Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0x0, r0, 0x0, 0xf, &(0x7f00000000c0)='lo:,\x00\x00\x81\x80\x00\x00\xfa\xff\xdf\xf7\x00'}, 0x30) ioprio_get$pid(0x3, r1) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000080)=[r0], 0x1) 00:50:59 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000600)='/dev/snd/seq\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, &(0x7f0000068f50)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xef\x00\x00\x03\xff\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0xc3, 0x80003}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x406, 0x0) dup2(r0, r1) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x540, 0x0) 00:50:59 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000000)=0x100, &(0x7f00000000c0)=0x2) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00', 0x1000000802}) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, 0x0, 0x20000081) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r3, &(0x7f00000005c0)={0xa0, 0x0, 0x5, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, {0x5, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcb1}}}}, 0xa0) close(r3) 00:50:59 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f0000000640)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f00000001c0), 0xfffffef3) read(r3, &(0x7f0000000200)=""/250, 0x50c7e3e3) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = memfd_create(0x0, 0x0) ftruncate(r6, 0x0) sendfile(r5, r6, 0x0, 0xfffffdef) getpgrp(0x0) ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) r7 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000300)="2647756b0e6843e2692a0d672563f30aa38c3484b9ddd0de38c967393f41e3d45f06c51764d039e2f2fb2c72e5b9e4ddbdf9d556cfb9274426511481daf9b1db55f87af7e683945bd1f3279d1aec83107af001c9ec92db7773d047611afaaf2786faed6766ec8342dc457e112e7f35836e74612f3e870a4c9ac20baf69ae9ab245de78779f80ebc7b85aa7ffd459b4078ceb9dab1bd58937da3c420f79bf0434318578bb71c0b30a7848fa2e1e533a101f6eb9e5175893c6159f00fa2487eb0fb3af72778ab660b5a83b5880bd667da89f4a009be76d191ed205f25fa669595dd23c06da", 0xe4, 0xfffffffffffffffb) keyctl$get_security(0x11, r7, 0x0, 0x0) [ 2309.394219][ T4190] IPVS: ftp: loaded support on port[0] = 21 [ 2309.518960][ T4259] kvm [4256]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x49412e 00:51:10 executing program 0: connect$inet6(0xffffffffffffffff, 0x0, 0xffffffffffffff43) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0) ioctl$PIO_FONTX(r0, 0x4b6c, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000018c0)=@raw={'raw\x00', 0x9, 0x3, 0x2a0, 0x1a8, 0x1a8, 0x0, 0x0, 0x1a8, 0x290, 0x290, 0x290, 0x290, 0x290, 0x3, &(0x7f0000000080), {[{{@ipv6={@local, @empty, [0x0, 0xffffffff, 0xff000000, 0xffffff00], [0xffffffff, 0xff000000], 'bridge0\x00', 'team_slave_0\x00', {0xff}, {}, 0x2b, 0x56e2, 0x1, 0x14}, 0x0, 0xc8, 0xe8}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ipv6={@empty, @mcast1, [0xff000000, 0xffffff00, 0xffffff00, 0xffffffff], [0xffffffff, 0x0, 0xff], 'ip_vti0\x00', 'bridge0\x00', {}, {}, 0x3f, 0x2, 0x0, 0x15}, 0x0, 0xc8, 0xe8}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x300) setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000180)=0x10000, 0x4) ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f00000003c0)) unshare(0x40000000) 00:51:10 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 00:51:10 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="030000000010000086010000043a00002e4149"]) 00:51:10 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f0000000640)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f00000001c0), 0xfffffef3) read(r3, &(0x7f0000000200)=""/250, 0x50c7e3e3) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = memfd_create(0x0, 0x0) ftruncate(r6, 0x0) sendfile(r5, 0xffffffffffffffff, 0x0, 0x0) getpgrp(0x0) ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4008080, 0x0, 0x0) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) r7 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000300)="2647756b0e6843e2692a0d672563f30aa38c3484b9ddd0de38c967393f41e3d45f06c51764d039e2f2fb2c72e5b9e4ddbdf9d556cfb9274426511481daf9b1db55f87af7e683945bd1f3279d1aec83107af001c9ec92db7773d047611afaaf2786faed6766ec8342dc457e112e7f35836e74612f3e870a4c9ac20baf69ae9ab245de78779f80ebc7b85aa7ffd459b4078ceb9dab1bd58937da3c420f79bf0434318578bb71c0b30a7848fa2e1e533a101f6eb9e5175893c6159f00fa2487eb0fb3af72778ab660b5a83b5880bd667da89f4a009be76d191ed205f25fa669595dd2", 0xe1, 0xfffffffffffffffb) keyctl$get_security(0x11, r7, 0x0, 0x0) 00:51:10 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 00:51:10 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f0000000640)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0x0) io_getevents(r4, 0x3, 0x3, &(0x7f0000000440)=[{}, {}, {}], &(0x7f0000000500)={0x0, 0x1c9c380}) 00:51:12 executing program 2: 00:51:12 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f0000000640)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed\xa4\xd4\xc6\x92\xba\xc2\xe2\xb2X\xa0\xda?\x9c\xebJ\x8eW|\x1a^\xc46\x87X\x05CD\xd6\x91\xa5\x93\xbe\"b\x92\x00\xc6UL\xb0\xa6\x90\f\xb3\x90\x83+') openat$cgroup_ro(r0, &(0x7f0000000640)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0x0) r2 = syz_open_procfs(r1, &(0x7f0000000040)='fd/4\x00') ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f00000000c0)) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000180)={0x1, 0x7, [@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @broadcast, @empty, @dev={[], 0x1b}, @remote, @empty, @random="a1701d9705dc"]}) lseek(r2, 0x20400000, 0x0) write$P9_RXATTRWALK(r2, &(0x7f0000000080)={0xf}, 0x9e15147) 00:53:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x10}}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080), 0x14) recvmmsg(r1, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)=""/191, 0xbf}], 0x1, 0x0, 0xffffff9b}}], 0x32b, 0x6, 0x0) 00:53:22 executing program 4: connect$inet6(0xffffffffffffffff, 0x0, 0xffffffffffffff43) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0) ioctl$PIO_FONTX(r0, 0x4b6c, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000018c0)=@raw={'raw\x00', 0x9, 0x3, 0x2a0, 0x1a8, 0x1a8, 0x0, 0x0, 0x1a8, 0x290, 0x290, 0x290, 0x290, 0x290, 0x3, &(0x7f0000000080), {[{{@ipv6={@local, @empty, [0x0, 0xffffffff, 0xff000000, 0xffffff00], [0xffffffff, 0xff000000], 'bridge0\x00', 'team_slave_0\x00', {0xff}, {}, 0x2b, 0x0, 0x1, 0x14}, 0x0, 0xc8, 0xe8}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@ipv6={@empty, @mcast1, [0xff000000, 0xffffff00, 0xffffff00, 0xffffffff], [0xffffffff, 0x0, 0xff], 'ip_vti0\x00', 'bridge0\x00', {0xff}, {}, 0x3f, 0x2, 0x0, 0x15}, 0x0, 0xc8, 0xe8}, @unspec=@NOTRACK={0x20, 'NOTRACK\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x300) ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f00000003c0)) unshare(0x40000000) 00:53:22 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f0000000640)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0x0}) ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000100)=0x5) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000180)={0xffffffffa2d41728, 0x0, [], {0x0, @reserved}}) r3 = syz_open_procfs(r2, &(0x7f0000000300)='fd/4\x00') lseek(r3, 0x20400000, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(r0, 0x4040ae72, &(0x7f0000000000)={0x2, 0x3, 0x9, 0x1, 0x3}) write$P9_RXATTRWALK(r3, &(0x7f0000000080)={0xf}, 0x9e15147) 00:53:23 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') r1 = openat$cgroup_ro(r0, &(0x7f0000000640)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0x0) r4 = syz_open_procfs(r3, &(0x7f0000000100)='fd/4\x00') lseek(r4, 0x20400000, 0x0) write$P9_RXATTRWALK(r4, &(0x7f0000000080)={0xf}, 0x9e15147) 00:53:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0xfdf6) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x10}}, 0x10) sendto$inet(r1, &(0x7f0000000b40), 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080), 0x14) recvmmsg(r1, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)=""/191, 0xbf}], 0x1, 0x0, 0xffffff9b}}], 0x32b, 0x6, 0x0) 00:53:23 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f0000000640)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed', r3}}]}}) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00') lseek(r4, 0x20400000, 0x0) write$P9_RXATTRWALK(r4, &(0x7f0000000080)={0xf}, 0x9e15147) [ 2446.910276][ T27] audit: type=1326 audit(1555980807.065:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=14870 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ba8a code=0xffff0000 00:53:27 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f0000000640)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0x0, 0xe05, 0x2, [0x6, 0x7]}, &(0x7f0000000380)=0xc) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f00000003c0)={r4, 0x1199}, &(0x7f0000000400)=0x8) ioctl$EVIOCSABS3F(r0, 0x401845ff, &(0x7f0000000300)={0x4, 0x48000000, 0x40, 0x80000000, 0x4}) 00:53:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000000)=0x100, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) syz_genetlink_get_family_id$ipvs(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_CREATE_OPEN(r2, &(0x7f00000005c0)={0xa0, 0x0, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, {0x5, 0x80000001, 0x807c, 0x0, 0x0, 0x2, 0x0, 0x0, 0xcb1}}}}, 0xa0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a45320, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, 0x0, &(0x7f0000000500)) close(r2) [ 2447.622335][T15263] IPVS: ftp: loaded support on port[0] = 21 [ 2447.692379][T15275] IPVS: ftp: loaded support on port[0] = 21 00:53:27 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000600)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000068f50)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xef\x00\x00\x03\xff\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0xc3, 0x80003}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) [ 2447.780669][T15438] WARNING: CPU: 0 PID: 15438 at kernel/kthread.c:399 __kthread_bind_mask+0x3b/0xc0 [ 2447.789976][T15438] Kernel panic - not syncing: panic_on_warn set ... [ 2447.796563][T15438] CPU: 0 PID: 15438 Comm: syz-executor.5 Not tainted 5.1.0-rc5-next-20190418 #28 [ 2447.805659][T15438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2447.809154][T15479] PM: Basic memory bitmaps created [ 2447.815848][T15438] Call Trace: [ 2447.815882][T15438] dump_stack+0x172/0x1f0 [ 2447.815901][T15438] ? __kthread_cancel_work+0x2a0/0x2e0 [ 2447.815917][T15438] panic+0x2cb/0x72b [ 2447.815932][T15438] ? __warn_printk+0xf3/0xf3 [ 2447.815950][T15438] ? __kthread_bind_mask+0x3b/0xc0 [ 2447.815965][T15438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2447.815980][T15438] ? __warn.cold+0x5/0x46 [ 2447.815993][T15438] ? __warn+0xe8/0x1d0 [ 2447.816008][T15438] ? __kthread_bind_mask+0x3b/0xc0 [ 2447.816027][T15438] __warn.cold+0x20/0x46 [ 2447.816039][T15438] ? __kthread_bind_mask+0x3b/0xc0 [ 2447.816053][T15438] report_bug+0x263/0x2b0 [ 2447.859176][T15479] PM: Basic memory bitmaps freed [ 2447.862521][T15438] do_error_trap+0x11b/0x200 [ 2447.862541][T15438] do_invalid_op+0x37/0x50 [ 2447.862555][T15438] ? __kthread_bind_mask+0x3b/0xc0 [ 2447.862571][T15438] invalid_op+0x14/0x20 [ 2447.862584][T15438] RIP: 0010:__kthread_bind_mask+0x3b/0xc0 [ 2447.862602][T15438] Code: 48 89 fb e8 d7 bc 24 00 4c 89 e6 48 89 df e8 ac e0 02 00 31 ff 49 89 c4 48 89 c6 e8 5f be 24 00 4d 85 e4 75 15 e8 b5 bc 24 00 <0f> 0b e8 ae bc 24 00 5b 41 5c 41 5d 41 5e 5d c3 e8 a0 bc 24 00 4c [ 2447.862608][T15438] RSP: 0018:ffff8880497a7958 EFLAGS: 00010293 [ 2447.862619][T15438] RAX: ffff88809ee10300 RBX: ffff88804bca0180 RCX: ffffffff814c09d1 [ 2447.883486][T15263] kobject: 'tunl0' (0000000079be3117): kobject_add_internal: parent: 'net', set: 'devices' [ 2447.886423][T15438] RDX: 0000000000000000 RSI: ffffffff814c09db RDI: 0000000000000007 [ 2447.886432][T15438] RBP: ffff8880497a7978 R08: ffff88809ee10300 R09: 0000000000000000 [ 2447.886439][T15438] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2447.886448][T15438] R13: ffffffff87691650 R14: ffff88804bca01a0 R15: ffffffff81c92ca0 [ 2447.886514][T15438] ? io_ring_ctx_wait_and_kill+0x510/0x510 [ 2447.886534][T15438] ? __kthread_bind_mask+0x31/0xc0 [ 2447.905303][T15263] kobject: 'tunl0' (0000000079be3117): kobject_uevent_env [ 2447.910422][T15438] ? __kthread_bind_mask+0x3b/0xc0 [ 2447.910440][T15438] ? __kthread_bind_mask+0x3b/0xc0 [ 2447.910456][T15438] kthread_unpark+0x123/0x160 [ 2447.910471][T15438] kthread_stop+0xfa/0x6c0 [ 2447.910487][T15438] io_finish_async+0xab/0x180 [ 2447.910503][T15438] io_ring_ctx_wait_and_kill+0x133/0x510 [ 2447.910519][T15438] io_uring_release+0x42/0x50 [ 2447.910533][T15438] __fput+0x2e5/0x8d0 [ 2447.910552][T15438] ____fput+0x16/0x20 [ 2447.910565][T15438] task_work_run+0x14a/0x1c0 [ 2447.910625][T15438] do_exit+0x90a/0x2fa0 [ 2447.910663][T15438] ? get_signal+0x331/0x1d50 [ 2447.910681][T15438] ? mm_update_next_owner+0x640/0x640 [ 2447.910698][T15438] ? kasan_check_write+0x14/0x20 [ 2447.910715][T15438] ? _raw_spin_unlock_irq+0x28/0x90 [ 2447.910727][T15438] ? get_signal+0x331/0x1d50 [ 2447.910738][T15438] ? _raw_spin_unlock_irq+0x28/0x90 [ 2447.910755][T15438] do_group_exit+0x135/0x370 [ 2447.910773][T15438] get_signal+0x399/0x1d50 [ 2447.910803][T15438] do_signal+0x87/0x1900 [ 2447.910817][T15438] ? kasan_check_read+0x11/0x20 [ 2447.910859][T15438] ? _copy_to_user+0xc9/0x120 [ 2447.910875][T15438] ? setup_sigcontext+0x7d0/0x7d0 [ 2447.910899][T15438] ? exit_to_usermode_loop+0x43/0x2c0 [ 2447.910917][T15438] ? do_syscall_64+0x57e/0x670 [ 2447.936688][T15263] kobject: 'tunl0' (0000000079be3117): fill_kobj_path: path = '/devices/virtual/net/tunl0' [ 2447.944512][T15438] ? exit_to_usermode_loop+0x43/0x2c0 [ 2447.944531][T15438] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2447.944548][T15438] ? trace_hardirqs_on+0x67/0x230 [ 2447.944567][T15438] exit_to_usermode_loop+0x244/0x2c0 [ 2447.944585][T15438] do_syscall_64+0x57e/0x670 [ 2447.944603][T15438] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2447.944614][T15438] RIP: 0033:0x458c29 [ 2447.944627][T15438] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2447.944634][T15438] RSP: 002b:00007f31b68bbcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2447.944647][T15438] RAX: 0000000000000001 RBX: 000000000073bf08 RCX: 0000000000458c29 [ 2447.944655][T15438] RDX: 00000000004cb4e0 RSI: 0000000000000081 RDI: 000000000073bf0c [ 2447.944663][T15438] RBP: 000000000073bf00 R08: 0000000000000058 R09: 0000000000000000 [ 2447.944671][T15438] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000073bf0c [ 2447.944679][T15438] R13: 00007ffe1c3492df R14: 00007f31b68bc9c0 R15: 000000000073bf0c [ 2447.955638][T15438] Kernel Offset: disabled [ 2448.240743][T15438] Rebooting in 86400 seconds..