[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1[ 37.405792] audit: type=1800 audit(1569834831.942:33): pid=7355 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 G[ ok [39;[ 37.427845] audit: type=1800 audit(1569834831.952:34): pid=7355 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.669074] audit: type=1400 audit(1569834835.212:35): avc: denied { map } for pid=7530 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts. 2019/09/30 09:14:02 fuzzer started [ 47.433432] audit: type=1400 audit(1569834841.972:36): avc: denied { map } for pid=7540 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/09/30 09:14:03 dialing manager at 10.128.0.105:33829 2019/09/30 09:14:03 syscalls: 2489 2019/09/30 09:14:03 code coverage: enabled 2019/09/30 09:14:03 comparison tracing: enabled 2019/09/30 09:14:03 extra coverage: extra coverage is not supported by the kernel 2019/09/30 09:14:03 setuid sandbox: enabled 2019/09/30 09:14:03 namespace sandbox: enabled 2019/09/30 09:14:03 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/30 09:14:03 fault injection: enabled 2019/09/30 09:14:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/30 09:14:03 net packet injection: enabled 2019/09/30 09:14:03 net device setup: enabled 09:16:43 executing program 0: [ 209.310884] audit: type=1400 audit(1569835003.852:37): avc: denied { map } for pid=7558 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14982 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 209.392893] IPVS: ftp: loaded support on port[0] = 21 09:16:44 executing program 1: [ 209.494207] chnl_net:caif_netlink_parms(): no params data found [ 209.542861] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.550530] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.558473] device bridge_slave_0 entered promiscuous mode [ 209.566476] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.573014] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.580698] device bridge_slave_1 entered promiscuous mode [ 209.603068] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.613056] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.636574] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.646275] team0: Port device team_slave_0 added [ 209.652339] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.660926] team0: Port device team_slave_1 added [ 209.666318] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.678024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 09:16:44 executing program 2: [ 209.750763] device hsr_slave_0 entered promiscuous mode [ 209.788103] device hsr_slave_1 entered promiscuous mode [ 209.828421] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 209.835482] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 209.862056] IPVS: ftp: loaded support on port[0] = 21 [ 209.910845] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.913424] IPVS: ftp: loaded support on port[0] = 21 [ 209.917407] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.917859] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.935650] bridge0: port 1(bridge_slave_0) entered forwarding state 09:16:44 executing program 3: [ 210.066607] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 210.087331] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.154318] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 210.161569] chnl_net:caif_netlink_parms(): no params data found [ 210.193083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.213900] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.232009] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.239771] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 210.255762] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 210.262150] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.283993] IPVS: ftp: loaded support on port[0] = 21 [ 210.297588] chnl_net:caif_netlink_parms(): no params data found 09:16:44 executing program 4: [ 210.324870] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.336008] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.342458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.381324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.397616] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.404014] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.487357] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.493747] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.518674] device bridge_slave_0 entered promiscuous mode [ 210.528340] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.534788] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.554981] device bridge_slave_1 entered promiscuous mode [ 210.562887] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.574005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 09:16:45 executing program 5: [ 210.584376] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 210.623388] IPVS: ftp: loaded support on port[0] = 21 [ 210.638980] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.650931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.664197] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.677538] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.683930] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.692202] device bridge_slave_0 entered promiscuous mode [ 210.702993] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.709786] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.717254] device bridge_slave_1 entered promiscuous mode [ 210.736452] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 210.749693] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.760626] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.770689] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.781135] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.789724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.797710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.807482] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 210.810351] IPVS: ftp: loaded support on port[0] = 21 [ 210.813522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.841606] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.849002] team0: Port device team_slave_0 added [ 210.868787] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.876031] team0: Port device team_slave_0 added [ 210.889665] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.897704] team0: Port device team_slave_1 added [ 210.910735] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.919537] team0: Port device team_slave_1 added [ 210.924988] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.932775] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.940088] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.950380] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.990413] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 211.038700] device hsr_slave_0 entered promiscuous mode [ 211.087292] device hsr_slave_1 entered promiscuous mode [ 211.131731] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 211.189763] device hsr_slave_0 entered promiscuous mode [ 211.227284] device hsr_slave_1 entered promiscuous mode [ 211.287607] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 211.294659] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 211.308656] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 211.335329] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.350939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.364007] audit: type=1400 audit(1569835005.902:38): avc: denied { associate } for pid=7559 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 09:16:46 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read$alg(r0, &(0x7f0000000140)=""/65, 0x41) [ 211.414595] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.421047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.497221] chnl_net:caif_netlink_parms(): no params data found [ 211.520874] chnl_net:caif_netlink_parms(): no params data found 09:16:46 executing program 0: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) recvmmsg(r0, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f00000000c0)=""/95, 0x5f}], 0x1}}], 0x1, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x100001000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x0) [ 211.658497] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.671541] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.678401] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.685754] device bridge_slave_0 entered promiscuous mode [ 211.701063] chnl_net:caif_netlink_parms(): no params data found [ 211.716154] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.731965] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.739720] device bridge_slave_0 entered promiscuous mode [ 211.746632] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.753506] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.760754] device bridge_slave_1 entered promiscuous mode [ 211.772882] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.780476] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.789000] device bridge_slave_1 entered promiscuous mode [ 211.813403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.826942] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 211.852381] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.861609] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.874972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.886403] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 211.899483] bond0: Enslaving bond_slave_1 as an active interface with an up link 09:16:46 executing program 0: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x8912, &(0x7f0000000000)) [ 211.914578] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.939347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.946438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.963574] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 211.972831] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 211.979689] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.995617] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.002407] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.009993] device bridge_slave_0 entered promiscuous mode [ 212.020988] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.027629] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.034689] device bridge_slave_1 entered promiscuous mode [ 212.050602] bond0: Enslaving bond_slave_0 as an active interface with an up link 09:16:46 executing program 0: socket$inet(0x2, 0x4000000000000001, 0x0) r0 = socket$inet(0x15, 0x0, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x20000, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x80, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000000300)='/dev/dmmidi#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, 0x0) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, 0x0) r2 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0563044000000000"], 0x0, 0x0, 0x0}) dup3(r3, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f0000000180)={0x0, 0x100000000000000}) socket$inet_udp(0x2, 0x2, 0x0) [ 212.059783] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.082381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 212.092224] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.104776] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.113941] team0: Port device team_slave_0 added [ 212.118258] audit: type=1400 audit(1569835006.662:39): avc: denied { create } for pid=7596 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 212.123675] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.156714] team0: Port device team_slave_1 added [ 212.170516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.177758] hrtimer: interrupt took 36468 ns [ 212.181168] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.197057] team0: Port device team_slave_0 added [ 212.203200] audit: type=1400 audit(1569835006.702:40): avc: denied { write } for pid=7596 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 212.209084] binder: 7596:7597 ioctl c018620c 20000180 returned -22 [ 212.233016] audit: type=1400 audit(1569835006.702:41): avc: denied { read } for pid=7596 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 212.260677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.268693] audit: type=1400 audit(1569835006.732:42): avc: denied { set_context_mgr } for pid=7596 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 [ 212.273213] binder: 7596:7597 ioctl c018620c 20000180 returned -22 [ 212.299469] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.307545] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.313917] bridge0: port 1(bridge_slave_0) entered forwarding state 09:16:46 executing program 0: socket$inet(0x2, 0x4000000000000001, 0x0) r0 = socket$inet(0x15, 0x0, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x20000, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x80, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000000300)='/dev/dmmidi#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, 0x0) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, 0x0) r2 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0563044000000000"], 0x0, 0x0, 0x0}) dup3(r3, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f0000000180)={0x0, 0x100000000000000}) socket$inet_udp(0x2, 0x2, 0x0) [ 212.320936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.329338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.337024] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.343383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.351327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.359170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.369003] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.376056] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.393439] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.413089] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.420903] team0: Port device team_slave_0 added [ 212.426301] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.431260] binder: 7600:7601 ioctl c018620c 20000180 returned -22 [ 212.439904] team0: Port device team_slave_1 added [ 212.440406] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.440891] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready 09:16:47 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0x40605346, &(0x7f0000000040)) [ 212.478822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.489439] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.513613] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 09:16:47 executing program 0: r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7ffffffe}) creat(&(0x7f0000000700)='./bus\x00', 0x0) [ 212.528136] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.534597] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.547996] team0: Port device team_slave_1 added [ 212.553521] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.590666] device hsr_slave_0 entered promiscuous mode [ 212.627424] device hsr_slave_1 entered promiscuous mode [ 212.677552] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 212.686456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.698598] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.759929] device hsr_slave_0 entered promiscuous mode [ 212.787276] device hsr_slave_1 entered promiscuous mode [ 212.838129] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.846390] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 212.853573] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.861695] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.869644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.877659] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.885275] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 212.901977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 212.912688] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 212.920482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.928342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.936099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.944502] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.952364] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.958941] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.965901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.973537] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.981572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.989508] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 213.049779] device hsr_slave_0 entered promiscuous mode [ 213.087257] device hsr_slave_1 entered promiscuous mode [ 213.129902] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 213.143569] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 213.160503] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 213.168167] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 213.176305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.186494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.194292] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.200653] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.208152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.215650] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.226239] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.235549] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 213.247149] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 213.253178] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.264396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.276191] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.290050] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.300842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.311471] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.329159] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 213.337281] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.345030] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.360426] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.370409] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 213.381389] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 213.391635] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 213.403409] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.415772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.424505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.435362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.443722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.454344] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 213.465514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.473292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.483333] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 213.490051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.511764] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 213.536303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.564244] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 213.590053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.599869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.616387] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 213.634117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.640927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.648323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.659863] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 213.665967] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.674460] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 213.685061] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready 09:16:48 executing program 1: 09:16:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000001, 0x0, 0x0) r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc0bc5351, &(0x7f0000000040)={{0x80}}) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r3 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) dup2(r3, 0xffffffffffffffff) syz_open_dev$sndseq(0x0, 0x0, 0x0) [ 213.702512] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 213.712976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.722803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.732717] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 213.739757] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.748423] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.757905] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 213.768261] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 213.774380] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.782713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.797291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.805311] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.811835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.827303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.834626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.851149] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 213.861583] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.874167] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.884225] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 213.891965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.904256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.913175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.924934] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.931503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.939496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.947573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.955558] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.961985] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.969396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.977869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.985422] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.991821] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.998845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.006642] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.014362] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.020734] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.028095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.035192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.047974] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.055804] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 214.065256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.073502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.081525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.089391] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.095720] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.104497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.116520] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 214.124751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.133351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.142373] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.153403] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 214.163279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 214.171207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.179965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.189214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.199901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.208543] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.219943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.227058] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.234859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.242558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.250605] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.258486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.266194] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.274225] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.281403] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.288535] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.297457] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.307687] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.315614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.325586] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.333590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.341448] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.350832] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.364756] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 214.372867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 214.383289] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 214.390510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.398881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.406453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.414290] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.421897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.429597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.437725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 214.445183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 214.453674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 214.465574] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 214.474865] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 214.481330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.490607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.498771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.506346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 214.514273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 214.527217] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 214.535403] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 214.547065] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 214.553139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.561338] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 214.568009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.575369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 214.583272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 214.602639] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 214.619646] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 214.633339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.641189] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 214.653516] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.665564] 8021q: adding VLAN 0 to HW filter on device batadv0 09:16:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req3={0x0, 0x100000001}, 0xe6) r1 = socket(0x1, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f00000001c0)=@ipv4_deladdr={0x3c, 0x15, 0x803, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @local}, @IFA_LABEL={0x14, 0x3, 'teql0\x00'}, @IFA_LOCAL={0x8, 0x2, @loopback}]}, 0x3c}}, 0x0) 09:16:49 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000000000)=ANY=[@ANYBLOB="020d00001400000000000000000000000800120000000300ffffffff020000000600000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000aa0500050000c000000a000000ff00000000000000000000000000ffffac141400000000000000000005000600008000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0xa0}}, 0x0) 09:16:49 executing program 2: 09:16:49 executing program 1: 09:16:49 executing program 0: 09:16:49 executing program 5: 09:16:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x400, 0x401}, 0x0, 0x0, 0xffffffff, 0x13}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB="73797a30a99916007ef67a31a8bddf3b8a527c4ae452d5ea7461d017429d9ced80e034febfd165004b8ff158ee05f30a7e328c53f81e373ae72adeb533bf3d516c6b462481f8515e6bff9b123b175668d564bb7bd3e5fb3254080000004664ef6e7f9dd775d5a65b1ee873ec4a3e91a9a61c38f3470c5fdf61bce340ef5001de7a5f8f7004dd33e4e5df6fdb9ace582b2db9a73f3f30a631796fd2cfabb9b5226dd7492a1c44d71026077d82d01c8a72908236e71f86fc0fe64e697f9466eb6d7f32b60207291da14fe2ee788c05aee3cd750ebfa7274cf3e7d187b3fddf483fe7bfc4f7c5645cae1d10280e6760e237c5c4c58b6aab3e2c5c840e07870956cf4a699d0481e868fa32a75fde0676b88440704d2cd957130e2bfbd7d965b937d29c653805e5f87665000000000000007b25997d6c171eb929317d398ee2b81f406c76209775ac34fec115f031ec8a041a1dea8496d33c6d1f339a6788075ca96d0e89170c1e09cde578469909c320cbf62e86f785145b30cf97fb1a1b77e2c1d65c7e81324c9321272655dfb9495defdb7a4e654f2d3530b3796a6323e4ce5adcb0e208593f257f72c49dd1b777ea454f9c1f547db18aed7e1ad43bb63b0a431112e8dda69498a648042a86bb1a9ee3eb2e73e05b3e8d48c7aa00800000000000009d0985b18459b8b8464420af3cdbb866ff3a0b6c6efe5e67613bcb2ba3baa46fbfdc4355f917055d9623483eb24b6f3fe644fabb84b7f891ea540b02dfc3126b1d820f9cf43a54a71d1efb6ba878bb0397db842c85cc9bdf283bdb4c5c4d591f5599509c1907008ebe8be2ca1c7fdc13330d78c7d4a7eddf653d57af5a044dfd108a2d2fea3ceb15adcc1046e69834c08ad4fc5ff3f34247495ddca75f0d4bd66384b6577a5b7c5f885408206bed4009e8d1795183ce0952050a127986af5c47c072e6477f939cb2147c9e3b3b3630416c5ddc3f3a58d359a2e2ebfddcdab3cf39f6ca5357e50b668ec186f4cdb4e92d4bdb25b2f3780704e76a750b1c7d5e4abde4e53972712ea6198c8b3adf87db132125c77fe1b5d2288a15f0da655f4890af295750437f2465e5e30ce7b6154a26a6a6fcca5209fe53c715b8ae2a1fcaa2f5e94c24d82607e37f63e011b0c2908779dc2a37e9e722252fd01cdab4e85f7ac78fa1e88833eaba0737a33c2e94121ee4e003fcdb4564849cc652eb20ebc946b0378f6130ceda953e4343cd68df45bd4a3d638542f968e7ed8632c97db9359af990baf4cfcb26b0b1ea002becdb32e554cf9cd410a38cf9981736c040ac59b72980472686828f1e4236f79d7da1cd46cb574622b49fc7371a9d83fae5a944ba59797be50d1fd01af3aca50bc9d2083ac6bf0b2583277c0781aa3969b6a41067af7e28b8d41b9f5de4a0b3d3fbf7f8acb00c111a6a25eb98093d715995bc38bd1b7a64edff53796ff9428dda1fb4fc67e42ddae13dc29af9a19c1e172ac72833034c3b95719b0d28da83305791154d3e835127d96da0d0b7d3ebea3cbe093c2d91fe8eaf90a19f696a4f7f59b56d4f5eb5d3fb10e7e79b4be7d36246f6d304d1fa2836fd13e0a3faa8e405c437902bb08aabf31418285fc5e94a4623907a4a62405ad957bf97a08506e8f2db4239bdcc757dbc40c071ab4fec8c365d7846fb887fa56cb5db11314b857ae1523f1cbf8cc4a2471ccd7361f55b99e652a2d59fddd1f986305fa0b574032be36a921969cf8e55d96fd94f671a78d053051915a96bbf7c1685800086055b89caa456f6adf83929d0ac87dd6da467f6193a82573fb91f965390ae06d8ff15a878ac90c5fea41af7ba9e46d3ad1c52e53f69b4d383365eaf8031c7482928bb2790ebcb13f5740e29ff2e0d78a0f4934f8f4cd4f0600a22688a994b9b46ea445f26cac4991d5e52597e6f6462ca2a7e5a2ae4b8fefdfe880c233f8f0b4c812ff4ba185c41f9aa78f6f3890612346b1060922fe402332199d6d0cc3a200bdf28ca5cf6e62102c33f6a91c23fe2bdcf5522c3a6c3a1b3845c17664574aa1db3868fc965f28b64e06882a147fb3f96ce129766023e096270c4540377eaa809a0399e674e31e788ea1b34dae1cf7ec929c887a2fb36f46124c8b363604949af3affff180479fb40e14cfbfe3b5b5127290dfa1f1c92490b51b0aed779804f562e16fbb0db5f9397dc4f9d0a1065b9072f753df29d99a25d55d57f571e95ddc7be17eda1c9f7f1273cbd0e49f569d404594450aad2f4904790db7ba5f236e1d34aacd6849446238a44cd9c10173483f4be36345028b5b8bc87fc5738d9b7477dc3ded2c36c0c344a99b466e22c62ee60012a05ee1d4d0be5e08474fdf6b38b6424133b0fee40b724453240b672c1b03d6c0bd8dfcb"], 0x69d) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, &(0x7f0000000480)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, &(0x7f0000000000)=0x80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb]}) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f00000000c0)=""/222, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x400000000000000) 09:16:49 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgrp(0x0) setpriority(0x1, r0, 0x0) 09:16:49 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="000000000009ad9e"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x74, 0x24, 0x507, 0x0, 0x0, {0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8, 0x1, 'sfq\x00'}, {0x48, 0xe}}]}, 0x74}}, 0x0) 09:16:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000180)={0x0, 0x100000000000000}) 09:16:49 executing program 3: r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, 0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7ffffffe}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000700)='./bus\x00', 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) [ 214.988652] binder: 7643:7644 ioctl c018620c 20000180 returned -22 [ 215.022233] netlink: 'syz-executor.5': attribute type 14 has an invalid length. 09:16:49 executing program 4: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) write$binfmt_elf64(r0, 0x0, 0x0) [ 215.056567] binder: 7643:7657 ioctl c018620c 20000180 returned -22 [ 215.063632] binder: BINDER_SET_CONTEXT_MGR already set [ 215.078067] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 09:16:49 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40087602, &(0x7f0000000100)) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000180)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04", 0x19a) sendfile(r1, r2, 0x0, 0x7fffffff) open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f00000000c0)='wlan0+\x00') ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) [ 215.104937] binder: 7643:7644 ioctl 40046207 0 returned -16 09:16:49 executing program 4: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x50000}]}) mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1) 09:16:49 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') rename(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00') 09:16:49 executing program 2: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0'}, 0xb) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) setxattr$security_capability(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='security.capability\x00', &(0x7f00000001c0)=@v3={0x3000000, [{}, {0x7fffffff}], 0xee01}, 0x18, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) [ 215.279661] audit: type=1800 audit(1569835009.822:43): pid=7675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16544 res=0 09:16:49 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r2 = timerfd_create(0x0, 0x0) timerfd_gettime(r2, 0x0) 09:16:50 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000008000)=ANY=[@ANYBLOB="850000001800000007000000000000009500000000000039"], &(0x7f0000014ff5)='syzka\x00\x00\x00\x05\x00\xf3', 0x2, 0x1000, &(0x7f0000014000)=""/4096}, 0x48) 09:16:50 executing program 1: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x89e7, 0x0) [ 215.466642] audit: type=1804 audit(1569835009.902:44): pid=7684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir262390550/syzkaller.TqsUyZ/3/file0/file0" dev="sda1" ino=16544 res=1 09:16:50 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) 09:16:50 executing program 1: r0 = creat(0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40087602, &(0x7f0000000100)) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000180)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x7fffffff) r4 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r4, r2, 0x0, 0xffffffff) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) 09:16:50 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f00000000c0)={'mangle\x00', 0x2, [{}, {}]}, 0x48) [ 215.585561] audit: type=1400 audit(1569835010.122:45): avc: denied { prog_load } for pid=7701 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 09:16:50 executing program 3: syslog(0x2, &(0x7f0000000180)=""/118, 0x76) 09:16:50 executing program 2: r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x200041}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10) sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0) 09:16:50 executing program 5: r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x200041}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) sendmsg$tipc(r2, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0) [ 215.737871] audit: type=1800 audit(1569835010.282:46): pid=7714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16535 res=0 09:16:50 executing program 0: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) setxattr$security_capability(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='security.capability\x00', 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) 09:16:50 executing program 4: r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 09:16:50 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) exit(0x0) ppoll(&(0x7f00000006c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 09:16:50 executing program 2: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) poll(&(0x7f00000001c0)=[{r2}], 0x1, 0x0) close(r2) [ 215.891583] audit: type=1804 audit(1569835010.282:47): pid=7714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir185197425/syzkaller.x3RRbW/5/file0/file0" dev="sda1" ino=16535 res=1 [ 215.924399] RDS: rds_bind could not find a transport for ::ffff:172.30.0.5, load rds_tcp or rds_rdma? 09:16:50 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x2, 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) creat(0x0, 0x0) ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) write$binfmt_script(r0, 0x0, 0x0) 09:16:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x44, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0x44}}, 0x0) [ 215.999910] audit: type=1804 audit(1569835010.352:48): pid=7708 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir185197425/syzkaller.x3RRbW/5/file0/file0" dev="sda1" ino=16535 res=1 09:16:50 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r2, &(0x7f00000000c0)='./file0\x00') mkdirat(r2, &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r3, &(0x7f0000000280)='./file0/file0\x00') renameat2(r3, &(0x7f0000000100)='./file0/file0\x00', r3, &(0x7f0000000340)='./file0\x00', 0x2) [ 216.072424] audit: type=1400 audit(1569835010.422:49): avc: denied { syslog } for pid=7725 comm="syz-executor.3" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 216.111066] netlink: 'syz-executor.0': attribute type 7 has an invalid length. [ 216.156344] netlink: 'syz-executor.0': attribute type 7 has an invalid length. [ 216.494062] audit: type=1804 audit(1569835011.032:50): pid=7723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir185197425/syzkaller.x3RRbW/5/file0/file0" dev="sda1" ino=16535 res=1 09:16:51 executing program 1: 09:16:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000080)="b9f0080000b8f9000000ba000000000f30b9800000c00f3235008000000f3067360f01c32e3e0f79350000000066b88a008ee86d0f72f71c6626f36e360f788fb3000000f4", 0x45}], 0xaaaaaaaaaaaaa01, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) ioctl$KVM_RUN(r4, 0xae80, 0x0) 09:16:51 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@dev, 0x800, 0x0, 0xff}, 0x20) 09:16:51 executing program 3: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0x4058534c, &(0x7f00000000c0)={{0x80}}) 09:16:51 executing program 2: [ 216.545356] audit: type=1804 audit(1569835011.032:51): pid=7723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir185197425/syzkaller.x3RRbW/5/file0/file0" dev="sda1" ino=16535 res=1 09:16:51 executing program 2: [ 216.589178] audit: type=1804 audit(1569835011.032:52): pid=7723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir185197425/syzkaller.x3RRbW/5/file0/file0" dev="sda1" ino=16535 res=1 09:16:51 executing program 4: 09:16:51 executing program 4: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r0, &(0x7f0000000080)={0x9, @remote={[], 0x1}}, 0x12) 09:16:51 executing program 2: 09:16:51 executing program 5: 09:16:51 executing program 1: 09:16:51 executing program 3: 09:16:51 executing program 0: 09:16:51 executing program 2: 09:16:51 executing program 3: 09:16:51 executing program 1: 09:16:51 executing program 0: 09:16:51 executing program 4: 09:16:51 executing program 2: 09:16:51 executing program 5: 09:16:51 executing program 1: 09:16:51 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000180)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) 09:16:51 executing program 4: 09:16:51 executing program 0: 09:16:51 executing program 5: 09:16:51 executing program 1: 09:16:51 executing program 2: 09:16:51 executing program 4: 09:16:51 executing program 5: 09:16:51 executing program 0: 09:16:52 executing program 1: 09:16:52 executing program 5: 09:16:52 executing program 3: 09:16:52 executing program 4: 09:16:52 executing program 0: 09:16:52 executing program 2: 09:16:52 executing program 5: 09:16:52 executing program 4: 09:16:52 executing program 1: 09:16:52 executing program 0: 09:16:52 executing program 3: 09:16:52 executing program 4: 09:16:52 executing program 2: 09:16:52 executing program 5: 09:16:52 executing program 0: 09:16:52 executing program 1: r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) 09:16:52 executing program 2: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$KDGKBENT(0xffffffffffffffff, 0x4b46, 0x0) r1 = dup2(r0, r0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getrlimit(0x0, 0x0) getsockname(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000001780)) 09:16:52 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000180)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) open(0x0, 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) open$dir(0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xffffffff) 09:16:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffffffffffffff]}) 09:16:52 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x803, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000560081aee4f80b00000f00fe078bc36f16000072fd670c87594d0063dac37b", 0x23}], 0x1}, 0x0) 09:16:52 executing program 0: r0 = socket(0x1e, 0x805, 0x0) connect$tipc(r0, &(0x7f0000000040)=@name, 0x10) 09:16:52 executing program 2: 09:16:52 executing program 1: 09:16:52 executing program 4: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff577, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x10, 0x0) socket$inet6(0xa, 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r1, 0x4) open(0x0, 0x0, 0x0) creat(0x0, 0x0) 09:16:52 executing program 0: socket$kcm(0xa, 0x20000000000003, 0x11) socket$kcm(0x10, 0x2, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x92\xee2\xc2$Wx\x15^\xdaM\xeaB\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WZ;\xce\x05\xfc\x95\xd9\x88\x1f|\x8b\xf1\xbf\xf2u\xdd\xd8AV\xd87\x96M\xea\xd2\xa2iM\xe9\xa1\xbc\xba}\xbe\xa1\x05J\"\f\xf9\b\xcf\xb8J\x13#\xecT\xdf\xe0\x9dOA>\xe9\x99\xf8\xaf@{dw\b\xe7{\xaf\x9a\x1e3\xc1\x83&\x89\xc2\xa5\xb1\xe2NN\xdf\xd3\x0f{\x8c\xc1\xc8y\x01\x04\x00\xc7\x94\xe3\x89|\xd7\x9f\xd3\x06\x17\xe6]\xd7\x81q\x1d\x1dN\x9e\xf4c\x83\x86_\xfc\xbc\xdd\xd4{\xde\xc4\xe5\xb6\b;L\x1cN\xa2\xc9k\xd7 \xc3\xe4\x19\x96\x8c\x04\xea\x9c9\xfa\xe3\xc1\x8dDuTHL\n\xe8\xb7oSx\'\xfd=\xfc\xa4\xa51\b\x02j\xb7\x98{`\x89\x8c\xd3\xc6\xe8\xe2\x9b\xd7\xab\xd1s\xfb\xaa\xcd\x9d\xf1\x9e\xee\xe3e\xf1\x91\xf7\xee%\xf8\xc7G', 0x2761, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x92\xee2\xc2$Wx\x15^\xdaM\xeaB\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WZ;\xce\x05\xfc\x95\xd9\x88\x1f|\x8b\xf1\xbf\xf2u\xdd\xd8AV\xd87\x96M\xea\xd2\xa2iM\xe9\xa1\xbc\xba}\xbe\xa1\x05J\"\f\xf9\b\xcf\xb8J\x13#\xecT\xdf\xe0\x9dOA>\xe9\x99\xf8\xaf@{dw\b\xe7{\xaf\x9a\x1e3\xc1\x83&\x89\xc2\xa5\xb1\xe2NN\xdf\xd3\x0f{\x8c\xc1\xc8y\x01\x04\x00\xc7\x94\xe3\x89|\xd7\x9f\xd3\x06\x17\xe6]\xd7\x81q\x1d\x1dN\x9e\xf4c\x83\x86_\xfc\xbc\xdd\xd4{\xde\xc4\xe5\xb6\b;L\x1cN\xa2\xc9k\xd7 \xc3\xe4\x19\x96\x8c\x04\xea\x9c9\xfa\xe3\xc1\x8dDuTHL\n\xe8\xb7oSx\'\xfd=\xfc\xa4\xa51\b\x02j\xb7\x98{`\x89\x8c\xd3\xc6\xe8\xe2\x9b\xd7\xab\xd1s\xfb\xaa\xcd\x9d\xf1\x9e\xee\xe3e\xf1\x91\xf7\xee%\xf8\xc7G', 0x2761, 0x0) socket$kcm(0xa, 0x522000000003, 0x11) socket$kcm(0x11, 0x3, 0x300) socket$kcm(0x2b, 0x1, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="72d3207b1bcf0e14f62342e893ccdc8c99e5a20b4147fa62946280332c1fe1e989866498fbd33c1d7dc1acf8fa468847d2a9dd15e329e41c32da60ece92417eaf7d1b9b1afab6284db6ce2aceaf5114f8daf25fb704272efbcd58992f0dcd90138d5ef2fad57f08f030b19174579891e6161103c0621faee007dc2ee5fef5a15f115e3fb4a666074e7527aa8409bf829ac59bfcf9648e52bc8196703ebaba0cf2d0f0c67d6c5caec8096712ee71aa1f3db4cfa8af456da80a507179a8ca50f2bc0d09e7b45a92143bb4e701f74a189e99eb850126ed54d207bd7977bc920a34e01d0df"], 0xfdef) 09:16:52 executing program 3: r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) recvmmsg(r0, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20002d30159dd45ad267a6bd5ec94d9078e29607149378d33e1dcec7137d3936c78256f7fad33b042bd36823686253b1c373d6ea6e369e92fb96cc7c6fe44d1fcafff87429e50b32881721afab69cc3712c37ed0000000"], 0x0) shutdown(r0, 0x0) 09:16:52 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0xe) 09:16:52 executing program 2: 09:16:52 executing program 5: 09:16:52 executing program 2: 09:16:53 executing program 5: 09:16:53 executing program 4: 09:16:53 executing program 1: 09:16:53 executing program 3: 09:16:53 executing program 5: 09:16:53 executing program 2: 09:16:53 executing program 0: socket$kcm(0xa, 0x20000000000003, 0x11) socket$kcm(0x10, 0x2, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x92\xee2\xc2$Wx\x15^\xdaM\xeaB\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WZ;\xce\x05\xfc\x95\xd9\x88\x1f|\x8b\xf1\xbf\xf2u\xdd\xd8AV\xd87\x96M\xea\xd2\xa2iM\xe9\xa1\xbc\xba}\xbe\xa1\x05J\"\f\xf9\b\xcf\xb8J\x13#\xecT\xdf\xe0\x9dOA>\xe9\x99\xf8\xaf@{dw\b\xe7{\xaf\x9a\x1e3\xc1\x83&\x89\xc2\xa5\xb1\xe2NN\xdf\xd3\x0f{\x8c\xc1\xc8y\x01\x04\x00\xc7\x94\xe3\x89|\xd7\x9f\xd3\x06\x17\xe6]\xd7\x81q\x1d\x1dN\x9e\xf4c\x83\x86_\xfc\xbc\xdd\xd4{\xde\xc4\xe5\xb6\b;L\x1cN\xa2\xc9k\xd7 \xc3\xe4\x19\x96\x8c\x04\xea\x9c9\xfa\xe3\xc1\x8dDuTHL\n\xe8\xb7oSx\'\xfd=\xfc\xa4\xa51\b\x02j\xb7\x98{`\x89\x8c\xd3\xc6\xe8\xe2\x9b\xd7\xab\xd1s\xfb\xaa\xcd\x9d\xf1\x9e\xee\xe3e\xf1\x91\xf7\xee%\xf8\xc7G', 0x2761, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x92\xee2\xc2$Wx\x15^\xdaM\xeaB\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WZ;\xce\x05\xfc\x95\xd9\x88\x1f|\x8b\xf1\xbf\xf2u\xdd\xd8AV\xd87\x96M\xea\xd2\xa2iM\xe9\xa1\xbc\xba}\xbe\xa1\x05J\"\f\xf9\b\xcf\xb8J\x13#\xecT\xdf\xe0\x9dOA>\xe9\x99\xf8\xaf@{dw\b\xe7{\xaf\x9a\x1e3\xc1\x83&\x89\xc2\xa5\xb1\xe2NN\xdf\xd3\x0f{\x8c\xc1\xc8y\x01\x04\x00\xc7\x94\xe3\x89|\xd7\x9f\xd3\x06\x17\xe6]\xd7\x81q\x1d\x1dN\x9e\xf4c\x83\x86_\xfc\xbc\xdd\xd4{\xde\xc4\xe5\xb6\b;L\x1cN\xa2\xc9k\xd7 \xc3\xe4\x19\x96\x8c\x04\xea\x9c9\xfa\xe3\xc1\x8dDuTHL\n\xe8\xb7oSx\'\xfd=\xfc\xa4\xa51\b\x02j\xb7\x98{`\x89\x8c\xd3\xc6\xe8\xe2\x9b\xd7\xab\xd1s\xfb\xaa\xcd\x9d\xf1\x9e\xee\xe3e\xf1\x91\xf7\xee%\xf8\xc7G', 0x2761, 0x0) socket$kcm(0xa, 0x522000000003, 0x11) socket$kcm(0x11, 0x3, 0x300) socket$kcm(0x2b, 0x1, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="72d3207b1bcf0e14f62342e893ccdc8c99e5a20b4147fa62946280332c1fe1e989866498fbd33c1d7dc1acf8fa468847d2a9dd15e329e41c32da60ece92417eaf7d1b9b1afab6284db6ce2aceaf5114f8daf25fb704272efbcd58992f0dcd90138d5ef2fad57f08f030b19174579891e6161103c0621faee007dc2ee5fef5a15f115e3fb4a666074e7527aa8409bf829ac59bfcf9648e52bc8196703ebaba0cf2d0f0c67d6c5caec8096712ee71aa1f3db4cfa8af456da80a507179a8ca50f2bc0d09e7b45a92143bb4e701f74a189e99eb850126ed54d207bd7977bc920a34e01d0df"], 0xfdef) 09:16:53 executing program 1: 09:16:53 executing program 5: 09:16:53 executing program 4: 09:16:53 executing program 3: 09:16:53 executing program 1: 09:16:53 executing program 2: 09:16:53 executing program 5: 09:16:53 executing program 4: 09:16:53 executing program 3: 09:16:53 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000240)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x4, &(0x7f0000000180)=0x0) io_submit(r3, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000000, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xe0000}]) 09:16:53 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000140)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000000), r1, 0x0, 0x1, 0x4}}, 0x20) 09:16:53 executing program 0: 09:16:53 executing program 1: 09:16:53 executing program 4: 09:16:53 executing program 1: 09:16:53 executing program 3: ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000001, 0x0, 0x0) r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc0bc5351, &(0x7f0000000040)={{0x80}}) memfd_create(0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc0bc5351, 0x0) syz_open_dev$sndseq(0x0, 0x0, 0x0) 09:16:53 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stack\x00') symlink(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f00000017c0), 0x351, 0x0) getpid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000480)={{{@in=@broadcast, @in6=@dev}}, {{@in6=@mcast2}, 0x0, @in6}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) 09:16:53 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x400) poll(&(0x7f0000b2c000)=[{r0}], 0x1, 0x0) 09:16:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="66b829018ec0b9800000c00f3235002000000f3066baf80cb8c8f61a8eef66bafc0ced0f787e0036400fc75a00c4e1f9e601c4018575504f0f87d485a71b64440f01c43e662666470f38804185", 0x4d}], 0x1, 0x0, 0x0, 0xfffffffffffffe96) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) ioctl$KVM_RUN(r2, 0xae80, 0x0) 09:16:53 executing program 1: socketpair(0x1e, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x0}) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup3(r4, r5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {0x0, 0x0, 0x0, 0x5, 0x64a, 0x0, 0x7f}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 09:16:53 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000000301ffff808fdb003d88c8f00007ae1b"], 0x14}}, 0x0) recvmmsg(r0, &(0x7f00000013c0), 0x4a5, 0x200002, &(0x7f0000000c40)={0x77359400}) [ 219.423755] *** Guest State *** [ 219.448039] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 219.482314] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 219.504029] CR3 = 0x0000000000000000 [ 219.518718] RSP = 0x000000000000003f RIP = 0x0000000000000062 [ 219.535866] RFLAGS=0x00010882 DR7 = 0x0000000000000400 [ 219.554882] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 219.576974] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 219.591571] DS: sel=0x0000, attr=0x04005, limit=0x00000000, base=0x0000000000000000 [ 219.607036] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 219.622958] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 219.632303] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 219.641890] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 219.650455] GDTR: limit=0x00000000, base=0x0000000000000000 [ 219.660514] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 219.668963] IDTR: limit=0x00000000, base=0x0000000000000000 [ 219.677624] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 219.685718] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 219.694654] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 09:16:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000001, 0x0, 0x0) r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc0bc5351, &(0x7f0000000040)={{0x80}}) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000080)=0x5) 09:16:54 executing program 0: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) bind$nfc_llcp(r0, &(0x7f0000000140)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "6cb782e4ad88b89d1fd309169f44a72107130ee55d660510420aaa96759ecbc36eb9bb12b6124793608dd0e7316d1d4f4dbac39877e4ac714b7ecefa8a934a"}, 0x60) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") close(r0) 09:16:54 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000240)=0x101) 09:16:54 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem\x00', 0x4400, 0x0) 09:16:54 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) syz_open_procfs(0x0, &(0x7f0000272000)) [ 219.708041] Interruptibility = 00000000 ActivityState = 00000000 [ 219.718833] *** Host State *** [ 219.722196] RIP = 0xffffffff811c9733 RSP = 0xffff88804f27f8c0 [ 219.729882] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 219.749883] FSBase=00007fe606de4700 GSBase=ffff8880ae900000 TRBase=fffffe0000034000 09:16:54 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f00000002c0)=ANY=[@ANYBLOB="08000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000eb6e37e3037313ab741dd623fc07fc780ec23952a9a45934770e15f90280b40e36160171a2643cd6d5c6e4d6bc1228978ff4460cad03ab5422605f6f38f2820e745dd871476e0b8dea361456d3adbedf737c5a169d9fe977654fceba9d627e48ac435696161febe2ca4852f22853a1d6"], 0x90) [ 219.759762] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 219.765810] CR0=0000000080050033 CR3=00000000921d1000 CR4=00000000001426e0 [ 219.780021] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87001400 [ 219.799606] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 09:16:54 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r0, r1, 0x0, 0x1) [ 219.814453] *** Control State *** [ 219.840814] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000e2 [ 219.860366] EntryControls=0000d1ff ExitControls=002fefff 09:16:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x5000008912, &(0x7f0000001600)="11dca50d5e0bcfe47bf070") ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e24, @local}, {0x2, 0x4e22, @local}, {0x2, 0x4e21, @multicast2}, 0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)='lo\x00', 0x6, 0x9, 0x8}) setreuid(0x0, r1) semctl$SETVAL(0x0, 0x0, 0x10, 0x0) r3 = eventfd(0xfffffff8) fsetxattr$trusted_overlay_upper(r3, &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f0000000100)={0x0, 0xfb, 0xa7, 0x2, 0x3, "10e0731583752e0a1b64ed71f532814f", "c545c50a4c3338ab496cbd83df17b9758fad097ea99e9a0104393bc1a6ae921265922884c1d23ea5643ba1bf053c63e03ef4aafeedc1d2977c1db5980dcc9954b9c54ff3fd928c41087ed5eccd0506f1ea5a0b97d56a4e0f82dad85830f6a87d1c38049add72ceabc05445de2ede2b7fe480de812fd5332094eb066a3f921c4e105ae807cccad2878041445fa66308456891"}, 0xa7, 0x7) 09:16:54 executing program 0: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x89e2, &(0x7f0000000000)) [ 219.881339] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 219.899116] VMEntry: intr_info=8000030d errcode=00000000 ilen=00000000 [ 219.906102] VMExit: intr_info=00000000 errcode=00000000 ilen=00000004 [ 219.923991] reason=80000021 qualification=0000000000000000 09:16:54 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r0, &(0x7f0000000040), 0xe) bind$bt_l2cap(r0, &(0x7f0000000240), 0xe) [ 219.946585] IDTVectoring: info=00000000 errcode=00000000 [ 219.960248] TSC Offset = 0xffffff88ae74f76a [ 219.969941] EPT pointer = 0x00000000a4f0f01e [ 219.984616] Virtual processor ID = 0x0001 09:16:54 executing program 1: socketpair(0x1e, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x0}) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup3(r4, r5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {0x0, 0x0, 0x0, 0x5, 0x64a, 0x0, 0x7f}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 09:16:54 executing program 5: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x89ea, &(0x7f0000000000)) 09:16:54 executing program 2: r0 = gettid() r1 = creat(0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100)={'#! ', './file0'}, 0xb) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) 09:16:54 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/sockstat\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/sockstat\x00') dup2(r0, r1) 09:16:54 executing program 4: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) dup3(r1, r0, 0x0) 09:16:54 executing program 0: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000000)={0x0, 0xfffffffffffffffa, 0x4, {0x2, @raw_data="f79dd9524c61a7945790ca039664a46fa42cebdb98d059820d5a05496951095404dc369b487724b2cff745d5d908c9f0ea97b24954fbbd2f2ec1168573f130109611459c0df2733e93be33680e0e1fa26ffc8b668ecb501a181f33f5f0ee6b24d43cac905e9d1d35204a1084bd03ee2a4976b814f77784ab1a762ea8ed910b2b9dd87991ab05725ba663e0e4e37f7583203f4e144fdce1d512a0a3a0c2f611c52f4a9f9fc5f87d3258c77dd06c829e577151783ee64c56779e260d180578c6980e0d09c002f75222"}}) ioctl$VIDIOC_S_FMT(r0, 0x40045612, &(0x7f00000001c0)={0x2}) close(r0) socketpair$unix(0x1, 0x0, 0x0, 0x0) 09:16:54 executing program 2: r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f00000014c0)={0x0, 0x0, 0x95}) readv(r0, &(0x7f0000000240)=[{&(0x7f00000013c0)=""/135}, {&(0x7f0000001480)=""/25}, {&(0x7f00000003c0)=""/4096, 0x8}], 0x20000000000002ca) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 220.216635] ================================================================== [ 220.224221] BUG: KASAN: use-after-free in v4l2_ctrl_grab+0x159/0x160 [ 220.230730] Read of size 8 at addr ffff8880a6833d20 by task syz-executor.0/8064 [ 220.238187] [ 220.239814] CPU: 1 PID: 8064 Comm: syz-executor.0 Not tainted 4.19.75 #0 [ 220.246647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.256012] Call Trace: [ 220.258614] dump_stack+0x172/0x1f0 [ 220.262236] ? v4l2_ctrl_grab+0x159/0x160 [ 220.266379] print_address_description.cold+0x7c/0x20d [ 220.271646] ? v4l2_ctrl_grab+0x159/0x160 [ 220.275872] kasan_report.cold+0x8c/0x2ba [ 220.280016] ? vidioc_querycap+0x110/0x110 [ 220.284247] __asan_report_load8_noabort+0x14/0x20 [ 220.289172] v4l2_ctrl_grab+0x159/0x160 [ 220.293154] ? vidioc_querycap+0x110/0x110 [ 220.297379] vicodec_stop_streaming+0x158/0x1a0 [ 220.302035] ? vicodec_return_bufs+0x220/0x220 [ 220.306624] __vb2_queue_cancel+0xb1/0x790 [ 220.310854] ? vidioc_querycap+0x110/0x110 [ 220.315077] ? dev_debug_store+0x110/0x110 [ 220.319305] vb2_core_queue_release+0x28/0x80 [ 220.323803] vb2_queue_release+0x16/0x20 [ 220.327855] v4l2_m2m_ctx_release+0x2d/0x40 [ 220.332166] vicodec_release+0xc0/0x120 [ 220.336130] v4l2_release+0xf9/0x1a0 [ 220.339838] __fput+0x2dd/0x8b0 [ 220.343119] ____fput+0x16/0x20 [ 220.346391] task_work_run+0x145/0x1c0 [ 220.350281] exit_to_usermode_loop+0x273/0x2c0 [ 220.354859] do_syscall_64+0x53d/0x620 [ 220.358745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.363923] RIP: 0033:0x459a29 [ 220.367121] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.386191] RSP: 002b:00007f51d4545c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 220.393891] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000459a29 [ 220.401156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 220.408428] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 220.415692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51d45466d4 [ 220.422963] R13: 00000000004f93d2 R14: 00000000004d1e00 R15: 00000000ffffffff [ 220.430245] [ 220.431878] Allocated by task 8064: [ 220.435501] save_stack+0x45/0xd0 [ 220.438951] kasan_kmalloc+0xce/0xf0 [ 220.442652] __kmalloc_node+0x51/0x80 [ 220.446447] kvmalloc_node+0x68/0x100 [ 220.450236] v4l2_ctrl_new.part.0+0x214/0x1450 [ 220.454818] v4l2_ctrl_new_std+0x22d/0x360 [ 220.459078] vicodec_open+0x1a8/0xb30 [ 220.462877] v4l2_open+0x1b2/0x360 [ 220.466444] chrdev_open+0x245/0x6b0 [ 220.470153] do_dentry_open+0x4c3/0x1210 [ 220.474221] vfs_open+0xa0/0xd0 [ 220.477491] path_openat+0x10d7/0x45e0 [ 220.481380] do_filp_open+0x1a1/0x280 [ 220.485169] do_sys_open+0x3fe/0x550 [ 220.488873] __x64_sys_openat+0x9d/0x100 [ 220.492925] do_syscall_64+0xfd/0x620 [ 220.496717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.501890] [ 220.503504] Freed by task 8064: [ 220.506778] save_stack+0x45/0xd0 [ 220.510237] __kasan_slab_free+0x102/0x150 [ 220.514461] kasan_slab_free+0xe/0x10 [ 220.518259] kfree+0xcf/0x220 [ 220.521396] kvfree+0x61/0x70 [ 220.524494] v4l2_ctrl_handler_free+0x4a8/0x7e0 [ 220.529150] vicodec_release+0x6b/0x120 [ 220.533114] v4l2_release+0xf9/0x1a0 [ 220.536822] __fput+0x2dd/0x8b0 [ 220.540108] ____fput+0x16/0x20 [ 220.543385] task_work_run+0x145/0x1c0 [ 220.547358] exit_to_usermode_loop+0x273/0x2c0 [ 220.552078] do_syscall_64+0x53d/0x620 [ 220.555966] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.561140] [ 220.562757] The buggy address belongs to the object at ffff8880a6833d00 [ 220.562757] which belongs to the cache kmalloc-256 of size 256 [ 220.575684] The buggy address is located 32 bytes inside of [ 220.575684] 256-byte region [ffff8880a6833d00, ffff8880a6833e00) [ 220.587466] The buggy address belongs to the page: [ 220.592410] page:ffffea00029a0cc0 count:1 mapcount:0 mapping:ffff88812c3f07c0 index:0x0 [ 220.600651] flags: 0x1fffc0000000100(slab) [ 220.604878] raw: 01fffc0000000100 ffffea000250b7c8 ffff88812c3f1648 ffff88812c3f07c0 [ 220.612749] raw: 0000000000000000 ffff8880a6833080 000000010000000c 0000000000000000 [ 220.620969] page dumped because: kasan: bad access detected [ 220.626710] [ 220.628323] Memory state around the buggy address: [ 220.633238] ffff8880a6833c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 220.640602] ffff8880a6833c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 220.647957] >ffff8880a6833d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 220.655305] ^ [ 220.659704] ffff8880a6833d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 09:16:55 executing program 5: socket$kcm(0xa, 0x20000000000003, 0x11) socket$kcm(0x10, 0x2, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x92\xee2\xc2$Wx\x15^\xdaM\xeaB\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WZ;\xce\x05\xfc\x95\xd9\x88\x1f|\x8b\xf1\xbf\xf2u\xdd\xd8AV\xd87\x96M\xea\xd2\xa2iM\xe9\xa1\xbc\xba}\xbe\xa1\x05J\"\f\xf9\b\xcf\xb8J\x13#\xecT\xdf\xe0\x9dOA>\xe9\x99\xf8\xaf@{dw\b\xe7{\xaf\x9a\x1e3\xc1\x83&\x89\xc2\xa5\xb1\xe2NN\xdf\xd3\x0f{\x8c\xc1\xc8y\x01\x04\x00\xc7\x94\xe3\x89|\xd7\x9f\xd3\x06\x17\xe6]\xd7\x81q\x1d\x1dN\x9e\xf4c\x83\x86_\xfc\xbc\xdd\xd4{\xde\xc4\xe5\xb6\b;L\x1cN\xa2\xc9k\xd7 \xc3\xe4\x19\x96\x8c\x04\xea\x9c9\xfa\xe3\xc1\x8dDuTHL\n\xe8\xb7oSx\'\xfd=\xfc\xa4\xa51\b\x02j\xb7\x98{`\x89\x8c\xd3\xc6\xe8\xe2\x9b\xd7\xab\xd1s\xfb\xaa\xcd\x9d\xf1\x9e\xee\xe3e\xf1\x91\xf7\xee%\xf8\xc7G', 0x2761, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x92\xee2\xc2$Wx\x15^\xdaM\xeaB\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WZ;\xce\x05\xfc\x95\xd9\x88\x1f|\x8b\xf1\xbf\xf2u\xdd\xd8AV\xd87\x96M\xea\xd2\xa2iM\xe9\xa1\xbc\xba}\xbe\xa1\x05J\"\f\xf9\b\xcf\xb8J\x13#\xecT\xdf\xe0\x9dOA>\xe9\x99\xf8\xaf@{dw\b\xe7{\xaf\x9a\x1e3\xc1\x83&\x89\xc2\xa5\xb1\xe2NN\xdf\xd3\x0f{\x8c\xc1\xc8y\x01\x04\x00\xc7\x94\xe3\x89|\xd7\x9f\xd3\x06\x17\xe6]\xd7\x81q\x1d\x1dN\x9e\xf4c\x83\x86_\xfc\xbc\xdd\xd4{\xde\xc4\xe5\xb6\b;L\x1cN\xa2\xc9k\xd7 \xc3\xe4\x19\x96\x8c\x04\xea\x9c9\xfa\xe3\xc1\x8dDuTHL\n\xe8\xb7oSx\'\xfd=\xfc\xa4\xa51\b\x02j\xb7\x98{`\x89\x8c\xd3\xc6\xe8\xe2\x9b\xd7\xab\xd1s\xfb\xaa\xcd\x9d\xf1\x9e\xee\xe3e\xf1\x91\xf7\xee%\xf8\xc7G', 0x2761, 0x0) socket$kcm(0xa, 0x522000000003, 0x11) socket$kcm(0x11, 0x3, 0x300) socket$kcm(0x2b, 0x1, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="72d3207b1bcf0e14f62342e893ccdc8c99e5a20b4147fa62946280332c1fe1e989866498fbd33c1d7dc1acf8fa468847d2a9dd15e329e41c32da60ece92417eaf7d1b9b1afab6284db6ce2aceaf5114f8daf25fb704272efbcd58992f0dcd90138d5ef2fad57f08f030b19174579891e6161103c0621faee007dc2ee5fef5a15f115e3fb4a666074e7527aa8409bf829ac59bfcf9648e52bc8196703ebaba0cf2d0f0c67d6c5caec8096712ee71aa1f3db4cfa8af456da80a507179a8ca50f2bc0d09e7b45a92143bb4e701f74a189e99eb850126ed54d207bd7977bc920a34e01d0df"], 0xfdef) [ 220.667055] ffff8880a6833e00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 220.674394] ================================================================== [ 220.681738] Disabling lock debugging due to kernel taint 09:16:55 executing program 4: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000000)={0x0, 0xfffffffffffffffa, 0x4, {0x2, @raw_data="f79dd9524c61a7945790ca039664a46fa42cebdb98d059820d5a05496951095404dc369b487724b2cff745d5d908c9f0ea97b24954fbbd2f2ec1168573f130109611459c0df2733e93be33680e0e1fa26ffc8b668ecb501a181f33f5f0ee6b24d43cac905e9d1d35204a1084bd03ee2a4976b814f77784ab1a762ea8ed910b2b9dd87991ab05725ba663e0e4e37f7583203f4e144fdce1d512a0a3a0c2f611c52f4a9f9fc5f87d3258c77dd06c829e577151783ee64c56779e260d180578c6980e0d09c002f75222"}}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_S_FMT(r0, 0x40045612, &(0x7f00000001c0)={0x2}) close(r0) 09:16:55 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpgrp(0x0) r3 = dup2(r0, r1) fcntl$setown(r3, 0x8, r2) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000140)) [ 220.805248] Kernel panic - not syncing: panic_on_warn set ... [ 220.805248] [ 220.812699] CPU: 1 PID: 8064 Comm: syz-executor.0 Tainted: G B 4.19.75 #0 [ 220.820937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.823416] kobject: 'loop1' (00000000a4b2fa3c): kobject_uevent_env [ 220.830305] Call Trace: [ 220.830324] dump_stack+0x172/0x1f0 [ 220.830339] ? v4l2_ctrl_grab+0x159/0x160 [ 220.830349] panic+0x263/0x507 [ 220.830365] ? __warn_printk+0xf3/0xf3 [ 220.846356] kobject: 'loop1' (00000000a4b2fa3c): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 220.847437] ? v4l2_ctrl_grab+0x159/0x160 [ 220.847459] ? preempt_schedule+0x4b/0x60 [ 220.847475] ? ___preempt_schedule+0x16/0x18 [ 220.847492] ? trace_hardirqs_on+0x5e/0x220 [ 220.880947] ? v4l2_ctrl_grab+0x159/0x160 [ 220.885084] kasan_end_report+0x47/0x4f [ 220.889150] kasan_report.cold+0xa9/0x2ba [ 220.893288] ? vidioc_querycap+0x110/0x110 [ 220.897512] __asan_report_load8_noabort+0x14/0x20 [ 220.902426] v4l2_ctrl_grab+0x159/0x160 [ 220.906389] ? vidioc_querycap+0x110/0x110 [ 220.910715] vicodec_stop_streaming+0x158/0x1a0 [ 220.915458] ? vicodec_return_bufs+0x220/0x220 [ 220.920040] __vb2_queue_cancel+0xb1/0x790 [ 220.924261] ? vidioc_querycap+0x110/0x110 [ 220.928481] ? dev_debug_store+0x110/0x110 [ 220.932719] vb2_core_queue_release+0x28/0x80 [ 220.937202] vb2_queue_release+0x16/0x20 [ 220.941261] v4l2_m2m_ctx_release+0x2d/0x40 [ 220.945569] vicodec_release+0xc0/0x120 [ 220.949529] v4l2_release+0xf9/0x1a0 [ 220.953233] __fput+0x2dd/0x8b0 [ 220.956533] ____fput+0x16/0x20 [ 220.959804] task_work_run+0x145/0x1c0 [ 220.963685] exit_to_usermode_loop+0x273/0x2c0 [ 220.968255] do_syscall_64+0x53d/0x620 [ 220.972129] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.977301] RIP: 0033:0x459a29 [ 220.980480] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.999457] RSP: 002b:00007f51d4545c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 221.007150] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000459a29 [ 221.014413] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 221.021678] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 221.028933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51d45466d4 [ 221.036202] R13: 00000000004f93d2 R14: 00000000004d1e00 R15: 00000000ffffffff [ 221.045113] Kernel Offset: disabled [ 221.048785] Rebooting in 86400 seconds..