000240)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) [ 435.863985][T10559] ? cgroup_rstat_updated+0xbe/0x1e0 [ 435.869359][T10559] ? __rcu_read_unlock+0x66/0x3c0 [ 435.874399][T10559] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 435.880735][T10559] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 435.886762][T10559] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 435.893143][T10559] ? __this_cpu_preempt_check+0x4a/0x170 [ 435.898891][T10559] ? __rtnl_newlink+0x1010/0x1010 [ 435.903927][T10559] rtnl_newlink+0x63/0x90 [ 435.908265][T10559] rtnetlink_rcv_msg+0x1d3/0x500 02:31:29 executing program 2 (fault-call:1 fault-nth:5): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) [ 435.913306][T10559] ? __rcu_read_unlock+0x66/0x3c0 [ 435.918332][T10559] netlink_rcv_skb+0xb0/0x260 [ 435.923061][T10559] ? rtnl_calcit.isra.0+0x220/0x220 [ 435.928275][T10559] rtnetlink_rcv+0x26/0x30 [ 435.932703][T10559] netlink_unicast+0x354/0x430 [ 435.937477][T10559] netlink_sendmsg+0x456/0x770 [ 435.942247][T10559] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 435.947803][T10559] ? netlink_unicast+0x430/0x430 [ 435.952780][T10559] sock_sendmsg+0x9f/0xc0 [ 435.957151][T10559] ___sys_sendmsg+0x59d/0x5d0 [ 435.961958][T10559] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 435.967870][T10559] ? __fget+0xb8/0x1d0 [ 435.971962][T10559] ? __fget_light+0xaf/0x190 [ 435.976575][T10559] ? __fdget+0x2c/0x40 [ 435.980660][T10559] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 435.987587][T10559] __sys_sendmsg+0xa0/0x160 [ 435.992111][T10559] __x64_sys_sendmsg+0x51/0x70 [ 435.997010][T10559] do_syscall_64+0xcc/0x370 [ 436.001609][T10559] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.007504][T10559] RIP: 0033:0x45a639 [ 436.011488][T10559] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 436.031216][T10559] RSP: 002b:00007f8fe3174c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 436.039668][T10559] RAX: ffffffffffffffda RBX: 00007f8fe3174c90 RCX: 000000000045a639 [ 436.047661][T10559] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 436.055666][T10559] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 436.064111][T10559] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe31756d4 [ 436.072376][T10559] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 436.098081][T10574] FAULT_INJECTION: forcing a failure. [ 436.098081][T10574] name failslab, interval 1, probability 0, space 0, times 0 02:31:30 executing program 3: syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0xffff) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0) ioctl$int_in(r1, 0x800060c0045006, &(0x7f0000000040)=0x100000035) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x89a2, &(0x7f0000000180)={'bridge0\x00\x00\x01\x00'}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) syz_open_dev$dspn(0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) timer_create(0x0, &(0x7f0000000380), 0x0) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000000c0)='\x00'}, 0x30) [ 436.168868][T10574] CPU: 1 PID: 10574 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 436.178410][T10574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.188493][T10574] Call Trace: [ 436.191903][T10574] dump_stack+0x11d/0x181 [ 436.196433][T10574] should_fail.cold+0xa/0x1a [ 436.201242][T10574] __should_failslab+0xee/0x130 [ 436.206110][T10574] should_failslab+0x9/0x14 [ 436.210649][T10574] kmem_cache_alloc_trace+0x2a/0x5d0 02:31:30 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_void(r0, 0x1, 0xd, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') preadv(r1, 0x0, 0x0, 0x0) ioctl$NBD_CLEAR_SOCK(r1, 0xab04) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400a, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = dup(r1) write$P9_RLOPEN(r2, &(0x7f0000000280)={0x18, 0xd, 0x2, {{0x183, 0x1, 0x6}, 0x20}}, 0x18) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f00000000c0), &(0x7f0000000140)=0x4) r3 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x6, 0x0, 0x0, 0x60}, 0x8, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000180)=""/207, 0xcf}], 0x1, 0x0) [ 436.216074][T10574] ? pcpu_alloc_area+0x387/0x510 [ 436.221030][T10574] __hw_addr_create_ex+0x63/0x1b0 [ 436.226206][T10574] __hw_addr_add_ex+0x1a3/0x210 [ 436.231096][T10574] dev_addr_init+0xb4/0x120 [ 436.235624][T10574] alloc_netdev_mqs+0x12d/0x890 [ 436.240575][T10574] ? ip6gre_tap_validate+0x1f0/0x1f0 [ 436.245902][T10574] ? ip6gre_tap_validate+0x1f0/0x1f0 [ 436.251229][T10574] rtnl_create_link+0x181/0x4f0 [ 436.258223][T10574] __rtnl_newlink+0xbe9/0x1010 [ 436.263493][T10574] ? __schedule+0x31e/0x690 [ 436.268102][T10574] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 436.273933][T10574] ? widen_string+0x4a/0x1a0 [ 436.278653][T10574] ? cgroup_rstat_updated+0xbe/0x1e0 [ 436.284479][T10574] ? __rcu_read_unlock+0x66/0x3c0 [ 436.289593][T10574] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 436.296199][T10574] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 436.302778][T10574] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 436.309445][T10574] ? __this_cpu_preempt_check+0x4a/0x170 [ 436.315622][T10574] ? __rtnl_newlink+0x1010/0x1010 [ 436.321028][T10574] rtnl_newlink+0x63/0x90 [ 436.326235][T10574] rtnetlink_rcv_msg+0x1d3/0x500 [ 436.331248][T10574] ? __rcu_read_unlock+0x66/0x3c0 [ 436.336297][T10574] netlink_rcv_skb+0xb0/0x260 [ 436.341023][T10574] ? rtnl_calcit.isra.0+0x220/0x220 [ 436.346273][T10574] rtnetlink_rcv+0x26/0x30 [ 436.350722][T10574] netlink_unicast+0x354/0x430 [ 436.356035][T10574] netlink_sendmsg+0x456/0x770 [ 436.362060][T10574] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 436.367678][T10574] ? netlink_unicast+0x430/0x430 [ 436.372909][T10574] sock_sendmsg+0x9f/0xc0 [ 436.377640][T10574] ___sys_sendmsg+0x59d/0x5d0 [ 436.382745][T10574] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 436.388652][T10574] ? __fget+0xb8/0x1d0 [ 436.392849][T10574] ? __fget_light+0xaf/0x190 [ 436.397562][T10574] ? __fdget+0x2c/0x40 [ 436.401667][T10574] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 436.407960][T10574] __sys_sendmsg+0xa0/0x160 [ 436.412496][T10574] __x64_sys_sendmsg+0x51/0x70 [ 436.417544][T10574] do_syscall_64+0xcc/0x370 [ 436.422245][T10574] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.428330][T10574] RIP: 0033:0x45a639 [ 436.432670][T10574] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 436.452355][T10574] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 436.461403][T10574] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 02:31:30 executing program 4 (fault-call:1 fault-nth:6): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000080)={0x0, 0x0, {0x30, 0x10, 0xd, 0x1b, 0x4, 0x4, 0x6, 0xe2, 0x1}}) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) [ 436.470109][T10574] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 436.478911][T10574] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 436.488599][T10574] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 436.497224][T10574] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 02:31:30 executing program 3: syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x0, r0, 0xffff) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0) ioctl$int_in(r1, 0x800060c0045006, &(0x7f0000000040)=0x100000035) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x89a2, &(0x7f0000000180)={'bridge0\x00\x00\x01\x00'}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) syz_open_dev$dspn(0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) timer_create(0x0, &(0x7f0000000380), 0x0) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000000c0)='\x00'}, 0x30) [ 436.655854][T10597] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 436.687103][T10597] FAULT_INJECTION: forcing a failure. [ 436.687103][T10597] name failslab, interval 1, probability 0, space 0, times 0 [ 436.721780][T10597] CPU: 1 PID: 10597 Comm: syz-executor.4 Not tainted 5.4.0-rc7+ #0 [ 436.729888][T10597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.740025][T10597] Call Trace: [ 436.743446][T10597] dump_stack+0x11d/0x181 [ 436.747789][T10597] should_fail.cold+0xa/0x1a [ 436.752482][T10597] __should_failslab+0xee/0x130 [ 436.757496][T10597] should_failslab+0x9/0x14 [ 436.762631][T10597] kmem_cache_alloc_node_trace+0x3b/0x670 [ 436.768608][T10597] ? _get_random_bytes+0x114/0x270 [ 436.773729][T10597] __kmalloc_node+0x38/0x50 [ 436.778233][T10597] kvmalloc_node+0x71/0x100 [ 436.782737][T10597] alloc_netdev_mqs+0x498/0x890 [ 436.787783][T10597] ? ip6erspan_tap_init+0x360/0x360 [ 436.793314][T10597] rtnl_create_link+0x181/0x4f0 [ 436.798455][T10597] __rtnl_newlink+0xbe9/0x1010 [ 436.803611][T10597] ? __schedule+0x31e/0x690 [ 436.808307][T10597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 436.814980][T10597] ? debug_smp_processor_id+0x4c/0x172 [ 436.821518][T10597] ? delay_tsc+0x8f/0xc0 [ 436.825944][T10597] ? __const_udelay+0x36/0x40 [ 436.830810][T10597] ? __udelay+0x10/0x20 [ 436.835028][T10597] ? tomoyo_profile+0x42/0x50 [ 436.839901][T10597] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 436.846181][T10597] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 436.852106][T10597] ? ns_capable_common+0xa0/0xc0 [ 436.857180][T10597] ? __rtnl_newlink+0x1010/0x1010 [ 436.864328][T10597] rtnl_newlink+0x63/0x90 [ 436.868830][T10597] rtnetlink_rcv_msg+0x1d3/0x500 [ 436.873780][T10597] ? __rcu_read_unlock+0x66/0x3c0 [ 436.879280][T10597] netlink_rcv_skb+0xb0/0x260 [ 436.884079][T10597] ? rtnl_calcit.isra.0+0x220/0x220 [ 436.890529][T10597] rtnetlink_rcv+0x26/0x30 [ 436.898286][T10597] netlink_unicast+0x354/0x430 [ 436.904914][T10597] netlink_sendmsg+0x456/0x770 [ 436.910557][T10597] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 436.917234][T10597] ? netlink_unicast+0x430/0x430 [ 436.922528][T10597] sock_sendmsg+0x9f/0xc0 [ 436.926954][T10597] ___sys_sendmsg+0x59d/0x5d0 [ 436.933179][T10597] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 436.939182][T10597] ? __fget+0xb8/0x1d0 [ 436.943274][T10597] ? __fget_light+0xaf/0x190 [ 436.947971][T10597] ? __fdget+0x2c/0x40 [ 436.952130][T10597] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 436.959376][T10597] __sys_sendmsg+0xa0/0x160 [ 436.966029][T10597] __x64_sys_sendmsg+0x51/0x70 [ 436.972490][T10597] do_syscall_64+0xcc/0x370 [ 436.977473][T10597] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 436.984128][T10597] RIP: 0033:0x45a639 [ 436.988161][T10597] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 437.008003][T10597] RSP: 002b:00007f8fe3174c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 02:31:31 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000180)={0x0, 0x2}) r0 = getpgrp(0x0) setpriority(0x0, r0, 0xffff) ptrace$getenv(0x4201, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0) ioctl$int_in(r1, 0x800060c0045006, &(0x7f0000000040)=0x100000035) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000880), 0x1000) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000d06000), 0x2a6) memfd_create(0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) prctl$PR_SET_PTRACER(0x59616d61, 0x0) timer_create(0x0, &(0x7f0000000380), 0x0) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$dmmidi(0x0, 0x5, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xae64, 0x0) [ 437.016516][T10597] RAX: ffffffffffffffda RBX: 00007f8fe3174c90 RCX: 000000000045a639 [ 437.024842][T10597] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 437.033233][T10597] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 437.041417][T10597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe31756d4 [ 437.049466][T10597] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 02:31:31 executing program 2 (fault-call:1 fault-nth:6): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000540)={0xfffffffc}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'team0\x00', 0x2}, 0x18) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000240)='/dev/vbi#\x00', 0x1, 0x2) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) r7 = creat(&(0x7f0000000080)='./file0\x00', 0x200) write$cgroup_type(r7, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r7, 0x3, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r7, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa, 0x6}) r8 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r8, 0x4, 0x42000) r9 = eventfd(0x5) r10 = socket$l2tp(0x18, 0x1, 0x1) r11 = creat(&(0x7f0000000080)='./file0\x00', 0x200) ioctl$FS_IOC_SETFLAGS(r11, 0x40086602, &(0x7f0000000000)) write$cgroup_type(r11, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r11, 0x0, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r11, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa}) r12 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r12, 0x0, 0x2, 0x0) io_setup(0x98a4, &(0x7f00000004c0)=0x0) io_submit(r13, 0x6, &(0x7f0000000700)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x8001, r4, &(0x7f0000000140)="94e9344f9a4458d32b3fa90f1d2f3c937d560bf9c453320a3c848ebeb5240e7c3949c14af7c6c5a6f6383ad54347a5bb7f47f0383c31a96dc705db970839a4d2ce34a4c202e64eda810d038f99ba37cd762c3c784ecbc8144ba637ed5289e1ebfb3e8bf9ddeb66553b21150dad198666b178ca6557e8c3776f48906f44ccf83454fa34188e657af9d705698785b279d2912a296ac4663beb0e9b7c2f54f779bc17122799d1aab86fe2c0cfdfc6ef3cec8e18389ba1e2acbd7168dba7d48e0025483f7420bc280a1d690254ca3bee77af57db2e3929ca25020a8ab817906279d1dbbd529a125b99d560bbc34fe404826670953b78bd4ac42ad24aae9cc0", 0xfd, 0x200000000000000, 0x0, 0x2, r5}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x8, 0x8001, r6, &(0x7f00000002c0)="a6b48276", 0x4, 0x40, 0x0, 0x0, r7}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x7, 0x0, r8, &(0x7f0000000340)="757647922a6a3c1becbe554387ff4bb8005a2080307f4650641638d84a7c90beb7d6a8c0c20a29b358b1ede1c4bbd5810a5defd45da1f7a153aeafc53b53ddba53e6969c45f75b603e842f53112f0c4d066c73f90a35dcc68a39c5e70b8d547a3496a298eeac617206342646b82de9b2c478b5ad003e8f5f430ed6e0d8bb253089c89ea4bb47511415d0039ed5af364976ac463893c8801cc336be78ba704fb435b6693c3eb283646ac941e9bfd9162ed58c2157c4ce054dad47eb1e86056d394e03088054d2479d965766c003e88387041d9a08f93756143adaf193cfab2699307885c5764eaa83954b736f8a77dd2c9fdb484c4f503cef", 0xf8, 0x6, 0x0, 0x2, r9}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x3, r10, &(0x7f0000000480)="b66e783dc3bae4fbb5b0649931cd794b8cee0f90bf80ea4aef4c38b895b1a474e3ac748dc877fd7bd7e566c93e4c65167e521052", 0x34, 0x0, 0x0, 0x1, r11}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3f, r2, 0x0, 0x0, 0x0, 0x0, 0x7b5b95f78afd6519}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, &(0x7f0000000640)="dbd983f8c2586f143549f91949f26a5555cad83579bedf2e398a324873af740a2d6e6b4006", 0x25, 0x8001, 0x0, 0x3, r12}]) write$P9_RRENAME(r7, &(0x7f0000000080)={0x7, 0x15, 0x1}, 0x7) r14 = dup(r1) ioctl$KVM_SET_PIT2(r14, 0xae64, 0x0) 02:31:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x28000000) r0 = mq_open(&(0x7f00000002c0)='\\\xf7\xa0\xcc\x16H-o\x007\xe6\xb3\x1a\x8eiz\xdd06P\xd4\x88\x00s\xefu\xdfa\x01y\xde\xc26\xaa\x04\xe9F\x87y\xba\a\x00\x00\x00\x00\x00\x00\x005\x98U\xb4\x9b\x88\x9b\xb5\xe4\x9b5\x8ey:oz\xf5\'f\xd6\xfe\x93\xca\x06r\xac\x1b\x8a\x87\xcafw\xd5\"\x0f\xb7|\xb6\x13\xb3\xdb\x91\x04\xd1j\xa1\xcal\xc7jt\xe7\xbdK\xdcR&u{\x03\xf8[\x01\x03$Wl@\xc1\xc8e\\s\x9f\xc1\xa6\x8d\xf5\xe2\xbc\xb6\xe5\xedF\xc8(\x9eH\xeau\xe7\x85\xeb]d\x97\xcd#;\x10\xb9\x182\xcf^1v|\x1cA\x9dFF\xcd\x88?%', 0x6e93ebbbc80884f2, 0x54, 0x0) syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x0, 0x2c59c2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x1000000000000, &(0x7f0000000000)={0x2, 0x800000000000004, 0x0, 0x28ad, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x0, 0x5, 0x7, 0xd}, 0x3c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x9, 0x4, 0x100000001, 0x0, r1}, 0x3c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0xff64, 0x0}, 0xffffffffffffff36) openat$vim2m(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video35\x00', 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r2, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000180)={r2, &(0x7f00000001c0), 0x0}, 0x20) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000280)) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000), 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r6, 0x0, r6) r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video36\x00', 0x2, 0x0) ppoll(&(0x7f0000000140)=[{r7, 0x50}], 0x1, 0x0, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r8, 0x0, r8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYPTR=&(0x7f00000005c0)=ANY=[]], &(0x7f0000000140)=0x2) openat$vcs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vcs\x00', 0x10000, 0x0) recvfrom$rxrpc(0xffffffffffffffff, &(0x7f0000000200)=""/26, 0x1a, 0x40000163, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r9, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TLS_TX(r9, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x304, 0x20000034}, "6bea63cff55aec7d", "75bea4bcb36bc7a4a4faf61bfd571eb48d8c6566c900", "55d92655", "d83442a879c4a318"}, 0x38) socket$inet_icmp_raw(0x2, 0x3, 0x1) mq_getsetattr(r0, 0x0, &(0x7f00000003c0)) [ 437.179758][T10610] FAULT_INJECTION: forcing a failure. [ 437.179758][T10610] name failslab, interval 1, probability 0, space 0, times 0 [ 437.240698][T10610] CPU: 0 PID: 10610 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 437.250120][T10610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 437.261628][T10610] Call Trace: [ 437.265105][T10610] dump_stack+0x11d/0x181 [ 437.269671][T10610] should_fail.cold+0xa/0x1a [ 437.274372][T10610] __should_failslab+0xee/0x130 [ 437.281346][T10610] should_failslab+0x9/0x14 [ 437.286321][T10610] kmem_cache_alloc_node_trace+0x3b/0x670 [ 437.292251][T10610] ? __hw_addr_add_ex+0x1b0/0x210 [ 437.297339][T10610] __kmalloc_node+0x38/0x50 [ 437.301992][T10610] kvmalloc_node+0x71/0x100 [ 437.306508][T10610] alloc_netdev_mqs+0x498/0x890 [ 437.311430][T10610] ? ip6gre_tap_validate+0x1f0/0x1f0 [ 437.317385][T10610] rtnl_create_link+0x181/0x4f0 [ 437.323507][T10610] __rtnl_newlink+0xbe9/0x1010 [ 437.328481][T10610] ? preempt_schedule_irq+0x72/0x90 [ 437.333936][T10610] ? retint_kernel+0x1b/0x1b [ 437.338915][T10610] ? tomoyo_domain_quota_is_ok+0x247/0x2b0 [ 437.344762][T10610] ? __sanitizer_cov_trace_pc+0x48/0x50 [ 437.350306][T10610] ? tomoyo_profile+0x42/0x50 [ 437.355061][T10610] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 437.361492][T10610] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 437.370364][T10610] ? __rtnl_newlink+0x1010/0x1010 [ 437.378221][T10610] rtnl_newlink+0x63/0x90 [ 437.383986][T10610] rtnetlink_rcv_msg+0x1d3/0x500 [ 437.391074][T10610] ? __rcu_read_unlock+0x66/0x3c0 [ 437.396361][T10610] netlink_rcv_skb+0xb0/0x260 [ 437.401402][T10610] ? rtnl_calcit.isra.0+0x220/0x220 [ 437.406916][T10610] rtnetlink_rcv+0x26/0x30 [ 437.411428][T10610] netlink_unicast+0x354/0x430 [ 437.416487][T10610] netlink_sendmsg+0x456/0x770 [ 437.421262][T10610] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 437.426806][T10610] ? netlink_unicast+0x430/0x430 [ 437.432016][T10610] sock_sendmsg+0x9f/0xc0 [ 437.436514][T10610] ___sys_sendmsg+0x59d/0x5d0 [ 437.441289][T10610] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 437.447201][T10610] ? __fget+0xb8/0x1d0 [ 437.451348][T10610] ? __fget_light+0xaf/0x190 [ 437.455936][T10610] ? __fdget+0x2c/0x40 [ 437.460255][T10610] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 437.466632][T10610] __sys_sendmsg+0xa0/0x160 [ 437.471178][T10610] __x64_sys_sendmsg+0x51/0x70 [ 437.476406][T10610] do_syscall_64+0xcc/0x370 [ 437.481242][T10610] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 437.487218][T10610] RIP: 0033:0x45a639 [ 437.491133][T10610] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 437.511113][T10610] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 437.519812][T10610] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 [ 437.527863][T10610] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 437.535825][T10610] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 437.543789][T10610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 437.551819][T10610] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 02:31:31 executing program 4 (fault-call:1 fault-nth:7): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:31 executing program 0: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000180)={0x0, 0x2}) r0 = getpgrp(0x0) setpriority(0x0, r0, 0xffff) ptrace$getenv(0x4201, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1005, 0x0) ioctl$int_in(r1, 0x800060c0045006, &(0x7f0000000040)=0x100000035) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000880), 0x1000) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000d06000), 0x2a6) memfd_create(0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) prctl$PR_SET_PTRACER(0x59616d61, 0x0) timer_create(0x0, &(0x7f0000000380), 0x0) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$dmmidi(0x0, 0x5, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xae64, 0x0) 02:31:31 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000180)={0x0, 0x2}) r0 = gettid() rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000300)) r1 = getpgrp(r0) setpriority(0x0, r1, 0xffff) ptrace$getenv(0x4201, r1, 0x0, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000002c0)) syz_open_dev$dspn(0x0, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x89a2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) syz_open_dev$dspn(0x0, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x9, &(0x7f0000000000)=0x401, 0x4) setsockopt$inet_tcp_int(r2, 0x6, 0x0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) timer_create(0x0, 0x0, 0x0) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xae64, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 437.789876][T10629] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 437.859642][T10629] FAULT_INJECTION: forcing a failure. [ 437.859642][T10629] name failslab, interval 1, probability 0, space 0, times 0 [ 437.938547][T10629] CPU: 1 PID: 10629 Comm: syz-executor.4 Not tainted 5.4.0-rc7+ #0 [ 437.946487][T10629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 437.957434][T10629] Call Trace: [ 437.960829][T10629] dump_stack+0x11d/0x181 [ 437.965173][T10629] should_fail.cold+0xa/0x1a [ 437.970740][T10629] __should_failslab+0xee/0x130 [ 437.975907][T10629] should_failslab+0x9/0x14 [ 437.981050][T10629] kmem_cache_alloc_node_trace+0x3b/0x670 [ 437.991172][T10629] ? _get_random_bytes+0x114/0x270 [ 437.996721][T10629] __kmalloc_node+0x38/0x50 [ 438.001640][T10629] kvmalloc_node+0x71/0x100 [ 438.001712][T10629] alloc_netdev_mqs+0x5f1/0x890 [ 438.013454][T10629] ? ip6erspan_tap_init+0x360/0x360 [ 438.018781][T10629] rtnl_create_link+0x181/0x4f0 [ 438.024018][T10629] __rtnl_newlink+0xbe9/0x1010 [ 438.029234][T10629] ? __schedule+0x31e/0x690 [ 438.033806][T10629] ? preempt_schedule_irq+0x72/0x90 [ 438.039020][T10629] ? retint_kernel+0x1b/0x1b [ 438.043653][T10629] ? tomoyo_domain_quota_is_ok+0x220/0x2b0 [ 438.049482][T10629] ? tomoyo_profile+0x42/0x50 [ 438.054161][T10629] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 438.060879][T10629] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 438.067080][T10629] ? ns_capable_common+0xa0/0xc0 [ 438.072396][T10629] ? __rtnl_newlink+0x1010/0x1010 [ 438.077605][T10629] rtnl_newlink+0x63/0x90 [ 438.081986][T10629] rtnetlink_rcv_msg+0x1d3/0x500 [ 438.086961][T10629] ? __rcu_read_unlock+0x66/0x3c0 [ 438.092072][T10629] netlink_rcv_skb+0xb0/0x260 [ 438.097003][T10629] ? rtnl_calcit.isra.0+0x220/0x220 [ 438.102476][T10629] rtnetlink_rcv+0x26/0x30 [ 438.107410][T10629] netlink_unicast+0x354/0x430 [ 438.113448][T10629] netlink_sendmsg+0x456/0x770 [ 438.118819][T10629] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 438.126104][T10629] ? netlink_unicast+0x430/0x430 [ 438.131051][T10629] sock_sendmsg+0x9f/0xc0 [ 438.135478][T10629] ___sys_sendmsg+0x59d/0x5d0 [ 438.140157][T10629] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 438.146061][T10629] ? __fget+0xb8/0x1d0 [ 438.150143][T10629] ? __fget_light+0xaf/0x190 [ 438.154737][T10629] ? __fdget+0x2c/0x40 [ 438.159066][T10629] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 438.165482][T10629] __sys_sendmsg+0xa0/0x160 [ 438.170083][T10629] __x64_sys_sendmsg+0x51/0x70 [ 438.175029][T10629] do_syscall_64+0xcc/0x370 [ 438.179540][T10629] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.185453][T10629] RIP: 0033:0x45a639 [ 438.189500][T10629] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 438.210146][T10629] RSP: 002b:00007f8fe3174c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 438.218964][T10629] RAX: ffffffffffffffda RBX: 00007f8fe3174c90 RCX: 000000000045a639 [ 438.227108][T10629] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 02:31:32 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x28000000) r0 = mq_open(&(0x7f00000002c0)='\\\xf7\xa0\xcc\x16H-o\x007\xe6\xb3\x1a\x8eiz\xdd06P\xd4\x88\x00s\xefu\xdfa\x01y\xde\xc26\xaa\x04\xe9F\x87y\xba\a\x00\x00\x00\x00\x00\x00\x005\x98U\xb4\x9b\x88\x9b\xb5\xe4\x9b5\x8ey:oz\xf5\'f\xd6\xfe\x93\xca\x06r\xac\x1b\x8a\x87\xcafw\xd5\"\x0f\xb7|\xb6\x13\xb3\xdb\x91\x04\xd1j\xa1\xcal\xc7jt\xe7\xbdK\xdcR&u{\x03\xf8[\x01\x03$Wl@\xc1\xc8e\\s\x9f\xc1\xa6\x8d\xf5\xe2\xbc\xb6\xe5\xedF\xc8(\x9eH\xeau\xe7\x85\xeb]d\x97\xcd#;\x10\xb9\x182\xcf^1v|\x1cA\x9dFF\xcd\x88?%', 0x6e93ebbbc80884f2, 0x54, 0x0) syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x0, 0x2c59c2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x1000000000000, &(0x7f0000000000)={0x2, 0x800000000000004, 0x0, 0x28ad, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x0, 0x5, 0x7, 0xd}, 0x3c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x9, 0x4, 0x100000001, 0x0, r1}, 0x3c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0xff64, 0x0}, 0xffffffffffffff36) openat$vim2m(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video35\x00', 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r2, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000180)={r2, &(0x7f00000001c0), 0x0}, 0x20) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000280)) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000), 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r6, 0x0, r6) r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video36\x00', 0x2, 0x0) ppoll(&(0x7f0000000140)=[{r7, 0x50}], 0x1, 0x0, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r8, 0x0, r8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYPTR=&(0x7f00000005c0)=ANY=[]], &(0x7f0000000140)=0x2) openat$vcs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vcs\x00', 0x10000, 0x0) recvfrom$rxrpc(0xffffffffffffffff, &(0x7f0000000200)=""/26, 0x1a, 0x40000163, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r9, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TLS_TX(r9, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x304, 0x20000034}, "6bea63cff55aec7d", "75bea4bcb36bc7a4a4faf61bfd571eb48d8c6566c900", "55d92655", "d83442a879c4a318"}, 0x38) socket$inet_icmp_raw(0x2, 0x3, 0x1) mq_getsetattr(r0, 0x0, &(0x7f00000003c0)) [ 438.235174][T10629] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 438.243144][T10629] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8fe31756d4 [ 438.251109][T10629] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 438.283823][ T25] audit: type=1804 audit(1574476292.265:88): pid=10625 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/144/file0" dev="sda1" ino=16852 res=1 02:31:32 executing program 4 (fault-call:1 fault-nth:8): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:32 executing program 2 (fault-call:1 fault-nth:7): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:32 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x28000000) r0 = mq_open(&(0x7f00000002c0)='\\\xf7\xa0\xcc\x16H-o\x007\xe6\xb3\x1a\x8eiz\xdd06P\xd4\x88\x00s\xefu\xdfa\x01y\xde\xc26\xaa\x04\xe9F\x87y\xba\a\x00\x00\x00\x00\x00\x00\x005\x98U\xb4\x9b\x88\x9b\xb5\xe4\x9b5\x8ey:oz\xf5\'f\xd6\xfe\x93\xca\x06r\xac\x1b\x8a\x87\xcafw\xd5\"\x0f\xb7|\xb6\x13\xb3\xdb\x91\x04\xd1j\xa1\xcal\xc7jt\xe7\xbdK\xdcR&u{\x03\xf8[\x01\x03$Wl@\xc1\xc8e\\s\x9f\xc1\xa6\x8d\xf5\xe2\xbc\xb6\xe5\xedF\xc8(\x9eH\xeau\xe7\x85\xeb]d\x97\xcd#;\x10\xb9\x182\xcf^1v|\x1cA\x9dFF\xcd\x88?%', 0x6e93ebbbc80884f2, 0x54, 0x0) syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x0, 0x2c59c2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x1000000000000, &(0x7f0000000000)={0x2, 0x800000000000004, 0x0, 0x28ad, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x0, 0x5, 0x7, 0xd}, 0x3c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x9, 0x4, 0x100000001, 0x0, r1}, 0x3c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0xff64, 0x0}, 0xffffffffffffff36) openat$vim2m(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video35\x00', 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r2, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000180)={r2, &(0x7f00000001c0), 0x0}, 0x20) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000280)) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000), 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r6, 0x0, r6) r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video36\x00', 0x2, 0x0) ppoll(&(0x7f0000000140)=[{r7, 0x50}], 0x1, 0x0, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r8, 0x0, r8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYPTR=&(0x7f00000005c0)=ANY=[]], &(0x7f0000000140)=0x2) openat$vcs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vcs\x00', 0x10000, 0x0) recvfrom$rxrpc(0xffffffffffffffff, &(0x7f0000000200)=""/26, 0x1a, 0x40000163, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r9, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TLS_TX(r9, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x304, 0x20000034}, "6bea63cff55aec7d", "75bea4bcb36bc7a4a4faf61bfd571eb48d8c6566c900", "55d92655", "d83442a879c4a318"}, 0x38) socket$inet_icmp_raw(0x2, 0x3, 0x1) mq_getsetattr(r0, 0x0, &(0x7f00000003c0)) [ 438.535513][T10651] FAULT_INJECTION: forcing a failure. [ 438.535513][T10651] name failslab, interval 1, probability 0, space 0, times 0 [ 438.567327][T10651] CPU: 1 PID: 10651 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 02:31:32 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x28000000) r0 = mq_open(&(0x7f00000002c0)='\\\xf7\xa0\xcc\x16H-o\x007\xe6\xb3\x1a\x8eiz\xdd06P\xd4\x88\x00s\xefu\xdfa\x01y\xde\xc26\xaa\x04\xe9F\x87y\xba\a\x00\x00\x00\x00\x00\x00\x005\x98U\xb4\x9b\x88\x9b\xb5\xe4\x9b5\x8ey:oz\xf5\'f\xd6\xfe\x93\xca\x06r\xac\x1b\x8a\x87\xcafw\xd5\"\x0f\xb7|\xb6\x13\xb3\xdb\x91\x04\xd1j\xa1\xcal\xc7jt\xe7\xbdK\xdcR&u{\x03\xf8[\x01\x03$Wl@\xc1\xc8e\\s\x9f\xc1\xa6\x8d\xf5\xe2\xbc\xb6\xe5\xedF\xc8(\x9eH\xeau\xe7\x85\xeb]d\x97\xcd#;\x10\xb9\x182\xcf^1v|\x1cA\x9dFF\xcd\x88?%', 0x6e93ebbbc80884f2, 0x54, 0x0) syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x0, 0x2c59c2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x1000000000000, &(0x7f0000000000)={0x2, 0x800000000000004, 0x0, 0x28ad, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x0, 0x5, 0x7, 0xd}, 0x3c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x9, 0x4, 0x100000001, 0x0, r1}, 0x3c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0xff64, 0x0}, 0xffffffffffffff36) openat$vim2m(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video35\x00', 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r2, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000180)={r2, &(0x7f00000001c0), 0x0}, 0x20) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000280)) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000000), 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r6, 0x0, r6) r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video36\x00', 0x2, 0x0) ppoll(&(0x7f0000000140)=[{r7, 0x50}], 0x1, 0x0, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r8, 0x0, r8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000080)=ANY=[@ANYRES32=0x0, @ANYPTR=&(0x7f00000005c0)=ANY=[]], &(0x7f0000000140)=0x2) openat$vcs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vcs\x00', 0x10000, 0x0) recvfrom$rxrpc(0xffffffffffffffff, &(0x7f0000000200)=""/26, 0x1a, 0x40000163, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r9, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TLS_TX(r9, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x304, 0x20000034}, "6bea63cff55aec7d", "75bea4bcb36bc7a4a4faf61bfd571eb48d8c6566c900", "55d92655", "d83442a879c4a318"}, 0x38) socket$inet_icmp_raw(0x2, 0x3, 0x1) mq_getsetattr(r0, 0x0, &(0x7f00000003c0)) [ 438.575978][T10651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 438.586316][T10651] Call Trace: [ 438.589645][T10651] dump_stack+0x11d/0x181 [ 438.594011][T10651] should_fail.cold+0xa/0x1a [ 438.598902][T10651] __should_failslab+0xee/0x130 [ 438.603877][T10651] should_failslab+0x9/0x14 [ 438.608525][T10651] kmem_cache_alloc_node_trace+0x3b/0x670 [ 438.614449][T10651] ? __hw_addr_add_ex+0x1b0/0x210 [ 438.619845][T10651] __kmalloc_node+0x38/0x50 [ 438.625240][T10651] kvmalloc_node+0x71/0x100 [ 438.629860][T10651] alloc_netdev_mqs+0x5f1/0x890 [ 438.634957][T10651] ? ip6gre_tap_validate+0x1f0/0x1f0 [ 438.640348][T10651] rtnl_create_link+0x181/0x4f0 [ 438.645300][T10651] __rtnl_newlink+0xbe9/0x1010 [ 438.650129][T10651] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 438.656527][T10651] ? debug_smp_processor_id+0x4c/0x172 [ 438.662236][T10651] ? delay_tsc+0x8f/0xc0 [ 438.666587][T10651] ? __const_udelay+0x36/0x40 [ 438.671362][T10651] ? __udelay+0x10/0x20 [ 438.675543][T10651] ? tomoyo_profile+0x42/0x50 [ 438.680277][T10651] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 438.686570][T10651] ? tomoyo_domain_quota_is_ok+0x1e1/0x2b0 [ 438.692449][T10651] ? __rtnl_newlink+0x1010/0x1010 [ 438.698261][T10651] rtnl_newlink+0x63/0x90 [ 438.702616][T10651] rtnetlink_rcv_msg+0x1d3/0x500 [ 438.707587][T10651] ? __rcu_read_unlock+0x66/0x3c0 [ 438.712628][T10651] netlink_rcv_skb+0xb0/0x260 [ 438.717412][T10651] ? rtnl_calcit.isra.0+0x220/0x220 [ 438.722701][T10651] rtnetlink_rcv+0x26/0x30 [ 438.727136][T10651] netlink_unicast+0x354/0x430 02:31:32 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) [ 438.732021][T10651] netlink_sendmsg+0x456/0x770 [ 438.736806][T10651] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 438.742381][T10651] ? netlink_unicast+0x430/0x430 [ 438.747326][T10651] sock_sendmsg+0x9f/0xc0 [ 438.751664][T10651] ___sys_sendmsg+0x59d/0x5d0 [ 438.756355][T10651] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 438.763005][T10651] ? __fget+0xb8/0x1d0 [ 438.767413][T10651] ? __fget_light+0xaf/0x190 [ 438.772071][T10651] ? __fdget+0x2c/0x40 [ 438.776513][T10651] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 438.782906][T10651] __sys_sendmsg+0xa0/0x160 [ 438.787454][T10651] __x64_sys_sendmsg+0x51/0x70 [ 438.792345][T10651] do_syscall_64+0xcc/0x370 [ 438.796903][T10651] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 438.803037][T10651] RIP: 0033:0x45a639 [ 438.807394][T10651] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 438.827448][T10651] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 438.835894][T10651] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 [ 438.844054][T10651] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 438.852039][T10651] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 438.860041][T10651] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 438.868034][T10651] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 438.890755][T10664] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 02:31:32 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x3, &(0x7f0000000040)={0x0, 'vlan0\x00'}, 0x18) 02:31:33 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='gid_map\x00') 02:31:33 executing program 2 (fault-call:1 fault-nth:8): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:33 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:33 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) 02:31:33 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffdffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x200000000011, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r2, 0x0, 0xfea2, 0x20000802, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 02:31:33 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'team0\x00', 0x2}, 0x18) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000240)='/dev/vbi#\x00', 0x1, 0x2) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x200) write$cgroup_type(r5, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r5, 0x3, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa, 0x6}) r6 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r6, 0x4, 0x42000) r7 = eventfd(0x5) r8 = socket$l2tp(0x18, 0x1, 0x1) r9 = creat(&(0x7f0000000080)='./file0\x00', 0x200) ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000000)) write$cgroup_type(r9, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r9, 0x0, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r9, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa}) r10 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r10, 0x0, 0x2, 0x0) io_submit(0x0, 0x6, &(0x7f0000000700)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x8001, r2, &(0x7f0000000140)="94e9344f9a4458d32b3fa90f1d2f3c937d560bf9c453320a3c848ebeb5240e7c3949c14af7c6c5a6f6383ad54347a5bb7f47f0383c31a96dc705db970839a4d2ce34a4c202e64eda810d038f99ba37cd762c3c784ecbc8144ba637ed5289e1ebfb3e8bf9ddeb66553b21150dad198666b178ca6557e8c3776f48906f44ccf83454fa34188e657af9d705698785b279d2912a296ac4663beb0e9b7c2f54f779bc17122799d1aab86fe2c0cfdfc6ef3cec8e18389ba1e2acbd7168dba7d48e0025483f7420bc280a1d690254ca3bee77af57db2e3929ca25020a8ab817906279d1dbbd529a125b99d560bbc34fe404826670953b78bd4ac42ad24aae9cc0", 0xfd, 0x0, 0x0, 0x2, r3}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x8001, r4, &(0x7f00000002c0)="a6b48276", 0x4, 0x40, 0x0, 0x0, r5}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x7, 0x0, r6, &(0x7f0000000340)="757647922a6a3c1becbe554387ff4bb8005a2080307f4650641638d84a7c90beb7d6a8c0c20a29b358b1ede1c4bbd5810a5defd45da1f7a153aeafc53b53ddba53e6969c45f75b603e842f53112f0c4d066c73f90a35dcc68a39c5e70b8d547a3496a298eeac617206342646b82de9b2c478b5ad003e8f5f430ed6e0d8bb253089c89ea4bb47511415d0039ed5af364976ac463893c8801cc336be78ba704fb435b6693c3eb283646ac941e9bfd9162ed58c2157c4ce054dad47eb1e86056d394e03088054d2479d965766c003e88387041d9a08f93756143adaf193cfab2699307885c5764eaa83954b736f8a77dd2c9fdb484c4f503cef", 0xf8, 0x6, 0x0, 0x2, r7}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x7, r8, &(0x7f0000000480)="b66e783dc3bae4fbb5b0649931cd794b8cee0f90bf80ea4aef4c38b895b1a474e3ac748dc877fd7bd7e566c93e4c65167e521052", 0x34, 0x0, 0x0, 0x1, r9}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3f, r0, 0x0, 0x0, 0x0, 0x0, 0x7b5b95f78afd6518}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, &(0x7f0000000640)="dbd983f8c2586f143549f91949f26a5555cad83579bedf2e398a324873af740a2d6e6b4006", 0x25, 0x8001, 0x0, 0x3, r10}]) r11 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r11, 0x4040ae77, &(0x7f0000000000)) r12 = dup(r11) ioctl$KVM_SET_PIT2(r12, 0xae64, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000080)=""/32, 0x20) [ 439.291879][T10680] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 439.361054][T10681] FAULT_INJECTION: forcing a failure. [ 439.361054][T10681] name failslab, interval 1, probability 0, space 0, times 0 [ 439.394027][T10681] CPU: 0 PID: 10681 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 439.402002][T10681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 439.412063][T10681] Call Trace: [ 439.412092][T10681] dump_stack+0x11d/0x181 [ 439.412304][T10681] should_fail.cold+0xa/0x1a [ 439.425303][T10681] __should_failslab+0xee/0x130 [ 439.430687][T10681] should_failslab+0x9/0x14 [ 439.430747][T10681] kmem_cache_alloc_node+0x39/0x660 [ 439.440620][T10681] ? __read_once_size+0xea/0x110 [ 439.445658][T10681] __alloc_skb+0x8e/0x360 [ 439.449993][T10681] netlink_ack+0x19d/0x680 [ 439.454481][T10681] netlink_rcv_skb+0x22a/0x260 [ 439.459583][T10681] ? rtnl_calcit.isra.0+0x220/0x220 [ 439.465347][T10681] rtnetlink_rcv+0x26/0x30 [ 439.469811][T10681] netlink_unicast+0x354/0x430 [ 439.474810][T10681] netlink_sendmsg+0x456/0x770 [ 439.479692][T10681] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 439.485527][T10681] ? netlink_unicast+0x430/0x430 [ 439.490479][T10681] sock_sendmsg+0x9f/0xc0 [ 439.495419][T10681] ___sys_sendmsg+0x59d/0x5d0 [ 439.500111][T10681] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 439.506073][T10681] ? __fget+0xb8/0x1d0 [ 439.511152][T10681] ? __fget_light+0xaf/0x190 [ 439.515872][T10681] ? __fdget+0x2c/0x40 [ 439.520037][T10681] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 439.526314][T10681] __sys_sendmsg+0xa0/0x160 [ 439.530835][T10681] __x64_sys_sendmsg+0x51/0x70 [ 439.535631][T10681] do_syscall_64+0xcc/0x370 [ 439.540149][T10681] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 439.546054][T10681] RIP: 0033:0x45a639 [ 439.550108][T10681] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 439.570968][T10681] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 439.571221][ T25] audit: type=1804 audit(1574476293.375:89): pid=10695 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/145/file0" dev="sda1" ino=16875 res=1 [ 439.581265][T10681] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 [ 439.581286][T10681] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 439.623053][T10681] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 439.631436][T10681] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 439.639433][T10681] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 02:31:33 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:33 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="140000001d008104e00f80ecdb4cb9d902631912", 0x14}], 0x1}, 0x0) 02:31:33 executing program 3: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="a3", 0x1}], 0x1) write(r0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000785000), 0x34a) writev(r0, &(0x7f00000013c0)=[{&(0x7f00000000c0)="da", 0x1}], 0x1) sendmmsg$alg(r1, &(0x7f0000236fc8)=[{0x8004000, 0x0, 0x0}], 0x1, 0x0) 02:31:33 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={0x0, @in6={{0x2, 0x0, 0x0, @loopback}}, 0x0, 0x6800, 0x0, 0x0, 0x30d}, 0x9c) 02:31:33 executing program 2 (fault-call:1 fault-nth:9): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) [ 439.810799][T10702] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 02:31:33 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) [ 440.028176][T10711] FAULT_INJECTION: forcing a failure. [ 440.028176][T10711] name failslab, interval 1, probability 0, space 0, times 0 [ 440.072721][T10719] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 440.130310][T10711] CPU: 0 PID: 10711 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 440.138256][T10711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 440.148383][T10711] Call Trace: [ 440.151703][T10711] dump_stack+0x11d/0x181 [ 440.156132][T10711] should_fail.cold+0xa/0x1a [ 440.167973][T10711] __should_failslab+0xee/0x130 [ 440.173039][T10711] should_failslab+0x9/0x14 [ 440.178245][T10711] kmem_cache_alloc_node_trace+0x3b/0x670 [ 440.184003][T10711] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 440.190497][T10711] ? memcg_kmem_put_cache+0x91/0xe0 [ 440.195830][T10711] __kmalloc_node_track_caller+0x38/0x50 [ 440.195933][T10711] __kmalloc_reserve.isra.0+0x49/0xd0 [ 440.207011][T10711] __alloc_skb+0xc2/0x360 [ 440.211374][T10711] netlink_ack+0x19d/0x680 [ 440.215919][T10711] netlink_rcv_skb+0x22a/0x260 [ 440.220713][T10711] ? rtnl_calcit.isra.0+0x220/0x220 [ 440.225927][T10711] rtnetlink_rcv+0x26/0x30 [ 440.230412][T10711] netlink_unicast+0x354/0x430 [ 440.235197][T10711] netlink_sendmsg+0x456/0x770 [ 440.239999][T10711] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 440.245665][T10711] ? netlink_unicast+0x430/0x430 [ 440.245682][T10711] sock_sendmsg+0x9f/0xc0 [ 440.245706][T10711] ___sys_sendmsg+0x59d/0x5d0 [ 440.260128][T10711] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 440.266126][T10711] ? __fget+0xb8/0x1d0 [ 440.270230][T10711] ? __fget_light+0xaf/0x190 [ 440.274840][T10711] ? __fdget+0x2c/0x40 [ 440.278981][T10711] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 440.285272][T10711] __sys_sendmsg+0xa0/0x160 [ 440.289872][T10711] __x64_sys_sendmsg+0x51/0x70 [ 440.294677][T10711] do_syscall_64+0xcc/0x370 [ 440.299359][T10711] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 440.305305][T10711] RIP: 0033:0x45a639 [ 440.309351][T10711] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:31:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/\x00', 0x10000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:31:34 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={0x0, @in6={{0x2, 0x0, 0x0, @loopback}}, 0x0, 0x6800, 0x0, 0x0, 0x30d}, 0x9c) 02:31:34 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") socket$inet6(0xa, 0x8000008000080003, 0x9) 02:31:34 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x4, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:34 executing program 0: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffa7) r2 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) [ 440.329410][T10711] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 440.338253][T10711] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 [ 440.346346][T10711] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 440.354322][T10711] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 440.362316][T10711] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 440.370479][T10711] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 440.456296][T10727] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 440.467736][ T25] audit: type=1800 audit(1574476294.445:90): pid=10734 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16877 res=0 02:31:34 executing program 3: r0 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x105082) fallocate(r0, 0x11, 0x0, 0x100000001) socketpair$unix(0x1, 0x5, 0x0, 0x0) getpid() getgid() lsetxattr$system_posix_acl(0x0, &(0x7f0000000300)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) r1 = getpid() sched_setattr(r1, 0x0, 0x0) getgid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) getgid() lsetxattr$system_posix_acl(&(0x7f0000000340)='./bus\x00', 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0200000001000100", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES32=0x0], 0x7, 0x0) getgid() getgid() lsetxattr$system_posix_acl(0x0, &(0x7f0000000300)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) getgid() getgroups(0x0, 0x0) creat(&(0x7f0000001880)='./file0\x00', 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) setuid(0x0) mount$fuse(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000180)='fuse\x00', 0x0, 0x0) lstat(0x0, 0x0) getpid() openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000640)={'syz1\x00', {}, 0x51}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) sched_setattr(0x0, &(0x7f0000000040)={0x30}, 0x0) getresgid(0x0, 0x0, 0x0) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) getegid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000034c0)) getpid() getpgid(0x0) creat(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000300)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) getgid() openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r2 = getpid() getpgid(r2) getuid() eventfd(0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(r3, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000640)={'syz1\x00'}, 0x45c) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000036c0)) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) ioctl$UI_DEV_CREATE(r4, 0x5501) getpid() lstat(&(0x7f0000004e40)='./file0\x00', 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) getgid() getpid() ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x5421, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fstat(0xffffffffffffffff, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r6) getgid() lsetxattr$system_posix_acl(&(0x7f0000000340)='./bus\x00', 0x0, 0x0, 0x0, 0x0) getgid() lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) getgid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000006580), 0x0) syz_open_procfs(0x0, 0x0) creat(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$vcsn(0x0, 0x0, 0x0) getgid() ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x5421, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) fstat(0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), 0x0) setuid(0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000640)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000008440)) lsetxattr$system_posix_acl(&(0x7f0000000340)='./bus\x00', 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='mem\x00\x01y7\x89\xc9B\xab\xe3\xfa\x00\xef\x82\xb1^\x1d\xf5\x03\xcb\xc5\xc2@\xf4\x93\xe5\xd7s\xe4\x0e\x8b\xd2\b\xa9\"\x150\xe7-\x86\xb5\n\xee\xe6\xe8\x12\x0e\xff\xa1:\xc4\xc2\xf3\x84q\xa5\nJ\x1d\xd5\x10\xc8=\xbe\xc8\xdd\xb2r\xff\xa6\x92\xc9\xd9\x0fBNm\xaa\x7f\xd9GO\"2\x18\xf6\xbc\xfc\xac\xa4\x90\xa15\x81B:z\xb7w\x81=A\xd5yr0\r\xa7v\x10d\xb6\xe5Q\xae\xf9W\xc8\x93\xe8\x06O\x87k8I\xa6\xbb\xee\xea\xd0\x14B\xa5D\xa0\x00Q\x88\xc2\xd6\x1f\xcdo\xcb\x13\f{I^\xdc:P\xef\x01\v\x0eRZl\x926eUA\xc4\xe8\xb6\xdb\x99\xda\xf5\x9eE\xde\x11', 0x0, 0x0) [ 440.511739][ T25] audit: type=1804 audit(1574476294.485:91): pid=10739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/145/file0" dev="sda1" ino=16877 res=1 02:31:34 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) [ 440.585120][ T25] audit: type=1804 audit(1574476294.565:92): pid=10739 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/145/file0" dev="sda1" ino=16877 res=1 02:31:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'team0\x00', 0x2}, 0x18) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000240)='/dev/vbi#\x00', 0x1, 0x2) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) r7 = creat(&(0x7f0000000080)='./file0\x00', 0x200) write$cgroup_type(r7, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r7, 0x3, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r7, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa, 0x6}) r8 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r8, 0x4, 0x42000) r9 = eventfd(0x5) r10 = socket$l2tp(0x18, 0x1, 0x1) r11 = creat(&(0x7f0000000080)='./file0\x00', 0x200) ioctl$FS_IOC_SETFLAGS(r11, 0x40086602, &(0x7f0000000000)) write$cgroup_type(r11, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r11, 0x0, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r11, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa}) r12 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r12, 0x0, 0x2, 0x0) io_submit(0x0, 0x6, &(0x7f0000000700)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x8001, r4, &(0x7f0000000140)="94e9344f9a4458d32b3fa90f1d2f3c937d560bf9c453320a3c848ebeb5240e7c3949c14af7c6c5a6f6383ad54347a5bb7f47f0383c31a96dc705db970839a4d2ce34a4c202e64eda810d038f99ba37cd762c3c784ecbc8144ba637ed5289e1ebfb3e8bf9ddeb66553b21150dad198666b178ca6557e8c3776f48906f44ccf83454fa34188e657af9d705698785b279d2912a296ac4663beb0e9b7c2f54f779bc17122799d1aab86fe2c0cfdfc6ef3cec8e18389ba1e2acbd7168dba7d48e0025483f7420bc280a1d690254ca3bee77af57db2e3929ca25020a8ab817906279d1dbbd529a125b99d560bbc34fe404826670953b78bd4ac42ad24aae9cc0", 0xfd, 0x0, 0x0, 0x2, r5}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x8001, r6, &(0x7f00000002c0)="a6b48276", 0x4, 0x40, 0x0, 0x0, r7}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x7, 0x0, r8, &(0x7f0000000340)="757647922a6a3c1becbe554387ff4bb8005a2080307f4650641638d84a7c90beb7d6a8c0c20a29b358b1ede1c4bbd5810a5defd45da1f7a153aeafc53b53ddba53e6969c45f75b603e842f53112f0c4d066c73f90a35dcc68a39c5e70b8d547a3496a298eeac617206342646b82de9b2c478b5ad003e8f5f430ed6e0d8bb253089c89ea4bb47511415d0039ed5af364976ac463893c8801cc336be78ba704fb435b6693c3eb283646ac941e9bfd9162ed58c2157c4ce054dad47eb1e86056d394e03088054d2479d965766c003e88387041d9a08f93756143adaf193cfab2699307885c5764eaa83954b736f8a77dd2c9fdb484c4f503cef", 0xf8, 0x6, 0x0, 0x2, r9}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x7, r10, &(0x7f0000000480)="b66e783dc3bae4fbb5b0649931cd794b8cee0f90bf80ea4aef4c38b895b1a474e3ac748dc877fd7bd7e566c93e4c65167e521052", 0x34, 0x0, 0x0, 0x1, r11}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3f, r2, 0x0, 0x0, 0x0, 0x0, 0x7b5b95f78afd6518}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, &(0x7f0000000640)="dbd983f8c2586f143549f91949f26a5555cad83579bedf2e398a324873af740a2d6e6b4006", 0x25, 0x8001, 0x0, 0x3, r12}]) ioctl$ASHMEM_GET_PIN_STATUS(r7, 0x7709, 0x0) r13 = dup(r1) ioctl$KVM_SET_PIT2(r13, 0xae64, 0x0) 02:31:34 executing program 2 (fault-call:1 fault-nth:10): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) [ 440.709240][T10745] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 02:31:34 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) setxattr$trusted_overlay_opaque(&(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000000c0)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x2) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x7fffffa7) r3 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r3, r1, 0x0, 0xffffffff) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000500)='sysfs\x00', 0x0, 0x0) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) geteuid() open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 02:31:34 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x6, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) [ 440.929836][T10758] FAULT_INJECTION: forcing a failure. [ 440.929836][T10758] name failslab, interval 1, probability 0, space 0, times 0 [ 440.970529][ T25] audit: type=1800 audit(1574476294.945:93): pid=10759 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16881 res=0 [ 441.002336][T10758] CPU: 1 PID: 10758 Comm: syz-executor.2 Not tainted 5.4.0-rc7+ #0 [ 441.010413][T10758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 441.020606][T10758] Call Trace: [ 441.023598][ T25] audit: type=1804 audit(1574476294.975:94): pid=10759 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir965311426/syzkaller.d2ypf9/140/file0" dev="sda1" ino=16881 res=1 [ 441.024162][T10758] dump_stack+0x11d/0x181 [ 441.024214][T10758] should_fail.cold+0xa/0x1a [ 441.057919][T10758] __should_failslab+0xee/0x130 [ 441.062790][T10758] should_failslab+0x9/0x14 [ 441.067423][T10758] kmem_cache_alloc+0x29/0x5d0 [ 441.072274][T10758] skb_clone+0xf9/0x290 [ 441.076810][T10758] netlink_deliver_tap+0x428/0x4a0 [ 441.081926][T10758] ? netlink_attachskb+0x19d/0x3f0 [ 441.087107][T10758] __netlink_sendskb+0x41/0x80 [ 441.091879][T10758] netlink_unicast+0x3f5/0x430 [ 441.096661][T10758] netlink_ack+0x38b/0x680 [ 441.101154][T10758] netlink_rcv_skb+0x22a/0x260 [ 441.105959][T10758] ? rtnl_calcit.isra.0+0x220/0x220 [ 441.111175][T10758] rtnetlink_rcv+0x26/0x30 [ 441.115681][T10758] netlink_unicast+0x354/0x430 [ 441.116676][ T25] audit: type=1804 audit(1574476295.095:95): pid=10765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/147/file0" dev="sda1" ino=16880 res=1 [ 441.120517][T10758] netlink_sendmsg+0x456/0x770 [ 441.120544][T10758] ? aa_sock_msg_perm.isra.0+0xa5/0x140 [ 441.155439][T10758] ? netlink_unicast+0x430/0x430 [ 441.160582][T10758] sock_sendmsg+0x9f/0xc0 [ 441.164943][T10758] ___sys_sendmsg+0x59d/0x5d0 [ 441.169651][T10758] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 441.175623][T10758] ? __fget+0xb8/0x1d0 [ 441.179798][T10758] ? __fget_light+0xaf/0x190 [ 441.184506][T10758] ? __fdget+0x2c/0x40 [ 441.188586][T10758] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 441.194848][T10758] __sys_sendmsg+0xa0/0x160 [ 441.199359][T10758] __x64_sys_sendmsg+0x51/0x70 [ 441.204143][T10758] do_syscall_64+0xcc/0x370 [ 441.208650][T10758] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 441.208661][T10758] RIP: 0033:0x45a639 [ 441.208747][T10758] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 441.208768][T10758] RSP: 002b:00007f7f5c9adc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 441.215112][T10762] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 441.218544][T10758] RAX: ffffffffffffffda RBX: 00007f7f5c9adc90 RCX: 000000000045a639 02:31:35 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x0, 0x0) [ 441.218555][T10758] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 441.218565][T10758] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 441.218575][T10758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f5c9ae6d4 [ 441.218598][T10758] R13: 00000000004c8d75 R14: 00000000004df5e0 R15: 0000000000000004 [ 441.307018][ T25] audit: type=1804 audit(1574476295.285:96): pid=10764 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir965311426/syzkaller.d2ypf9/140/file0" dev="sda1" ino=16881 res=1 02:31:35 executing program 5: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffa7) [ 441.371795][ T25] audit: type=1804 audit(1574476295.285:97): pid=10766 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir965311426/syzkaller.d2ypf9/140/file0" dev="sda1" ino=16881 res=1 [ 441.404056][ T25] audit: type=1804 audit(1574476295.285:98): pid=10763 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir965311426/syzkaller.d2ypf9/140/file0" dev="sda1" ino=16881 res=1 02:31:35 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x7, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:35 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x15, 0x10, 0x8000000000000003}, 0x3c) 02:31:35 executing program 0: clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'em1', 0x20, 0xdfc}, 0xfffffffffffffff5, 0xfffffffffffffffd) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe) dup(0xffffffffffffffff) keyctl$update(0x2, r0, &(0x7f0000000000)="fd", 0x1) 02:31:35 executing program 2 (fault-call:1 fault-nth:11): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) [ 441.696168][T10789] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 441.710879][T10791] encrypted_key: insufficient parameters specified [ 441.720862][T10795] encrypted_key: insufficient parameters specified 02:31:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:35 executing program 0: clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'em1', 0x20, 0xdfc}, 0xfffffffffffffff5, 0xfffffffffffffffd) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x1f1, 0xfffffffffffffffe) dup(0xffffffffffffffff) keyctl$update(0x2, r0, &(0x7f0000000000)="fd", 0x1) 02:31:35 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0xa, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:35 executing program 3: syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x90a, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x0, 0x1) ioctl$USBDEVFS_IOCTL(r0, 0xc00c5512, &(0x7f0000000240)=@usbdevfs_driver={0x0, 0x5517, &(0x7f0000001280)}) 02:31:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) dup(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'team0\x00', 0x2}, 0x18) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000240)='/dev/vbi#\x00', 0x1, 0x2) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) r7 = creat(&(0x7f0000000080)='./file0\x00', 0x200) write$cgroup_type(r7, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r7, 0x3, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r7, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa, 0x6}) r8 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r8, 0x4, 0x42000) r9 = eventfd(0x5) r10 = socket$l2tp(0x18, 0x1, 0x1) r11 = creat(&(0x7f0000000080)='./file0\x00', 0x200) ioctl$FS_IOC_SETFLAGS(r11, 0x40086602, &(0x7f0000000000)) write$cgroup_type(r11, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r11, 0x0, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r11, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa}) r12 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r12, 0x0, 0x2, 0x0) io_submit(0x0, 0x6, &(0x7f0000000700)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x8001, r4, &(0x7f0000000140)="94e9344f9a4458d32b3fa90f1d2f3c937d560bf9c453320a3c848ebeb5240e7c3949c14af7c6c5a6f6383ad54347a5bb7f47f0383c31a96dc705db970839a4d2ce34a4c202e64eda810d038f99ba37cd762c3c784ecbc8144ba637ed5289e1ebfb3e8bf9ddeb66553b21150dad198666b178ca6557e8c3776f48906f44ccf83454fa34188e657af9d705698785b279d2912a296ac4663beb0e9b7c2f54f779bc17122799d1aab86fe2c0cfdfc6ef3cec8e18389ba1e2acbd7168dba7d48e0025483f7420bc280a1d690254ca3bee77af57db2e3929ca25020a8ab817906279d1dbbd529a125b99d560bbc34fe404826670953b78bd4ac42ad24aae9cc0", 0xfd, 0x0, 0x0, 0x2, r5}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x8001, r6, &(0x7f00000002c0)="a6b48276", 0x4, 0x40, 0x0, 0x0, r7}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x7, 0x0, r8, &(0x7f0000000340)="757647922a6a3c1becbe554387ff4bb8005a2080307f4650641638d84a7c90beb7d6a8c0c20a29b358b1ede1c4bbd5810a5defd45da1f7a153aeafc53b53ddba53e6969c45f75b603e842f53112f0c4d066c73f90a35dcc68a39c5e70b8d547a3496a298eeac617206342646b82de9b2c478b5ad003e8f5f430ed6e0d8bb253089c89ea4bb47511415d0039ed5af364976ac463893c8801cc336be78ba704fb435b6693c3eb283646ac941e9bfd9162ed58c2157c4ce054dad47eb1e86056d394e03088054d2479d965766c003e88387041d9a08f93756143adaf193cfab2699307885c5764eaa83954b736f8a77dd2c9fdb484c4f503cef", 0xf8, 0x6, 0x0, 0x2, r9}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x7, r10, &(0x7f0000000480)="b66e783dc3bae4fbb5b0649931cd794b8cee0f90bf80ea4aef4c38b895b1a474e3ac748dc877fd7bd7e566c93e4c65167e521052", 0x34, 0x0, 0x0, 0x1, r11}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3f, r2, 0x0, 0x0, 0x0, 0x0, 0x7b5b95f78afd6518}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x5, 0x0, r3, &(0x7f0000000640)="dbd983f8c2586f143549f91949f26a5555cad83579bedf2e398a324873af740a2d6e6b4006", 0x25, 0x8001, 0x0, 0x3, r12}]) openat$cgroup(r4, &(0x7f0000000080)='syz1\x00', 0x200002, 0x0) 02:31:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) [ 441.993449][T10802] encrypted_key: insufficient parameters specified [ 442.050260][T10812] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 02:31:36 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r0, 0x107, 0x6, 0x0, &(0x7f00000001c0)) 02:31:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x71, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141041, 0x0) ftruncate(r1, 0x2007fff) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0xb, &(0x7f0000000040)=0x0) io_submit(r2, 0x290, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x200a00}]) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) gettid() socket$inet_tcp(0x2, 0x1, 0x0) stat(0x0, 0x0) getegid() 02:31:36 executing program 0: recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x8000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000500)='/dev/vga_arbiter\x00', 0x4000, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) 02:31:36 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0xc, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:36 executing program 3: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="10002bbd7000fedbdf25010000000000000008410000004c0018ffffff04000000000000000000000000000000000000000000000000000000001b8800000000000000000000000000000000000000000000000000002faa0041b55277e900000000"], 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)}}, 0x20) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x1, 0x600080) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000200)="b805000000b9510000000f01c10f46a78900000066ba2100b07bee66ba4100edb9800000830f32b9800000c00f3235000100000f300f304f215c66b808008ed0660f38806f000f011c268ee0", 0xfffffffffffffdfd}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000004cb, 0x0, 0x7]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 442.468967][T10834] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 02:31:36 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0xe, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x71, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141041, 0x0) ftruncate(r1, 0x2007fff) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0xb, &(0x7f0000000040)=0x0) io_submit(r2, 0x290, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000), 0x200a00}]) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) gettid() socket$inet_tcp(0x2, 0x1, 0x0) stat(0x0, 0x0) getegid() 02:31:36 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0xf, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = dup(r1) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000080)=0x2, 0x4) ioctl$KVM_SET_PIT2(r2, 0xae64, 0x0) 02:31:36 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo\x00') getdents(r0, &(0x7f0000000ea9)=""/407, 0x197) 02:31:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:37 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:37 executing program 0: r0 = open(&(0x7f0000000040)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0xfffc) 02:31:37 executing program 3: socket$inet(0x10, 0x0, 0x0) perf_event_open(&(0x7f00000011c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x10, 0x3, 0x20000000006) r0 = creat(0x0, 0x0) close(0xffffffffffffffff) r1 = open(&(0x7f0000000040)='./file0\x00', 0x40c2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) perf_event_open(&(0x7f00004e7000)={0x200000002, 0x70, 0xe3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0xfffc) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r3 = creat(0x0, 0x0) fcntl$setstatus(r3, 0x4, 0x6100) 02:31:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:37 executing program 5: r0 = open(&(0x7f0000000040)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) 02:31:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) dup(r1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r2, &(0x7f0000000d40)=[{{&(0x7f00000004c0)={0xa, 0x4e23, 0xa6, @local, 0x6}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f0000000b80)=[@rthdrdstopts={{0x18}}], 0x18}}], 0x1, 0x80108) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x9}, 0x8) 02:31:37 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x48, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:37 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x4c, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:37 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000001) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@mcast2, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@multicast2, 0x0, 0x0, 0x0, 0x6}}, 0xe8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x400000000000058, 0x0) 02:31:37 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='debugfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchdir(r0) lseek(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) 02:31:37 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'team0\x00', 0x2}, 0x18) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x1, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000240)='/dev/vbi#\x00', 0x1, 0x2) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x200) write$cgroup_type(r5, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r5, 0x3, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa, 0x6}) r6 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r6, 0x4, 0x42000) r7 = eventfd(0x5) r8 = socket$l2tp(0x18, 0x1, 0x1) r9 = creat(&(0x7f0000000080)='./file0\x00', 0x200) ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000000)) write$cgroup_type(r9, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r9, 0x0, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r9, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa}) r10 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r10, 0x0, 0x2, 0x0) io_submit(0x0, 0x6, &(0x7f0000000700)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x8001, r2, &(0x7f0000000140)="94e9344f9a4458d32b3fa90f1d2f3c937d560bf9c453320a3c848ebeb5240e7c3949c14af7c6c5a6f6383ad54347a5bb7f47f0383c31a96dc705db970839a4d2ce34a4c202e64eda810d038f99ba37cd762c3c784ecbc8144ba637ed5289e1ebfb3e8bf9ddeb66553b21150dad198666b178ca6557e8c3776f48906f44ccf83454fa34188e657af9d705698785b279d2912a296ac4663beb0e9b7c2f54f779bc17122799d1aab86fe2c0cfdfc6ef3cec8e18389ba1e2acbd7168dba7d48e0025483f7420bc280a1d690254ca3bee77af57db2e3929ca25020a8ab817906279d1dbbd529a125b99d560bbc34fe404826670953b78bd4ac42ad24aae9cc0", 0xfd, 0x0, 0x0, 0x2, r3}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x8001, r4, &(0x7f00000002c0)="a6b48276", 0x4, 0x40, 0x0, 0x0, r5}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x7, 0x0, r6, &(0x7f0000000340)="757647922a6a3c1becbe554387ff4bb8005a2080307f4650641638d84a7c90beb7d6a8c0c20a29b358b1ede1c4bbd5810a5defd45da1f7a153aeafc53b53ddba53e6969c45f75b603e842f53112f0c4d066c73f90a35dcc68a39c5e70b8d547a3496a298eeac617206342646b82de9b2c478b5ad003e8f5f430ed6e0d8bb253089c89ea4bb47511415d0039ed5af364976ac463893c8801cc336be78ba704fb435b6693c3eb283646ac941e9bfd9162ed58c2157c4ce054dad47eb1e86056d394e03088054d2479d965766c003e88387041d9a08f93756143adaf193cfab2699307885c5764eaa83954b736f8a77dd2c9fdb484c4f503cef", 0xf8, 0x6, 0x0, 0x2, r7}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x7, r8, &(0x7f0000000480)="b66e783dc3bae4fbb5b0649931cd794b8cee0f90bf80ea4aef4c38b895b1a474e3ac748dc877fd7bd7e566c93e4c65167e521052", 0x34, 0x0, 0x0, 0x1, r9}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3f, r0, 0x0, 0x0, 0x0, 0x0, 0x7b5b95f78afd6518}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, &(0x7f0000000640)="dbd983f8c2586f143549f91949f26a5555cad83579bedf2e398a324873af740a2d6e6b4006", 0x25, 0x8001, 0x0, 0x3, r10}]) ioctl$SIOCX25GSUBSCRIP(r10, 0x89e0, &(0x7f00000000c0)={'veth0\x00', 0x6, 0x2}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r11, 0x84, 0xb, &(0x7f0000000080)={0x3, 0xff, 0x6, 0x3, 0x4, 0x80, 0xca, 0xa6, 0x2, 0x7}, 0xb) ioctl$KVM_CREATE_PIT2(r12, 0x4040ae77, &(0x7f0000000000)) dup(r12) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0xae64, 0x0) 02:31:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:37 executing program 0: r0 = open(&(0x7f0000000040)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0xfffc) 02:31:37 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x60, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:37 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000001) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@mcast2, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@multicast2, 0x0, 0x0, 0x0, 0x6}}, 0xe8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x400000000000058, 0x0) 02:31:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='debugfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchdir(r0) lseek(0xffffffffffffffff, 0x0, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x0) [ 444.028781][T10933] validate_nla: 5 callbacks suppressed [ 444.028791][T10933] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 02:31:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:38 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x68, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:38 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="2e0000001e000502ed0080637e6394f20100d2000500fcb711407f480f0017010300000002000000f88000f01700", 0x2e}], 0x1}, 0x0) [ 444.345815][T10950] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 02:31:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:38 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x6c, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) [ 444.492744][ T25] kauditd_printk_skb: 21 callbacks suppressed [ 444.492762][ T25] audit: type=1804 audit(1574476298.475:120): pid=10943 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/151/file0" dev="sda1" ino=16873 res=1 [ 444.585349][T10961] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 444.608024][ T25] audit: type=1804 audit(1574476298.525:121): pid=10922 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir189796077/syzkaller.T2MjzK/151/file0" dev="sda1" ino=16873 res=1 02:31:38 executing program 3: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x19, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0) socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-0\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8943, &(0x7f0000000000)='nr0\x01:\xf2%\xa3\'>\xf8]\x81\n?\xfa\xff\x05\x00\x00\xbf\xef\xa9\xac\x03x\xf4D3A}?\a\x8b\x9c[\xdd\x06\xa4\n\xf4\x94\xa8>\xb1\xb1\xa2_&') 02:31:38 executing program 5: write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8923, &(0x7f0000000040)='nr0\x01:\xf2%\xa3\'>\xf8]\x81$?\xfa\xff-\x00\x00\xbf\xef\xa9\xac\x03x\xf4D3A}?\a\x8b\x9c[\xdd\x06\xa4\n\xf4\x94\xa8>\xb1\xb1\xa2_&') 02:31:38 executing program 0: clone(0x800007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="13cd0f34"], 0x4}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {}], 0x3}}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1f7d11114e7904295794a76c5775f3e88ba7525d6ed860136292289c000c"], 0x0, 0x1e}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 02:31:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:38 executing program 1: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f0000000200)=0xc) prlimit64(r0, 0xaaeaf22bb15456f, &(0x7f0000000240)={0xea, 0x40}, &(0x7f0000000280)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000000)) r3 = dup(r2) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x800, 0x0) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x200) write$cgroup_type(r5, &(0x7f0000000100)='threaded\x00', 0xff34) fallocate(r5, 0x3, 0xc000, 0x80000003) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f00000000c0)={{0x49, 0x9}, 0x3, 0xfffffffc, 0xfffffffc, {0x16, 0xcf}, 0xa}) ioctl$DRM_IOCTL_MODESET_CTL(r5, 0x40086408, &(0x7f00000002c0)={0xb}) ioctl$KVM_PPC_GET_SMMU_INFO(r4, 0x8250aea6, &(0x7f00000000c0)=""/147) ioctl$KVM_SET_PIT2(r3, 0xae64, 0x0) 02:31:38 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x74, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) [ 444.852249][T10976] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 444.926240][T10968] ÿ-: renamed from nr0 [ 444.937342][T10982] ptrace attach of "/root/syz-executor.0"[10981] was attempted by "/root/syz-executor.0"[10982] 02:31:38 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x7a, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:39 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x2) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x5}, 0x4) sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x1aa, 0x0}}], 0x400000000000107, 0x0) 02:31:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x60, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) [ 445.069128][T10995] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 02:31:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x8041, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000000)) r3 = dup(r1) ioctl$KVM_SET_PIT2(r3, 0xae64, 0x0) 02:31:39 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x2) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x5}, 0x4) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x1aa, 0x0}}], 0x400000000000107, 0x0) 02:31:39 executing program 5: write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'nr0\x01\x00', 0x4009}) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socket$kcm(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8923, &(0x7f0000000040)='nr0\x01:\xf2%\xa3\'>\xf8]\x81$?\xfa\xff-\x00\x00\xbf\xef\xa9\xac\x03x\xf4D3A}?\a\x8b\x9c[\xdd\x06\xa4\n\xf4\x94\xa8>\xb1\xb1\xa2_&') 02:31:39 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x118, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x11a, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) [ 445.392058][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 445.397890][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 445.472067][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 445.477922][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 445.503183][T11024] netlink: 'syz-executor.4': attribute type 11 has an invalid length. 02:31:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) dup(r1) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0xae64, 0x0) [ 445.542603][T11023] ÿ-: renamed from nr0 [ 445.552047][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 445.557886][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:31:39 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x300, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_DPORT={0x8, 0xb}]]}}}]}, 0x3c}}, 0x0) 02:31:39 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f00000001c0)='trusted\x00', &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9) r0 = socket$nl_route(0x10, 0x3, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x1c) r1 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x0) add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) sendfile(0xffffffffffffffff, r1, 0x0, 0x8000fffffffe) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x48811}, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') ioctl(0xffffffffffffffff, 0x80000000008936, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x600c0, 0x4) ioctl$TUNSETLINK(r2, 0x400454cd, 0x10f) 02:31:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) r2 = creat(&(0x7f0000000680)='./bus\x00', 0x0) ftruncate(r2, 0x800) lseek(r2, 0x0, 0x2) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x8400fffffffa) sendfile(r2, r3, 0x0, 0xffffffff) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000340)={0x0, 0x0, 0x1e0, 0x0, [], [{}, {0x801}]}) 02:31:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x300, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ip6erspan={{0x14, 0x1, 'ip6erspan\x00'}, {0xd, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x8}]]}}}]}, 0x44}}, 0x0) 02:31:39 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) [ 445.721643][T11034] netlink: 'syz-executor.4': attribute type 11 has an invalid length. [ 445.878386][ T25] audit: type=1804 audit(1574476299.855:122): pid=11049 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir447892724/syzkaller.RGnMkD/154/bus" dev="sda1" ino=16887 res=1 [ 446.078945][T11049] ================================================================== [ 446.087123][T11049] BUG: KCSAN: data-race in ondemand_readahead / ondemand_readahead [ 446.095013][T11049] [ 446.097351][T11049] write to 0xffff88811d56fa98 of 8 bytes by task 11054 on cpu 1: [ 446.105077][T11049] ondemand_readahead+0x39c/0x710 [ 446.110115][T11049] page_cache_sync_readahead+0x1ad/0x1e0 [ 446.115835][T11049] generic_file_read_iter+0xeb6/0x1440 [ 446.121330][T11049] ext4_file_read_iter+0xfa/0x240 [ 446.126347][T11049] generic_file_splice_read+0x35c/0x500 [ 446.132757][T11049] do_splice_to+0xf2/0x130 [ 446.137184][T11049] splice_direct_to_actor+0x1a1/0x510 [ 446.142564][T11049] do_splice_direct+0x161/0x1e0 [ 446.147442][T11049] do_sendfile+0x384/0x7f0 [ 446.151868][T11049] __x64_sys_sendfile64+0x12a/0x140 [ 446.157239][T11049] do_syscall_64+0xcc/0x370 [ 446.161750][T11049] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.167645][T11049] [ 446.169975][T11049] read to 0xffff88811d56fa98 of 8 bytes by task 11049 on cpu 0: [ 446.177619][T11049] ondemand_readahead+0xfa/0x710 [ 446.182553][T11049] page_cache_sync_readahead+0x1ad/0x1e0 [ 446.188183][T11049] generic_file_read_iter+0xeb6/0x1440 [ 446.193649][T11049] ext4_file_read_iter+0xfa/0x240 [ 446.198692][T11049] generic_file_splice_read+0x35c/0x500 [ 446.204234][T11049] do_splice_to+0xf2/0x130 [ 446.208792][T11049] splice_direct_to_actor+0x1a1/0x510 [ 446.214273][T11049] do_splice_direct+0x161/0x1e0 [ 446.219130][T11049] do_sendfile+0x384/0x7f0 [ 446.223554][T11049] __x64_sys_sendfile64+0x12a/0x140 [ 446.228758][T11049] do_syscall_64+0xcc/0x370 [ 446.233278][T11049] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.239277][T11049] [ 446.241738][T11049] Reported by Kernel Concurrency Sanitizer on: [ 446.247919][T11049] CPU: 0 PID: 11049 Comm: syz-executor.0 Not tainted 5.4.0-rc7+ #0 [ 446.256325][T11049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 446.266384][T11049] ================================================================== [ 446.274614][T11049] Kernel panic - not syncing: panic_on_warn set ... [ 446.281211][T11049] CPU: 0 PID: 11049 Comm: syz-executor.0 Not tainted 5.4.0-rc7+ #0 [ 446.289100][T11049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 446.299165][T11049] Call Trace: [ 446.302481][T11049] dump_stack+0x11d/0x181 [ 446.306817][T11049] panic+0x210/0x640 [ 446.310729][T11049] ? vprintk_func+0x8d/0x140 [ 446.315328][T11049] kcsan_report.cold+0xc/0xd [ 446.319925][T11049] kcsan_setup_watchpoint+0x3fe/0x460 [ 446.325308][T11049] __tsan_read8+0xc6/0x100 [ 446.329738][T11049] ondemand_readahead+0xfa/0x710 [ 446.334772][T11049] page_cache_sync_readahead+0x1ad/0x1e0 [ 446.340418][T11049] generic_file_read_iter+0xeb6/0x1440 [ 446.345926][T11049] ext4_file_read_iter+0xfa/0x240 [ 446.350966][T11049] generic_file_splice_read+0x35c/0x500 [ 446.356622][T11049] do_splice_to+0xf2/0x130 [ 446.361057][T11049] ? add_to_pipe+0x1a0/0x1a0 [ 446.365820][T11049] ? add_to_pipe+0x1a0/0x1a0 [ 446.370426][T11049] splice_direct_to_actor+0x1a1/0x510 [ 446.375809][T11049] ? generic_pipe_buf_nosteal+0x20/0x20 [ 446.381397][T11049] do_splice_direct+0x161/0x1e0 [ 446.386266][T11049] do_sendfile+0x384/0x7f0 [ 446.390716][T11049] __x64_sys_sendfile64+0x12a/0x140 [ 446.395952][T11049] do_syscall_64+0xcc/0x370 [ 446.400495][T11049] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 446.406382][T11049] RIP: 0033:0x45a639 [ 446.410301][T11049] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 446.430210][T11049] RSP: 002b:00007fd8fd758c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 446.438647][T11049] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 446.446635][T11049] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 446.454608][T11049] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 446.462584][T11049] R10: 00008400fffffffa R11: 0000000000000246 R12: 00007fd8fd7596d4 [ 446.470730][T11049] R13: 00000000004c85aa R14: 00000000004dec38 R15: 00000000ffffffff [ 446.480280][T11049] Kernel Offset: disabled [ 446.484615][T11049] Rebooting in 86400 seconds..